[plt-scheme] Password validation in the web-server on Windows

From: Jens Axel Søgaard (jensaxel at soegaard.net)
Date: Sun Oct 16 18:22:08 EDT 2005

Yoav Goldberg wrote:
> That's good.
> Windows API has the function "LogonUser", that does what you want.
> Unfortnately, it requires the calling process to "run as system" on
> Windows 2000 computers. Luckily for you, that's not the case with
> Windows Server 2003 and WindowsXP.
> So, the easiest solution for you is to use the foreign interface to
> call this API.
> I would have posted an example, but my computer is Win2k, and so it
> always fail, and so I'm not sure my code is even correct.
> Anyhow, the API call is documented here:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/logonuser.asp

That looks promising indeed. On closer reading I can see, that
works only on the server:

   Client 	Requires Windows XP, Windows 2000 Professional, or
                 Windows NT Workstation 4.0 SP3 and later.
   Server 	Requires Windows Server 2003, Windows 2000 Server, or
                 Windows NT Server 3.51 and later.


   Link to Advapi32.lib.
   DLL 	Requires Advapi32.dll.

(I couldn't find Advapi32.lib on my XP-machine)

For my purpose that is good enough (I think), but I'd love to know
how to do it on a client.

Jens Axel Søgaard

Posted on the users mailing list.