Previous Next

• 06-16-2008, 3:08 AM

  muhammadasimsajjad Joined on 11-26-2007, 9:02 AM Posts 16 muhammadasimsajjad

  How can i Authenticate the WinNT user and Password using ADsOpenObject Reply Contact   hi I'm calling ADsOpenObject to authenticate an NT user. I found that no matter whatever password I pass, the user authenticates! std::wstring strProvider( L"WinNT://ComputerName" ); _bstr_t bstrUserName( L"username" ); _bstr_t bstrPassword( L"pass" ); CComPtr spADs; dwAuthFlags = ADS_SECURE_AUTHENTICATION; hr = ADsOpenObject( const_cast(strProvider.c_str()), bstrUserName, bstrPassword, dwAuthFlags, IID_IADs, (void **)&spADs ); This works; hr == S_OK; The paramters "username" and "pass" refer to a valid NT account in the 'ComputerName' Win NT. If I change "pass" to "garbage", the API still works! Can any one help me how can i resolve this problem Thanks in Advance

• 06-19-2008, 7:15 AM

  In reply to

  Zhao Ji Ma - MSFT Joined on 01-05-2007, 5:36 AM Posts 765 Zhao Ji Ma - MSFT

  Re: How can i Authenticate the WinNT user and Password using ADsOpenObject Reply Contact  Hi, According to MSDN definition, ADS_SECURE_AUTHENTICATION flag indicates ADSI to bind to the object using the security context of the calling thread. Security context is the credential of user account under which the application is running. You can try to disable ADS_SECURE_AUTHENTICATION flag for dwAuthFlags. Zhao Ji Ma Sincerely, Microsoft Online Community Support “Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• 06-20-2008, 4:13 AM

  In reply to

  muhammadasimsajjad Joined on 11-26-2007, 9:02 AM Posts 16 muhammadasimsajjad

  Re: How can i Authenticate the WinNT user and Password using ADsOpenObject Reply Contact First of all thanks on your responce. i read following link and come to know that there are some dwAuthFlags which we can't use as WinNT provider. For Example: typedef enum { ADS_SECURE_AUTHENTICATION = 0x1, ADS_USE_ENCRYPTION = 0x2, //This option is not supported by the WinNT provider. ADS_USE_SSL = 0x2, //This option is not supported by the WinNT provider. ADS_READONLY_SERVER = 0x4, ADS_PROMPT_CREDENTIALS = 0x8, ADS_NO_AUTHENTICATION = 0x10, ADS_FAST_BIND = 0x20, ADS_USE_SIGNING = 0x40, //This option is not supported by the WinNT provider. ADS_USE_SEALING = 0x80, //This option is not supported by the WinNT provider. ADS_USE_DELEGATION = 0x100, ADS_SERVER_BIND = 0x200, ADS_NO_REFERRAL_CHASING = 0x400, //This option is not supported by the WinNT provider. ADS_AUTH_RESERVED = 0x80000000 } ADS_AUTHENTICATION_ENUM;   what is your  opinion about the Flags http://msdn.microsoft.com/en-us/library/aa772247.aspx   Please help me if u can Thanks in Advance.

• 06-22-2008, 10:00 PM

  In reply to

  Zhao Ji Ma - MSFT Joined on 01-05-2007, 5:36 AM Posts 765 Zhao Ji Ma - MSFT

  Re: How can i Authenticate the WinNT user and Password using ADsOpenObject Reply Contact Hi, You can find more information from: http://msdn.microsoft.com/en-us/library/aa772238(VS.85).aspx  According to it, you must set only the ADS_SECURE_AUTHENTICATION flag in the dwReserved parameter with the LDAP provider for Active Directory, WinNT provider treats those flags differently. Zhao Ji Ma Sincerely, Microsoft Online Community Support “Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”