Building a Login Validation Utility

To see some of what has been covered in this and the previous chapter, you'll build a two (or three) piece application. This application consists of one or two DLLs containing some of the code provided in this and the previous chapter. This code is Listings 11.1, 11.2, 11.3, and 10.12. The other part of the application is a user front end that enables you to enter a username and password to validate and a file to check for access.

Creating the DLLs

Package the code listings into a couple of DLLs. For the first DLL, create a project named SecurLoginBO and place the code listings from this chapter, 11.1, 11.2, and 11.3, into a class named clsLoginDomain. For the second DLL, create a project named Authorize and place the code listing 10.12 from the previous chapter into a class named clsAuthorize. Compile both of these projects into DLLs.

Creating the User Interface

Start a new project to create a standard EXE. Include in this project references to the two DLLs that you just created. Next, add the Microsoft Common Dialog Component to the project, as shown in Figure 11.8.

Next, lay out the application dialog as shown in Figure 11.9, configuring the controls as listed in Table 11.3.

Next, attach code to the Exit button to close the application by adding the code in Listing 11.4 to the Click event for this button.

Code Listing 11.4. Closing the Application

Private Sub cmdExit_Click()
    '--- Close the application
    Unload Me
End Sub
					

And then allow the user the ability to browse to select the file to try and open by adding the code in Listing 11.5 to the Click event of the Browse button.

Code Listing 11.5. Allowing Browsing for the File to Open

Private Sub cmdBrowse_Click()
    '--- Get the file name to open
    cdDialogs.ShowOpen
    txtFilename = cdDialogs.FileName
End Sub
					

Checking the User Logon

The remaining functionality for the application is to perform the user logon and to test the specified file for access privileges. To do this, you need to create new instances of both the DLLs that you created, call the LoginUser method in the first DLL, and if successfully logged in, pass the filename and the login token to the TestFileForAccess method in the second DLL. After you have tested the access of the user, you need to call the CloseLogin method in the first DLL to end the user session that you created. To add this functionality, attach the code in Listing 11.6 to the Check Login button.

Code Listing 11.6. Validating the User Logon and Testing for Access

Private Sub cmdLogin_Click()
    '--- Create instances of the security objects
    Dim objLogin As New SecurLoginBO.clsLoginDomain
    Dim objAuth As New Authorize.clsAuthorize
    Dim hToken As Long

    '--- Try and log in the user
    hToken = objLogin.LoginUser(txtUsername, txtDomain, txtPassword)
    '--- Were we able to log the user in?
    If (hToken <> 0) Then
        '--- Test the specified file for access
        If objAuth.TestFileForAccess(hToken, txtFilename) Then
            MsgBox "Login has access"
        Else
            MsgBox "Login does not have access"
        End If
        '--- Log the user out
        objLogin.CloseLogin hToken
    Else
        MsgBox "Invalid Login"
    End If
End Sub
					

At this point you should be able to run this application, if you are logged in as an account that has permission to act as part of the operating system, and test user accounts that you have configured on your system, as shown in Figure 11.10. What you might want to do is configure a directory so that a specific account does not have access to that directory, and then try creating files in that directory using several accounts. This should provide a good feel for how you can leverage impersonation using a logon token as a way to restrict user access to resources on a server in a distributed application.