Re: NT SAM of AD for athentication
From: John Kortis (jnkortis@coactivesys.com)
Date: 03/11/03
- Next message: Ken kemal: "Re: DotNet application security integration with NT login."
- Previous message: John Kortis: "Re: DotNet application security integration with NT login."
- In reply to: Willbert Rietveld: "NT SAM of AD for athentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Kortis" <jnkortis@coactivesys.com> Date: Tue, 11 Mar 2003 14:44:18 -0500
First you need to declaer these externals
-----------------------------------------
#region EXTERNALS
[DllImport("C:\\WINNT\\System32\\advapi32.dll")]
public static extern bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword,
int dwLogonType, int dwLogonProvider, out System.IntPtr phToken);
[DllImport("C:\\WINNT\\System32\\kernel32.dll")]
public static extern bool CloseHandle(System.IntPtr handle);
[DllImport("C:\\WINNT\\System32\\advapi32.dll")]
public static extern bool RevertToSelf();
[DllImport("C:\\WINNT\\System32\\Kernel32.dll")]
public static extern int GetLastError();
#endregion
----------------------------------------------------------------------------
-
The next thing is to make sure your ASP worker thread runs in SYSTEM
(IUSR_MACHINE) mode not MACHINE (ASPNET)
Next, the application should be in Low Isolation, Medium runs in a shared
DLLHOST process and high runs
in its own DLLHOST process. You need th IUSR_MACHINE so you can revert to
the system account. This account has the TCB privilege (act as part of the
operating system) so you can perofmr logons on behalf of someone else.
Now the code
if(!LogonUser(user,".",password,3,0,out utoken))
{
retval = GetLastError();
switch(retval)
{
case 1907:
{
}
break;
case 1331:
{
}
break;
case 1793:
{
}
break;
case 1326:
{
}
break;
case 1330:
{
}
break;
default:
{
}
break;
}
use a "." to logon locally to the box, or provide the domain name
for a doamin logon.....
uToken is a System.IntPtr where you can pass to
System.Security.WindowsIdentity id;
id.Impersontate(uToken)
for imperosnation if you desire....
hope it helps
"Willbert Rietveld" <wilbert@hiflex.nl> wrote in message
news:OhXsBjK5CHA.2296@TK2MSFTNGP10.phx.gbl...
> My problem:
> I need to create a page where users can login using their NT Domain
username
> and password. I guess I have to access the windows nt SAM or the w2k
active
> directory.
>
> Any suggestions?
>
> Thanks,
>
> Will.
>
>
- Next message: Ken kemal: "Re: DotNet application security integration with NT login."
- Previous message: John Kortis: "Re: DotNet application security integration with NT login."
- In reply to: Willbert Rietveld: "NT SAM of AD for athentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
