[AccessD] Electronic Signature

MartyConnelly martyconnelly at shaw.ca
Mon May 28 16:19:44 CDT 2007 

Just a security check, does your routine pass true for
 a username string   ' Or 1=1 --
Yup the quote is part of the string

Drew Wutka wrote:

>Just make a form with two text boxes.  Username and Password.  Feed them
>into the function.  The function returns true if the username and
>password are valid on the domain you're on.  False if invalid.
>
>Drew
>
>-----Original Message-----
>From: accessd-bounces at databaseadvisors.com
>[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Jim Lawrence
>Sent: Monday, May 28, 2007 2:38 PM
>To: 'Access Developers discussion and problem solving'
>Subject: Re: [AccessD] Electronic Signature
>
>Hi Drew:
>
>Thanks for that looks really cool... how all the pieces fit together
>would
>undoubtedly become clear when viewing a working model.
>
>Jim 
>
>-----Original Message-----
>From: accessd-bounces at databaseadvisors.com
>[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Drew Wutka
>Sent: Monday, May 28, 2007 10:45 AM
>To: Access Developers discussion and problem solving
>Subject: [AccessD] Electronic Signature
>
>Hey folks, I've spent most of the weekend updating a system I built
>about 7 years ago.  It's our Help Desk program.  One of the features
>I've always wanted to add was an electronic signature capability.  To do
>this, I wanted to be able to prompt for a user's NT Name and Password,
>and validate it.  It is very simple to get the currently logged on
>user's NT name, but for an electronic signature, it is much better to
>prompt for credentials.  I found code, years ago, that did this, but it
>wasn't perfect, because it didn't work for my NT account.  I have an odd
>character in my password, and everything I had found would fail to
>authenticate with passwords that had odd ascii values in them.  (Even
>though I can log onto our network fine).
>
> 
>
>This weekend I found (and tweaked) a process that works perfectly.  I
>figured I would share the validation function with ya'all:  (It needs a
>reference to ADO)
>
> 
>
>Function ValidateNTUser(strUserName As String, strPassword As String) As
>Boolean
>
>On Error Resume Next
>
>Dim strDomain As String
>
>Dim conLDAP As ADODB.Connection
>
>Dim strSQL As String
>
>Dim strLDAPConn As String
>
>Dim rsUser As ADODB.Recordset
>
>strDomain = GetObject("LDAP://RootDSE").Get("defaultNamingContext")
>
>Set conLDAP = New ADODB.Connection
>
>conLDAP.Provider = "ADSDSOOBject"
>
>strSQL = "Select AdsPath, cn From 'LDAP://" & strDomain & "' where
>objectClass='user' and objectcategory='person' and SamAccountName='" &
>strUserName & "'"
>
>conLDAP.Provider = "ADsDSOObject"
>
>conLDAP.Properties("User ID") = strUserName
>
>conLDAP.Properties("Password") = strPassword
>
>conLDAP.Properties("Encrypt Password") = True
>
>conLDAP.Open "DS Query", strUserName, strPassword
>
>Err.Clear
>
>Set rsUser = conLDAP.Execute(strSQL)
>
>ValidateNTUser = False
>
>If Err.Number = 0 Then
>
>    If Not (rsUser Is Nothing) Then
>
>        If Not (rsUser.EOF And rsUser.BOF) Then
>
>                ValidateNTUser = True
>
>        End If
>
>    End If
>
>End If
>
>End Function
>  
>
-- 
Marty Connelly
Victoria, B.C.
Canada

More information about the AccessD mailing list