Hello, buerklma@arcor.de!

There is no need to compare passwords, just compare names.

Use WindowsIdentity.GetCurrent().Name and compare this name with
the one you store in your application.

WindowsIdentity.GetCurrent() - returns WindowsIdentity object that
represents
the current Windows user, the user who has logged on already.

You wrote  on Mon, 11 Jun 2007 23:34:12 -0700:

b> Hi NG,

b> is there a way to get the Windows Password of a user in an encrypted
b> form?
b> In my logon process I want to check the current (windows) user and
b> password. If they fits no logon screen will be displayed and the
b> program starts.

b> Has somebody an idea how to get it?

b> Thanks in advance

b> Regards
b> Martin

With best regards, Vadym Stetsyak.
Blog: http://vadmyst.blogspot.com

On Jun 12, 8:34 am, buerk...@arcor.de wrote:

Windows password are stored in a file (it's name is SAM), cant recall
the name, and they are encrypted, so you need
1. Read windows partition from Linux or DOS
2. Take the password file
3. Use a brute-force password recovery app, to TRY to find some of the
passwords

As you can see, theres no way to read these passwords from C# or any
other language, even If you could read the file on real time (you
cant, windows blocks it, thats the reason of step 1 mentioned before),
you would still have to try and find the password through brute force,
which is, time/resources consuming, you could spend 24 hours in a row
trying to get a password and either succeed or not, depending on the
complexity of the password (aka, lenght, different characters, and so
on..)

You can view also here to know how windows store passowrds and where:
http://www.tech-faq.com/windows-password-file.shtml
http://us1.samba.org/samba/ftp/pwdump/

The username is avaliable from .NET as Environment.Username

The password is stored in the registry. Accounts have a (meaningless?)
ID number that you have to look up in

HKLM/Security/SAM/Domains/Account/Users/Names/Username

The encrypted password for that user is at:

HKLM/Security/SAM/Domains/Account/Users/IDNumber

Note that by default only SYSTEM can access HKLM/Security but obviously
an administrator can set it so that they have access. It would be a
*very* bad idea to give non-administrators access to that (with read
access they could do an offline attack on admin passwords - with write
access they could change admin passwords and just log in), so only
administrators will be able to use your program.
On Vista and later versions of Windows, you're likely to irritate people
with dialogs asking if they're sure they want to give admin rights to
your program.

Vista also seems to store the value in a slightly different way to XP
(two keys). Perhaps they're salting the hash with the username - it
would be about time!

You should also note that if somebody gets access to your program's
data, they can trivially attack passwords on the system and get access.
So you'd better set your program's data file security attributes to only
allow admins access.

********
* NOTE *
********
While that answers your question, it's not actually what you want to do.
You could either use the LogonUser API (not avaliable on many older
versions of Windows and requires your program to have privilages to act
as part of the OS before Windows XP), or (probably better in your case)
use SSPI. These will do the authentication for you.

Full details and sample code on using SSPI are avaliable from here:
http://support.microsoft.com/kb/180548/EN-US/

Alun Harford