Sometimes you may want an application to verify a user's user name and password on the network or on the local machine. This is a more elegant approach to handle the authentication rather than using some application defined credentials.
On Windows XP, the existing
LogonUser Windows API might do just fine, but on WinNT and Win2K, your process must have the
SE_TCB_NAME privilege set. To a large extent, the
CCredentials class will only dress up some C code provided at KB 180548 in a more OOP approach.
As a quick application for this class, I've created an AutoLogon program that would set the proper Registry entries that will suppress the logon prompt after a reboot. The trick is to set the proper credentials, and the authentication process makes sure that any typos won't get in your way to achieve the desired result. The code uses COM conventions and styles, but
CCredentials is still a regular class.
Using the code
You need to create a class, set the domain name, username and password, and then check the authentication result by calling
VARIANT_BOOL vbAuthenticated = VARIANT_FALSE;
if(FAILED( NTCrd.get_IsNTAuthenticatedUser(&vbAuthenticated)) ||
vbAuthenticated == VARIANT_FALSE)
"This user cannot be authenticated!\nDo you want to continue anyway?",
"User Authentication Failed", MB_ICONERROR|MB_YESNO ) == IDNO)
get_IsNTAuthenticatedUser uses APIs found in security.dll/secur32.dll that acquire, initialize, and complete the authentication for the server and the client. For more information on this topic, you will need to consult the MSDN.
Points of Interest
On a WinXP machine, make sure that the ForceGuest Registry value is set to 1 in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Registry key.