tags:

views:

1210

answers:

4
+2  Q: 

Check username and password of Windows account

I have an installation package that installs a service process that I create. I'd like to prompt the user for the username/password of the account that the service process should run under. I'd like to verify the the username/password combination are valid before continuing with the installation. I have a C DLL that I am using for special installation behavior, but I can't figure out how to use the Windows API to verify an account's credentials. I'd like to be able to support the same account name syntax used by the service control manager.

+5  A: 

The function you want to use is LogonUser. You can even be extra-cool and specify the LOGON32_LOGON_SERVICE flag which checks to make sure the user has the appropriate permissions to run a service.

Nick  2008-10-20 20:58:06
Just be aware that on older OS versions (Win2K and before) the LogonUser() API requires a high privilige ("Act as part of the operating system").
Michael Burr  2008-10-20 21:08:51
+1  A: 

I suggest reading http://support.microsoft.com/kb/180548 which I think will help you. It's a walk through from Microsoft on how to use WIN32 API to authenticate user credentials.

Loscas  2008-10-20 21:01:18
+1  A: 

LogonUser is the canonical way to do this, though Microsoft somewhat discourages it.

Mark Brackett  2008-10-20 21:05:50
A: 

I've implemented this using the LogonUser function as you guys have mentioned (by the way, this service requires WinXP SP2 or later so I'm not worried about the privilege issue). However, this isn't quite working as I had hoped. If I call QueryServiceConfig, lpServiceStartName is in the format ".\accountname". If I pass this string as is to LogonUser, it fails. I assume the portion before the '\' represents the machine on which the user belongs?

Also, if I call ChangeServiceConfig specifying "LocalSystem" and "" for the lpServiceStartName and lpPassword parameters respectively, this works fine. However, calling LogonUser with these parameters does not work.

I'd really like to use the same syntax that the SCM uses for the account names.

Jason  2008-10-21 17:31:03
You need to split the domain from the username. The '.' will work as the domain for LogonUser (it maps to the local system namespace), but you need to split the fully qualified username.
Nick  2008-10-21 18:03:50
Also, you can't explicitly logon as LocalSystem using the API (as far as I know). You'll have to special-case this account, and the couple of other built-in accounts (which are in the NT_AUTHORITY namespace).
Nick  2008-10-21 18:05:56

related questions

How to read a value from the Windows registry
CreateProcessAsUser vs ShellExecute
How do you configure an OpenFileDIalog to select folders?
Is there anything similar to the OS X InputManager on Windows?
So what am I missing with this here WPF?
How to convert std::string to LPCWSTR in C++ (Unicode)
Notification of drop in drag-drop in Windows
Find out which process has an exclusive lock on a USB device handle
What's an alternative to GWL_USERDATA for storing an object pointer?
FlashWindowEx FLASHW_STOP still keeps taskbar colored
Getting UI text from external app in C#
Sending a mouse click to a button in the taskbar using C#
Suitable alternative to CryptEncrypt
Is FindFirstChangeNotification the best API to use for file system change notification on windows?
What is the easiest way to parse an INI File in C++?
_wfopen equivalent under Mac OS X
Validating a Win32 Window Handle
Get list of domains on the network
Does it still make sense to learn low level WinAPI programming?
How do you create your own moniker (URL Protocol) on Windows systems?
Where is a good place to start programming GUIs for windows?
Bringing Window to the Front in C# using Win32 API
How can you tell when a user last pressed a key (or moved the mouse)?
Can a windows dll retrieve its own filename?
Wiggling the mouse using C#