PDA

Click to See Complete Forum and Search --> : How to verify NT password?

Raymond
06-01-2001, 11:41 PM
I am trying to build an intranet in my company. In order to get the login
information from user, I use the code

Request.ServerVariables("logon_user")

and set to use Window NT Challenge/Response to get user's login ID. So,
after users login NT, the page is now able to get his User ID. Now, I would
like to allow the user to update some information to the SQL Server and I
would like to popup a login box to verify user's NT password. If the password
inputed is match with the NT password, the update will be processed, otherwise
it will be refused. After some research, I find I can use the code,

Response.Status="401 Not Authorized"

to pop up such dialog box, however, I don't want client can save their password.
Can I make one for myself and how to verify his password match the NT one?

Thanks.
claws
06-04-2001, 01:04 PM
You don't actually need to store the password anywhere or try and match it
to the NT password. If you popup a login Dialog box with the below code,
it will request the users NT UserID & Password. Both will need to match the
NT userID & Password in order to be authenticated.

If Request.ServerVariables("LOGON_USER") = "" Then
Response.Status = "401 Authorization Required"
Response.End
End If

If they are authenticated, you know the user is who they say they are. Now
you can simply use Request.ServerVariables("LOGON_USER") to get the userID
and authenticate the UserID only against the list of authorized users in
your database. no password is required because NT already verified they entered
the correct password.

Hope that helps.

Claws,



"Raymond" <unity@cheerful.com> wrote:
>
>I am trying to build an intranet in my company. In order to get the login
>information from user, I use the code
>
>Request.ServerVariables("logon_user")
>
>and set to use Window NT Challenge/Response to get user's login ID. So,
>after users login NT, the page is now able to get his User ID. Now, I would
>like to allow the user to update some information to the SQL Server and
I
>would like to popup a login box to verify user's NT password. If the password
>inputed is match with the NT password, the update will be processed, otherwise
>it will be refused. After some research, I find I can use the code,
>
>Response.Status="401 Not Authorized"
>
>to pop up such dialog box, however, I don't want client can save their password.
> Can I make one for myself and how to verify his password match the NT one?
>
>Thanks.
>
Raymond
06-05-2001, 01:49 AM
Thanks Claws.

Actually, the reason why I have such question is that our company user may
not set screensaver password. So, when they go outside, some other people
can use their computer and pretend to be the user. Then, if there is no
such dialog box pop up during updating, the pretender will be able to change
the Server's data. Is there any way to pop up such dialog box?

Best Regards,
Raymond Lau

"claws" <adesign_@hotmail.com> wrote:
>
>You don't actually need to store the password anywhere or try and match
it
>to the NT password. If you popup a login Dialog box with the below code,
>it will request the users NT UserID & Password. Both will need to match
the
>NT userID & Password in order to be authenticated.
>
>If Request.ServerVariables("LOGON_USER") = "" Then
> Response.Status = "401 Authorization Required"
> Response.End
>End If
>
>If they are authenticated, you know the user is who they say they are.
Now
>you can simply use Request.ServerVariables("LOGON_USER") to get the userID
>and authenticate the UserID only against the list of authorized users in
>your database. no password is required because NT already verified they
entered
>the correct password.
>
>Hope that helps.
>
>Claws,
>
>
>
>"Raymond" <unity@cheerful.com> wrote:
>>
>>I am trying to build an intranet in my company. In order to get the login
>>information from user, I use the code
>>
>>Request.ServerVariables("logon_user")
>>
>>and set to use Window NT Challenge/Response to get user's login ID. So,
>>after users login NT, the page is now able to get his User ID. Now, I
would
>>like to allow the user to update some information to the SQL Server and
>I
>>would like to popup a login box to verify user's NT password. If the password
>>inputed is match with the NT password, the update will be processed, otherwise
>>it will be refused. After some research, I find I can use the code,
>>
>>Response.Status="401 Not Authorized"
>>
>>to pop up such dialog box, however, I don't want client can save their
password.
>> Can I make one for myself and how to verify his password match the NT
one?
>>
>>Thanks.
>>
>