Get UserPassword in ActiveDirectory

R

ruca

Hi,

I have a Login Page that have Active Directory permissions. I can get the
domain and the user that are trying to access application, but I need to
"know" the password that user insert, because I have to compare with another
password that I have in a Database. Only if their are equal, user can access
web application.

How can I know the password entered by user. I use this code to know user:

----------------------------------------------------------------------------
-------
Dim wi As System.Security.Principal.WindowsIdentity
wi = System.Security.Principal.WindowsIdentity.GetCurrent()
Dim Domain_Slash_User As String = wi.Name()

Dim del As String = "\"
Dim user As String = Domain_Slash_User.Split(del.ToCharArray())(1)
Dim domain As String = Domain_Slash_User.Split(del.ToCharArray())(0)
 
S

Scott Allen

Hi ruca:

There is no way to pull a password out of active directory, or ask the
browser what password a user typed into the authentication dialog.
It's basically good security to keep these things hidden.

The only way to get a password is to prompt the user with your
controls and process the login with your code. One way to do this in
an active directory environment is to use Forms authentication but
authenticate against AD.

See "How To: Use Forms Authentication with Active Directory":
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp


HTH,
 
J

Jeff Johnson [MVP: VB]

I have a Login Page that have Active Directory permissions. I can get the
domain and the user that are trying to access application, but I need to
"know" the password that user insert, because I have to compare with another
password that I have in a Database. Only if their are equal, user can access
web application.

How can I know the password entered by user. I use this code to know user:
Click to expand...

You CANNOT look up a password in Active Directory. Ever. If you must compare
passwords because you have them stored in your own database somewhere then
you'll have to prompt the user for it.
 
R

ruca

For the record,
I've already have a solution for this case.
What I've done is using the LogonUser API, where I pass the user, the
domain, and then I pass the password that I have stored in my DB.
Now, what happens?

Very simple answer:
This LogonUser returns true or false. Like is easy to see if return true
means that the password stored in DB is equal of the ActiveDirectory, then
if false the user don't have permissions to see the page.
 
J

Jeff Johnson [MVP: VB]

For the record,
I've already have a solution for this case.
What I've done is using the LogonUser API, where I pass the user, the
domain, and then I pass the password that I have stored in my DB.
Now, what happens?

Very simple answer:
This LogonUser returns true or false. Like is easy to see if return true
means that the password stored in DB is equal of the ActiveDirectory, then
if false the user don't have permissions to see the page.
Click to expand...

For reference, TESTING a password and GETTING a password are two different
things.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

role-based security and ActiveDirectory 18
ActiveDirectory for Role Management? 1
rebind ActiveDirectory 1
Uhhhhh, What can I do next? 6
Image, DataGrid, DataBase, ActiveDirectory???? 0
LDAP Error: Current security context is not associated with an ActiveDirectory domain or forest. 0
GET NEIL DEGRASSES TYSON, I ripped a hole with this one... 0
Passwordless ActiveDirectory LDAP Bind 3

Members online

No members online now.
Total: 32 (members: 0, guests: 32)
Robots: 466

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top