How to get current user's PassWord programmatically? [modified]
-
i have a application need to verify by the string of current User Name & PWD. I can get current User Name by using :
BOOL GetUserName( LPTSTR lpBuffer, // name buffer LPDWORD nSize // size of name buffer );but how to get the password? i know that under Windows2000, we can get it by rewrite the GINA. but i know there have changed GINA to Windows Vista Credential Provider. anybody have some hint to me? show me, please~ :( -
i have a application need to verify by the string of current User Name & PWD. I can get current User Name by using :
BOOL GetUserName( LPTSTR lpBuffer, // name buffer LPDWORD nSize // size of name buffer );but how to get the password? i know that under Windows2000, we can get it by rewrite the GINA. but i know there have changed GINA to Windows Vista Credential Provider. anybody have some hint to me? show me, please~ :(First of all - there is no simple WIN32 API call to retrieve the user's Windows password. That should be of no surprise to you. Consider the consequences of allowing any executable to retrieve the user's password. That would not be a safe system. Since the user is probably logged in when your code is run, use the user's security token for validation - never never never use a password in clear text for verification. That would be unsafe, and just plain dumb! (Sorry!) If your application ever needs to confirm the user's credentials, you must prompt the user for credentials. The user's credentials should never be used without the user's knowledge. Check out the CredUIPromptForCredentials API - it exists in XP, 2003, Vista and Longhorn...
-
First of all - there is no simple WIN32 API call to retrieve the user's Windows password. That should be of no surprise to you. Consider the consequences of allowing any executable to retrieve the user's password. That would not be a safe system. Since the user is probably logged in when your code is run, use the user's security token for validation - never never never use a password in clear text for verification. That would be unsafe, and just plain dumb! (Sorry!) If your application ever needs to confirm the user's credentials, you must prompt the user for credentials. The user's credentials should never be used without the user's knowledge. Check out the CredUIPromptForCredentials API - it exists in XP, 2003, Vista and Longhorn...
Thanks~ my target is that check the user's credential who want to use my Application. so i found i needed to know what the PWD is. i only want to check if they are match. so i found a API function LogonUser(). it's work! --------------------------------------------------------------- btw: i have see the MSDN about LogonUser(): In Windows 2000, the process calling LogonUser requires the SE_TCB_NAME privilege. The privilege does not need to be enabled. The LogonUser function enables the privilege as necessary. If the calling process does not have this privilege, LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD. Beginning with Whistler, this privilege is no longer required. i want to know how to set the SE_TCB_NAME privilege under Windows2000.:)