authenticating usernmame/ password combination programmatically   

Hey all,
I'm not sure if this is the right forum, but i dont' want to cross post.  If 
i am in the wrong one, can you point me to the correct one?

Anyway, here is what i am trying to do.
I am writing a java program that prompts the user for a username and a 
password.  I want to verify that the combination is good, and the user is 
part of the sysadmin group.  How would i go about getting that information 
from windows.  
I'm not a windows developer by any means, but i feel like it would be a dll 
or something?
Please help,
Thanks,
Jason

date: Fri, 9 Jun 2006 05:05:02 -0700   author:   Jason

Re: authenticating usernmame/ password combination programmatically   

"Jason"  wrote in message 
news:022D6B9B-42F6-4AD0-B3A5-024069B9B445@microsoft.com...
> Anyway, here is what i am trying to do.
> I am writing a java program that prompts the user for a username and a
> password.  I want to verify that the combination is good, and the user is
> part of the sysadmin group.  How would i go about getting that information
> from windows.

There are at least two ways.

> I'm not a windows developer by any means, but i feel like it would be a 
> dll
> or something?

In that case, I'd suggest that you read the docs for LogonUser() very 
carefully:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/logonuser.asp

There is also the Security Services Provider Interface (SSPI) but that's 
likely to be way too complicated (no offense intended)  for someone who is 
not a developer.

Also note that if you succeed in getting a logon token that you should 
release it by calling CloseHandle().

Regards,
Will

date: Fri, 9 Jun 2006 10:31:30 -0400   author:   William DePalo [MVP VC++]

RE: authenticating usernmame/ password combination programmatically   

Hi Jason,

Thanks for your post!

Yes, LogonUser win32 API provided a way for us to input the user name and 
password to log on to local computer programmatically. This will help you 
to verify if the username/password combination is correct.

After LogonUser API, you will get a valid token handle which expresses the 
user context you just logged. Then we can use CheckTokenMembership win32 
API to check whether there is a Local Administrators group sid in this 
token. With this API, we can determine if the logged on user is a member of 
Local Administrators group. 

Local Administrators group sid is a well-known SID, please refer to the 
link below for more information:
http://groups.google.com/group/microsoft.public.win32.programmer.kernel/msg/
84be610af79c67f6

Below is the official documentation for all the well-known SIDs in Windows:
"Well-known SIDs"
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/se
curity/well_known_sids.asp

The 2 articles below will provide more Windows Security programming 
information to you:
"How To Validate User Credentials on Microsoft Operating Systems"
http://support.microsoft.com/default.aspx?scid=kb;en-us;180548
"How To Determine Whether a Thread Is Running in User Context of Local 
Administrator Account"
http://support.microsoft.com/default.aspx?scid=kb;en-us;118626

Finally, there is a dedicated Windows Security programming newsgroup, you 
may post there to get more professional help: 
microsoft.public.platformsdk.security

Hope this helps!

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so 
that others may learn and benefit from your issue. 
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

date: Mon, 12 Jun 2006 03:19:36 GMT   author:   (Jeffrey Tan[MSFT])