All,
I have a IntraWeb application which needs user's to login. I would like
to authenticate the login against a Windows 2003 server (AD).
I have had partial success with two methods:
1. Using Synapse and LDAP
--------------------------------
Problem: Only BIND seems to work: password/username are sent as
cleartext. Although the network is fully switched, I am a bit
uncomfortable with this...
ldap := TLDAPSend.Create;
ldap.TargetHost := '10.254.x.x';
ldap.UserName := 'Administrator@domain.com';
ldap.Password := 'password';
if ldap.Login then
if ldap.Bind then
ShowMessage('Success')
else
ShowMessage('Failed');
2. Using Colin Wilson's SSPIValidatePassword unit
---------------------------------------------------------
Problem: I can securely validate a user/password against a Windows 2003
Server, <b>but only if the web server checking the credentials is on
the domain (which I don't want)</b>.
Is there a simple, secure, Delphi solution for validating a login,
using a Win2003 server and without being on the domain?
TIA,
Keith Blows
