[AccessD] Office API's

Drew Wutka DWUTKA at Marlow.com
Tue Dec 14 10:33:38 CST 2010 

I use the authentication routine for 2 purposes.  One, to change who my
program thinks is using it.  I do this with a global 'CurrentUser' class
object. All portions that need a users 'roles' check the CurrentUser
object.  By default, that class loads with the logged in users network
account name.  It'll accept any user (so users don't have to be added to
the system, just to Active Directory), but various roles have account
names defined.  So if a user with specific roles needs those abilities,
and they are at another person's desk, they don't need to log off and
log back in, they just 'change user', and the CurrentUser object
authenticates them (against the domain), and then switches user account.

The other use is for 'electronic signatures'.  When something needs
'authorization', those points popup a login box, to ensure the user
clicking that authorization is the correct person, and not someone
sitting at an empty (but logged in) desk.

Drew

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
Sent: Tuesday, December 14, 2010 10:05 AM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Office API's

I didn't get that this was going to change the windows logon, but rather
test that the user name and 
password are correct and in windows.

John W. Colby
www.ColbyConsulting.com

On 12/14/2010 8:30 AM, Jim Dettman wrote:
>
>   I can see that, but changing a windows logon is going to switch
users.  I
> can't see much use for that.
>
> Jim.
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
> Sent: Tuesday, December 14, 2010 08:00 AM
> To: Access Developers discussion and problem solving
> Subject: Re: [AccessD] Office API's
>
> Gustav,
>
> My presentation level security depends on a user logging in as their
self so
> that they can have
> access to specific things within the system.  There are cases where a
user
> calls a supervisor over
> to do something that requires privileges.  The supervisor logs in as
their
> user and performs
> whatever action is necessary and then logs back out.  The normal user
logs
> back in.  etc.
>
> Just because a person sits down in a chair and types on the keyboard
does
> not mean that person is
> authorized to do something.
>
> John W. Colby
> www.ColbyConsulting.com
>
> On 12/14/2010 3:04 AM, Gustav Brock wrote:
>> But Lambert:
>>
>>> One API that took me so long to find was one that would provide
Windows
>>> Authentication. In other words require the user to enter the name
and
>>> password that was used to start the current Windows session: to
prove
> that
>>> they are who fOsUsername says they are.
>>
>> why would you need to do this? The user has authenticated
himself/herself
> when logging successfully in to the current Windows session.
>>
>> /gustav
>>
>>
>>> -----Original Message-----
>>> From: accessd-bounces at databaseadvisors.com
>>> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Heenan,
> Lambert
>>> Sent: Monday, December 13, 2010 11:34 AM
>>> To: Access Developers discussion and problem solving
>>> Subject: Re: [AccessD] Office API's
>>>
>>> One API that took me so long to find was one that would provide
Windows
>>> Authentication. In other words require the user to enter the name
and
>>> password that was used to start the current Windows session: to
prove
> that
>>> they are who fOsUsername says they are.
>>>
>>> Private Declare Function LogonUser Lib "Advapi32" Alias "LogonUserA"
> (ByVal _
>>>      lpszUserName As String, ByVal lpszDomain As String, _
>>>      ByVal lpszPassword As String, ByVal dwLogonType As Long, _
>>>      ByVal dwLogonProvider As Long, phToken As Long) As Long
>>>
>>> Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject
As
> Long) As _
>>>      Long
>>> Const LOGON32_PROVIDER_DEFAULT = 0&
>>> Const LOGON32_LOGON_NETWORK = 3&
>>>
>>> ' Check whether a username/password pair is correct'
>>> ' if DOMAIN is omitted, it uses the local account database
>>> ' and then asks trusted domains to search their account databases
>>> ' until it finds the account or the search is exhausted
>>> ' use DOMAIN="." to search only the local account database'
>>> '  IMPORTANT: works only under Windows NT and 2000 and XP
>>>
>>> Private Function CheckWindowsUser(ByVal UserName As String, _
>>>      ByVal Password As String, Optional ByVal Domain As String) As
Boolean
>>>      Dim hToken As Long, ret As Long
>>>
>>> ' The handle hToken is not used by CheckWindowsUser ' but is
required by
> the API LogonUser
>>>
>>>      ' provide a default for the Domain name
>>>      If Len(Domain) = 0 Then Domain = vbNullString
>>>      ' check the username/password pair
>>>      ' using LOGON32_LOGON_NETWORK delivers the best performance
>>>      ret = LogonUser(UserName, Domain, Password,
LOGON32_LOGON_NETWORK, _
>>>          LOGON32_PROVIDER_DEFAULT, hToken)
>>>
>>>      ' a non-zero value means success
>>>      If ret Then
>>>          CheckWindowsUser = True
>>>          CloseHandle hToken
>>>      End If
>>>
>>> End Function
>>>
>>> Lambert
>>
>>
-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com
The information contained in this transmission is intended only for the person or entity 
to which it is addressed and may contain II-VI Proprietary and/or II-VI Business 
Sensitive material. If you are not the intended recipient, please contact the sender 
immediately and destroy the material in its entirety, whether electronic or hard copy. 
You are notified that any review, retransmission, copying, disclosure, dissemination, 
or other use of, or taking of any action in reliance upon this information by persons 
or entities other than the intended recipient is prohibited.

More information about the AccessD mailing list