[plt-scheme] Password validation in the web-server on Windows

From: Yoav Goldberg (yoav.goldberg at gmail.com)
Date: Sun Oct 16 18:10:09 EDT 2005

That's good.
Windows API has the function "LogonUser", that does what you want.
Unfortnately, it requires the calling process to "run as system" on
Windows 2000 computers. Luckily for you, that's not the case with
Windows Server 2003 and WindowsXP.

So, the easiest solution for you is to use the foreign interface to
call this API.

I would have posted an example, but my computer is Win2k, and so it
always fail, and so I'm not sure my code is even correct.

Anyhow, the API call is documented here:


On 10/16/05, Jens Axel Søgaard <jensaxel at soegaard.net> wrote:
> Yoav Goldberg wrote:
> > On 10/16/05, Jens Axel Søgaard <jensaxel at soegaard.net> wrote:
> >>Given a Windows username and a password, is there a simple
> >>way for a servlet (or another program) to determine whether
> >>the password is correct?
> >>
> >>My plan is to run the PLT web-server on a machine, which
> >>is member of a Windows domain. I hope it is possible
> >>to avoid maintaining passwords on the web-server.
>  > Which windows version are you using?
> The result is to be deployed on Windows 2003, and I am
> using Windows XP on my developement machine.
> --
> Jens Axel Søgaard

Posted on the users mailing list.