Hello,
I get the logged User's Name with a call to GetUserName() ... but, how can
assure than the User is really logged and authenticated in the Domain is
supposed to be, and which I trust ?
For example, imagine you have a login to which you allow access to a certain
application writen in Delphi ( of course ). Normally, that application is
launched from a PC that belongs to the domain, and so is subject to the
domain security. From that kind of PC, the call to GetUserName() returns the
login of the authenticated user.
But you can bring one laptop, which is not in any domain, configure whatever
account you whish in that computer, connect it to the network, and launch
the application from that computer ... so you could "simulate" any login (
the application would get such login from the GetUserName() call ). Of
course, you wouldn't be able to access any domain resource ( file share, and
so on ... ), but you could access to the application.
( that application can't be on the network ! It has to be locally installed
in the computer, and you can't ask for the password of the user neither ).
Thanks
