Menu
Home
Products
  WmiSet Components
    Release History
    TWmiQuery
    TWmiProcessControl
    TWmiOs
    TWmiRegistry
    TWmiConnection
    TWmiStorageInfo
    TWmiDiskQuotaControl
    TWmiSystemEvents
    TWmiMethod
    TWmiPerformanceMonitor
  NTSet components
  "How to" zone
Download
  Shareware
  Full version
  Archive
Register
  NTSet
  WmiSet
Contact us
Advanced search
Site map

Quick search

Advanced search

New version notify
e-mail address: Subscribe Unsubscribe
Privacy statement
TNTVerifyLogon

TNTVerifyLogon is a part of NTSet Component Collection for Delphi, C++Builder. This VCL component utilizes Security Service Provider Interface API (SSPI) to verify user credentials. The component works under Windows 9x, Windows NT, Windows 2000, Windows XP. It can verify credentials of users registered on the local computer, or in a domain.

The typical scenario of using the component is below. This Delphi code assumes that the component was dropped on the form at design time. 

function TForm1.ValidateLogon: boolean;
begin
  try
    NTVerifyLogon1.ValidateLogon('MyDomain', 
                                 'JohnSmith', 
                                 'MyLittlePassword');
    Result := true;
  except
    on e: Exception do
    begin
      Result := false;
      ShowMessage(e.Message);
    end;
  end;
end;
The component has the ability to impersonate the user whose logon information was successfully validated. When impersonated, the current thread of the application will execute under the different account. This is useful when accessing the resources which are otherwise not available to the current user. This code sample may be used in UI, console or service applications: 
procedure DoImpersonatedJob;
var
  PCh: array[0..127] of char;
  n: dword;
  LogonVerifier: TNTVerifyLogon;
begin
  LogonVerifier := TNTVerifyLogon.Create(nil);
  try
    LogonVerifier.ValidateLogon('mydomain', 
                                'TestUser1', 
                                'HisPassword');
    LogonVerifier.ImpersonateUser;
    try
      n := SizeOf(PCh);
      // Call Windows API function to 
      // make sure that impersonation works.
      GetUserName(PCh, n);
      Assert(PCh = 'TestUser1', 
             'Impersonation did not work');
      // do impersonated job here: 
      // access shared drives, open files etc.

    finally
      LogonVerifier.RevertToSelf;
    end;
  finally
    LogonVerifier.Free;
  end;
end;
Configuration
The component requires certain configuration to work properly.

Windows 9x
Go to "Network properties"->"Access Control". It should be configured to use the user-level access control, which is opposite to the share-level access control (default settings).

Windows XP
The components should validate the credentials against a domain without additional configuration. To be able to validate the accounts against the local computer this settings are requires:

  • Guest account must be disabled;
    Go to the Control Panel, User accounts, select "Guest" account, turn it off.
  • Local security settings must disable guest account.
    Go to the Control Panel, Administrative Tools, Local Security Policy. Select Security Options folder. Change option "Accounts: Guest account status" to "disabled". Be aware that enabling guest account automatically enables this option.
  • Local security settings must specify that local users authenticate as themselves.
    Go to the Control Panel, Administrative Tools, Local Security Policy. Select Security Options folder. Change option "Network Access: Sharing and security model for local accounts" to "Classic - local users authenticate as themselves".

Windows 2000
Guest account must be disabled when validating against the local computer. If it is enabled, any user name will be reported as valid.



* Windows NT, Windows 2000, Windows XP are registered trademarks of Microsoft Corp.
* Borland, Delphi, C++Builder are registered trademarks of Borland Corp.