Re: Getting user name for failed authentication

From: Antonio (antoniopassado_at_hotmail.com)
Date: 06/28/04 

Date: Mon, 28 Jun 2004 15:48:43 +0200

Hi Henning,

Well, by this we get only the fact that authentication failed, this is not a
problem, but what we need is to get the name, which user tried to use for
authentication (without password of course). Maybe there is no way for that
and client should pass this name via an open channel to the server as a
parameter, but because during successful authentication we don't need to
pass this information and we can obtain it later, we thought that we can
obtain it somehow in case of failed authentication as well.

Regards,
Antonio

"Henning Krause" <newsgroup.no@spam.infinitec.de> wrote in message
news:OFQqnhQXEHA.3016@tk2msftngp13.phx.gbl...
> Hello,
>
> MSDN states that InitializeSecurityContext and AcceptSecurityContext both
> return an error if the user could not be authenticated.... Doesn't that
> help?
>
> Greetings,
> Henning Krause
> ==========================
> Visit my website: http://www.infinitec.de
> Try my free Exchange Explorer: Mistaya
> (http://www.infinitec.de/?page=products)
>
>
> "Antonio" <antoniopassado@hotmail.com> wrote in message
> news:#iezxoOXEHA.3972@TK2MSFTNGP12.phx.gbl...
> > Hi Henning,
> >
> > We are using SSPI to authenticate over NTLM, particularily
> > InitializeSecurityContext/AcceptSecurityContext. Authentication happens
> > inside our application and we have access to necessary credential
handles,
> > but at the moment we've got no clue how can we possibly dig this
> information
> > out of there in case of failed authentication. In case of successful
> > authentication we call QuerySecurityContextToken(phContext, &hToken))
and
> > then QueryContextAttributes(phContext, SECPKG_ATTR_NAMES, &secNames)) to
> get
> > the name he used for authentication. However this doesn't work for
failed
> > authentication.
> >
> > Regards,
> > Antonio
> >
> > "Henning Krause" <newsgroup.no@spam.infinitec.de> wrote in message
> > news:uKmQpLuWEHA.1764@TK2MSFTNGP10.phx.gbl...
> > > How do you authenticate the user?
> > >
> > > Do you use some sort of LogonUser?
> > >
> > > Or does the authentication happens outside of you application?
> > >
> > > Greetings,
> > > Henning Krause
> > > ==========================
> > > Visit my website: http://www.infinitec.de
> > > Try my free Exchange Explorer: Mistaya
> > > (http://www.infinitec.de/?page=products)
> > >
> > >
> > > "Antonio" <antoniopassado@hotmail.com> wrote in message
> > > news:ew4CxJrWEHA.3664@TK2MSFTNGP12.phx.gbl...
> > > > Hello Henning,
> > > >
> > > > Thanks for your answer. What you say is true, but problem still
> remains
> > if
> > > > we wan't to log into our own run-time log. Is there a way of realy
> > getting
> > > > this information somehow?
> > > >
> > > > Kind regards,
> > > > Antonio
> > > >
> > > > "Henning Krause" <newsgroup.no@spam.infinitec.de> wrote in message
> > > > news:#rSGPFrWEHA.3084@TK2MSFTNGP10.phx.gbl...
> > > > > Hello,
> > > > >
> > > > > you could simply audit failed logons with Windows itself. They
show
> up
> > > in
> > > > > the security event log afterwards.
> > > > >
> > > > > Greetings,
> > > > > Henning Krause
> > > > > ==========================
> > > > > Visit my website: http://www.infinitec.de
> > > > > Try my free Exchange Explorer: Mistaya
> > > > > (http://www.infinitec.de/?page=products)
> > > > >
> > > > >
> > > > > "Antonio" <antoniopassado@hotmail.com> wrote in message
> > > > > news:u2IVaIqWEHA.3740@TK2MSFTNGP12.phx.gbl...
> > > > > > Hi everybody,
> > > > > >
> > > > > > We are using NTLM for authenticating clients that connect over
> > network
> > > > to
> > > > > > our server. In case of failed authentication we would like to
log
> a
> > > > > message
> > > > > > into event log with the name under which user tried to login. Is
> it
> > > > > possible
> > > > > > somehow to obtain this name during authentication process?
> > > > > >
> > > > > > Thanks in advance,
> > > > > > Antonio
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Preventing web access for single Windows accounts
    ... Require authentication on outgoing web request and modify ... >> Regards, ... >> Andrei Ungureanu ... >> Test our new EventReader beta! ...
    (microsoft.public.isaserver)
  • Re: Domain Trust Questions
    ... Best Regards. ... Scroll down/search for "Kerberos Authentication Process Over Forest Trusts" ... - I have 2 forest, x.lab and y.local, I configure the Trust between ... or a global/universal group from the other ...
    (microsoft.public.windows.server.active_directory)
  • Re: Base distinguished name (DN)
    ... My objective is to access a baseDN on my server which holds authentication ... "Authentication Data has not been found.". ... > If you don't need to write password data back to AD, you won't *need* SSL. ... >> Regards, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Server 2003 as a DC - Active Directory dies???
    ... Best regards ... Meinolf Weber ... Anything that requires Windows authentication (Shares, Outlook, ... it's almost like Active Directory takes a dive. ...
    (microsoft.public.windows.server.general)
  • Re: Restrict SMTP Relay
    ... The access-tab is used for the setup of authentication methods that can be ... > Best Regards ... >> On the properties of the SMTP Virtual Server you find the option. ... >> Rudy Steyaert ...
    (microsoft.public.exchange.admin)
Quantcast