DMO & ADO connections fail even with valid credentials when using LOGON32_LOGON_NEW_CREDENTIALS flag with 'LogonUser'

DMO & ADO connections fail even with valid credentials when using LOGON32_LOGON_NEW_CREDENTIALS flag with 'LogonUser'
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
DMO & ADO connections fail even with valid credentials when using LOGON32_LOGON_NEW_CREDENTIALS flag with 'LogonUser' Swapnil D 04-17-2006
Posted by Swapnil D on April 17, 2006, 9:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello All,
Heres how to reproduce the problem. The code is given below(Console
Application)

1.Put an valid username, dominmane but INVALID password and connect to an
REMOTE SQL server. The Connect call fails (this is expected behavior)
2. Run the program once again this time with the same domian name and
username but CORRECT password. The connect call fails the first time
(Unexpected behavior)
3. Run the program again with the same username, domainname and VALID
password. It works this time (Expected behavior)

I would like to know, why it does not work the first time after a previos
authentication has failed,
also is there a workaround for this.

Please remember the the SQL Server is on a REMOTE machine

Please replace
<username>
<domainname>
<password>
<SQL Server MachineName> with valid names

Regards
Swapnil D.

//-------------------------------------------------------------------------------------------------------
#include "stdafx.h"

#import "C:\Program Files\Microsoft SQL
Server\Tools\Binn\sqldmo.dll" no_namespace

int main(int argc, char* argv[])
{
::CoInitialize(NULL);

_SQLServerPtr spSQLServer;
HRESULT hr;

try
{
hr = spSQLServer.CreateInstance(__uuidof(SQLServer));

if(FAILED(hr))
{
printf("ERROR : Failed in call to CoCreateInstance");
return 0;
}

hr = spSQLServer->put_QueryTimeout(60);
if(FAILED(hr))
{
printf("ERROR : Failed in call to spSQLServer->put_QueryTimeout()");
return 0;
}

spSQLServer->PutLoginSecure(TRUE);

HANDLE hToken;


if(!::LogonUser("<username>","<domainname>","<password>",LOGON32_LOGON_NEW_CREDENTIALS,
LOGON32_PROVIDER_WINNT50,&hToken))
{
printf("ERROR : Failed in call to ::LogonUser()");
return 0;
}

if(!::ImpersonateLoggedOnUser(hToken))
{
printf("ERROR : Failed in call to ::ImpersonateLoggedOnUser()");
return 0;
}

hr = spSQLServer->Connect(CComVariant("<SQL Server MachineName>"));
if(FAILED(hr))
{
printf("ERROR : Failed in call to spSQLServer->Connect()");
return 0;
}

if(!::RevertToSelf())
{
printf("ERROR : Failed in call to ::RevertToSelf()");
return 0;
}

}
catch(...)
{
hr = spSQLServer->Close();
if(FAILED(hr))
printf("ERROR : Failed in call to spSQLServer->Close()");

if(!::RevertToSelf())
{
printf("ERROR : Failed in call to ::RevertToSelf()");
return 0;
}
}
return 0;
}



Posted by Swapnil D on April 18, 2006, 1:51 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello all,
Please let me know if any additional information is required

Thanks and regards
Swapnil D.


"Swapnil D" <none> wrote in message
> Hello All,
> Heres how to reproduce the problem. The code is given below(Console
> Application)
>
> 1.Put an valid username, dominmane but INVALID password and connect to an
> REMOTE SQL server. The Connect call fails (this is expected behavior)
> 2. Run the program once again this time with the same domian name and
> username but CORRECT password. The connect call fails the first time
> (Unexpected behavior)
> 3. Run the program again with the same username, domainname and VALID
> password. It works this time (Expected behavior)
>
> I would like to know, why it does not work the first time after a previos
> authentication has failed,
> also is there a workaround for this.
>
> Please remember the the SQL Server is on a REMOTE machine
>
> Please replace
> <username>
> <domainname>
> <password>
> <SQL Server MachineName> with valid names
>
> Regards
> Swapnil D.
>
>
//-------------------------------------------------------------------------------------------------------
> #include "stdafx.h"
>
> #import "C:\Program Files\Microsoft SQL
> Server\Tools\Binn\sqldmo.dll" no_namespace
>
> int main(int argc, char* argv[])
> {
> ::CoInitialize(NULL);
>
> _SQLServerPtr spSQLServer;
> HRESULT hr;
>
> try
> {
> hr = spSQLServer.CreateInstance(__uuidof(SQLServer));
>
> if(FAILED(hr))
> {
> printf("ERROR : Failed in call to CoCreateInstance");
> return 0;
> }
>
> hr = spSQLServer->put_QueryTimeout(60);
> if(FAILED(hr))
> {
> printf("ERROR : Failed in call to spSQLServer->put_QueryTimeout()");
> return 0;
> }
>
> spSQLServer->PutLoginSecure(TRUE);
>
> HANDLE hToken;
>
>
>
if(!::LogonUser("<username>","<domainname>","<password>",LOGON32_LOGON_NEW_CREDENTIALS,
> LOGON32_PROVIDER_WINNT50,&hToken))
> {
> printf("ERROR : Failed in call to ::LogonUser()");
> return 0;
> }
>
> if(!::ImpersonateLoggedOnUser(hToken))
> {
> printf("ERROR : Failed in call to ::ImpersonateLoggedOnUser()");
> return 0;
> }
>
> hr = spSQLServer->Connect(CComVariant("<SQL Server MachineName>"));
> if(FAILED(hr))
> {
> printf("ERROR : Failed in call to spSQLServer->Connect()");
> return 0;
> }
>
> if(!::RevertToSelf())
> {
> printf("ERROR : Failed in call to ::RevertToSelf()");
> return 0;
> }
>
> }
> catch(...)
> {
> hr = spSQLServer->Close();
> if(FAILED(hr))
> printf("ERROR : Failed in call to spSQLServer->Close()");
>
> if(!::RevertToSelf())
> {
> printf("ERROR : Failed in call to ::RevertToSelf()");
> return 0;
> }
> }
> return 0;
> }
>
>



