Hi!
I´m currently porting an old webbased system into a better layout and a whole new databasestructure.
One annoying thing with the old system is that it is separate from all other systems and users are complaining about being forced to remember diffrent logins for diffrent systems so I thought about it and started writing a structure that allows other servers to OK users.
The other system can only ok the login and everything is is handled locally.
After a couple of hours of searching and discussing it with a friend I have found no stable solution to do this and thats why I´m posting here.
I have found some code to authenticate users but once this coded has been proccessed it cannot be proccessed again until you recycle the process.
The function:
function NT_Validate_User($user, $domain, $pass) {
w32api_register_function("ValidateLogin.dll", "ValidateLogin", "bool");
return ValidateLogin($user,$domain,$pass);
}
Validate.c:
#include <windows.h>
__declspec(dllexport) BOOL ValidateLogin(LPTSTR lpszUsername,LPTSTR lpszDomain,LPTSTR lpszPassword) {
HANDLE token;
BOOL ret;
ret=LogonUser(lpszUsername,lpszDomain,lpszPassword,LOGON32_LOGON_NETWORK,LOGON32_PROVIDER_DEFAULT,&token);
if(ret)
CloseHandle(token);
return ret;
}
This forces the platform that validates the NT user to be a Windows platform but that is no big issue.
I want to keep it in a function to just validate a user/pass/domain and it must work with both NT domains and the new Active Directory.
Perhaps I should just scrap the old NT domains and keep every user either in the separate databse for the webapplication and check the AD with ldap.
But maybe someone can help?
I like to keep my code platform independant and keep developing on two platforms:
1. .NET Server RC1 / IIS 6 / PHP 4.2.3
2. RedHat 6.2 / Apache/1.3.12 / PHP 4.0.6
/ p.
