PDA

View Full Version : Verify a UserName and Password



nabhonil
03-29-2006, 04:20 AM
hi,

I am using a IS11 basic MSI project and I want to verify the user id and password in one the of the dialogs which the user enters.
I am using Advapi32.LogonUserA to verify a user and password. The code which is have written in installscript is as follows.

#define LOGON32_LOGON_NETWORK 3
#define LOGON32_PROVIDER_DEFAULT 0

export prototype CheckLogonUserCredentials(HWND);

prototype LONG Advapi32.LogonUserA(LPSTR, LPSTR, LPSTR, int, int, POINTER);

function CheckLogonUserCredentials(hMSI)
STRING strUserName, strDomainName, strPassword, svError;
STRING svScriptFile;
LONG ret, nReturn, nvLineNumber, nvError;
POINTER handleToken;
NUMBER nvBuf;
begin
WriteLogMsg("Entering CheckLogonUserCredentials");
nReturn = UseDLL("ADVAPI32.DLL");
if (nReturn < 0) then
WriteLogMsg("Unable to load Advapi32.DLL");
endif;

MsiGetProperty(hMSI,"PROP_USERNAME",strUserName,nvBuf);
MsiGetProperty(hMSI,"PROP_PASSWORD",strPassword,nvBuf);
MsiGetProperty(hMSI,"PROP_DOMAIN",strDomainName,nvBuf);

if (strDomainName = "") then
strDomainName = ".";
endif;

WriteLogMsg(strUserName);
WriteLogMsg(strPassword);
WriteLogMsg(strDomainName);

ret = LogonUserA(&strUserName,&strDomainName,&strPassword, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, handleToken);

if (ret = 0) then
GetExtendedErrInfo(svScriptFile,nvLineNumber,nvError );
NumToStr (svError, nvError);
WriteLogMsg(svError);
WriteLogMsg("zzInvalid logon credentials provided for PA services");
svError = "Please enter the correct logon credentials for\n";
svError = svError + "Personal Assistant services.";
MessageBox(svError,INFORMATION);
else
WriteLogMsg("Authenticated the PA service logon credentials");
ret = CloseHandle(handleToken);
endif;
WriteLogMsg("Exiting CheckLogonUserCredentials");
UnUseDLL("Advapi32.dll");
end;

The WriteLogMsg is function which writes the output to the log file. That is working fine. The problem is LogonUserA which is always returning 0. Even when u give the right password or wrong password. All the information that is received from MSIGETPROPERTY are obtained correctly as they can be seen in the logs through WriteLogMsg function.Right now i am trying this only local system account and my domain is empty. If this works fine with local i have to try this with domain also.

Can any one help me why LogonUserA is returning me 0 always.

Thanks
Nabhonil.

Zweitze
03-29-2006, 02:53 PM
One possibility is that LogonUser is priviliged, only the SYSTEM account can use it (the system account is running logon window).
I believe mortal beings like administrators need to acquire additional priviliges before they can execute LogonUser.

Using LogonUser is probably not be the best strategy, because the thread will be running with the identity of that account from that point on. If you only want to check whether the password is OK, search on MSDN for better methods.

nabhonil
03-30-2006, 12:47 AM
hi zweitze,

I have searched the msdn and only thing that i find is LogonUserA method. I understand that there could be privilege issue. Therefore i tried the same thing in a VB exe. This works absolutely fine but when the same code is written in installscript it is not working.

The VB code is below. I still couldnot understand what went wrong.

Const LOGON32_LOGON_INTERACTIVE = 2&
Const LOGON32_LOGON_NETWORK = 3&
Const LOGON32_LOGON_BATCH = 4&
Const LOGON32_LOGON_SERVICE = 5&
Const LOGON32_LOGON_UNLOCK = 7&
Const LOGON32_LOGON_NETWORK_CLEARTEXT = 8&
Const LOGON32_LOGON_NEW_CREDENTIALS = 9&
Const LOGON32_PROVIDER_DEFAULT = 0&

Private Declare Function LogonUser Lib "advapi32.dll" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long


Private Sub cmdVerify_Click()
On Error GoTo ErrHandler

Dim hToken As Long
strUser = txtUser.Text
strPwd = txtPwd.Text
strDomain = txtDomain.Text

If Trim(strDomain) = "" Then
strDomain = "."
End If
MsgBox strUser & " " & strPwd & " " & strDomain

ret = LogonUser(strUser, _
strDomain, _
strPwd, _
LOGON32_LOGON_NETWORK, _
LOGON32_PROVIDER_DEFAULT, _
hToken)


If ret = 0 Then
MsgBox "failed " & ret & " " & Err.LastDllError
Else
MsgBox "passed"
CloseHandle hToken
End If


ErrHandler:
If (Err.Number <> 0) Then
MsgBox Err.Number & " " & Err.Description
End If
End Sub

Aflaat
03-30-2006, 10:39 AM
Do some searching for LookupAccountName. There should be lots of examples around on using it.

nabhonil
03-30-2006, 10:51 PM
LookupAccountName verifies if a user belongs to a system or a domain. My problem is I need to verify a user and password. The user may belong to the domain or can be a local system user.

Zweitze
03-31-2006, 03:26 AM
The other method is using the security interface called SSPI
C: http://support.microsoft.com/kb/180548/
VB: http://support.microsoft.com/default.aspx?scid=kb;en-us;279815

On your code, after LogonUser get the error code using GetLastError, not GetExtendedErrorInfo. Pass its result to FormatMessage for a text message.