Getting user name for failed authentication

Discussion in 'Server Security' started by Antonio, Jun 25, 2004.

  1. Antonio

    Antonio Guest

    Hi everybody,

    We are using NTLM for authenticating clients that connect over network to
    our server. In case of failed authentication we would like to log a message
    into event log with the name under which user tried to login. Is it possible
    somehow to obtain this name during authentication process?

    Thanks in advance,
    Antonio
     
    Antonio, Jun 25, 2004
    #1
    1. Advertisements

  2. Henning Krause, Jun 25, 2004
    #2
    1. Advertisements

  3. Antonio

    Antonio Guest

    Hello Henning,

    Thanks for your answer. What you say is true, but problem still remains if
    we wan't to log into our own run-time log. Is there a way of realy getting
    this information somehow?

    Kind regards,
    Antonio
     
    Antonio, Jun 25, 2004
    #3
  4. How do you authenticate the user?

    Do you use some sort of LogonUser?

    Or does the authentication happens outside of you application?

    Greetings,
    Henning Krause
    ==========================
    Visit my website: http://www.infinitec.de
    Try my free Exchange Explorer: Mistaya
    (http://www.infinitec.de/?page=products)
     
    Henning Krause, Jun 25, 2004
    #4
  5. Antonio

    Roger Abell Guest

    You may want to look into use of WMI eventing.
     
    Roger Abell, Jun 26, 2004
    #5
  6. Antonio

    Antonio Guest

    Hi Henning,

    We are using SSPI to authenticate over NTLM, particularily
    InitializeSecurityContext/AcceptSecurityContext. Authentication happens
    inside our application and we have access to necessary credential handles,
    but at the moment we've got no clue how can we possibly dig this information
    out of there in case of failed authentication. In case of successful
    authentication we call QuerySecurityContextToken(phContext, &hToken)) and
    then QueryContextAttributes(phContext, SECPKG_ATTR_NAMES, &secNames)) to get
    the name he used for authentication. However this doesn't work for failed
    authentication.

    Regards,
    Antonio
     
    Antonio, Jun 28, 2004
    #6
  7. Hello,

    MSDN states that InitializeSecurityContext and AcceptSecurityContext both
    return an error if the user could not be authenticated.... Doesn't that
    help?

    Greetings,
    Henning Krause
    ==========================
    Visit my website: http://www.infinitec.de
    Try my free Exchange Explorer: Mistaya
    (http://www.infinitec.de/?page=products)
     
    Henning Krause, Jun 28, 2004
    #7
  8. Antonio

    Antonio Guest

    Hi Henning,

    Well, by this we get only the fact that authentication failed, this is not a
    problem, but what we need is to get the name, which user tried to use for
    authentication (without password of course). Maybe there is no way for that
    and client should pass this name via an open channel to the server as a
    parameter, but because during successful authentication we don't need to
    pass this information and we can obtain it later, we thought that we can
    obtain it somehow in case of failed authentication as well.

    Regards,
    Antonio
     
    Antonio, Jun 28, 2004
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.