Posted by Swapnil D on April 18, 2006, 2:03 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello all,
I already tried posting to microsoft.public.security and
microsoft.public.security.crypto but did
not get a reply. Perhaps someone here can help

Thanks and Regards
Swapnil D.


"Swapnil D" <none> wrote in message
> Hello All,
> Heres how to reproduce the problem. The code is given below(Console
> Application)
>
> 1.Put an valid username, dominmane but INVALID password and connect to an
> REMOTE SQL server. The Connect call fails (this is expected behavior)
> 2. Run the program once again this time with the same domian name and
> username but CORRECT password. The connect call fails the first time
> (Unexpected behavior)
> 3. Run the program again with the same username, domainname and VALID
> password. It works this time (Expected behavior)
>
> I would like to know, why it does not work the first time after a previos
> authentication has failed,
> also is there a workaround for this.
>
> Please remember the the SQL Server is on a REMOTE machine
>
> Please replace
> <username>
> <domainname>
> <password>
> <SQL Server MachineName> with valid names
>
> Regards
> Swapnil D.
>
>
//-------------------------------------------------------------------------------------------------------
> #include "stdafx.h"
>
> #import "C:\Program Files\Microsoft SQL
> Server\Tools\Binn\sqldmo.dll" no_namespace
>
> int main(int argc, char* argv[])
> {
> ::CoInitialize(NULL);
>
> _SQLServerPtr spSQLServer;
> HRESULT hr;
>
> try
> {
> hr = spSQLServer.CreateInstance(__uuidof(SQLServer));
>
> if(FAILED(hr))
> {
> printf("ERROR : Failed in call to CoCreateInstance");
> return 0;
> }
>
> hr = spSQLServer->put_QueryTimeout(60);
> if(FAILED(hr))
> {
> printf("ERROR : Failed in call to spSQLServer->put_QueryTimeout()");
> return 0;
> }
>
> spSQLServer->PutLoginSecure(TRUE);
>
> HANDLE hToken;
>
>
>
if(!::LogonUser("<username>","<domainname>","<password>",LOGON32_LOGON_NEW_CREDENTIALS,
> LOGON32_PROVIDER_WINNT50,&hToken))
> {
> printf("ERROR : Failed in call to ::LogonUser()");
> return 0;
> }
>
> if(!::ImpersonateLoggedOnUser(hToken))
> {
> printf("ERROR : Failed in call to ::ImpersonateLoggedOnUser()");
> return 0;
> }
>
> hr = spSQLServer->Connect(CComVariant("<SQL Server MachineName>"));
> if(FAILED(hr))
> {
> printf("ERROR : Failed in call to spSQLServer->Connect()");
> return 0;
> }
>
> if(!::RevertToSelf())
> {
> printf("ERROR : Failed in call to ::RevertToSelf()");
> return 0;
> }
>
> }
> catch(...)
> {
> hr = spSQLServer->Close();
> if(FAILED(hr))
> printf("ERROR : Failed in call to spSQLServer->Close()");
>
> if(!::RevertToSelf())
> {
> printf("ERROR : Failed in call to ::RevertToSelf()");
> return 0;
> }
> }
> return 0;
> }
>
>



Similar ThreadsPosted
LogonUser, impersonation and SHGetFolderPath April 27, 2006, 2:45 pm
RE: How to flag emails as spam all at once in Outlook 2003? December 4, 2005, 9:36 pm
RE: How to flag emails as spam all at once in Outlook 2003? December 4, 2005, 9:37 pm
Re: How to flag emails as spam all at once in Outlook 2003? December 5, 2005, 12:36 am
mixed authentication and LogonUser token in forms ticket - safe? August 30, 2007, 6:44 am
Do you think it is possible that a valid IP can have no ISP?? June 3, 2006, 1:13 pm
WSUS 3.0 console fail May 25, 2007, 7:17 am
User creation date on fail domain April 11, 2006, 11:55 am
Linked Servers fail with Integrated Authentication October 12, 2007, 4:39 pm
iTunes.exe - Bad Image - ksuser.dll is not a valid Windows image April 12, 2008, 7:10 pm

The site map in XML format XML site map

Contact Us | Privacy Policy