Can I use Windows authentication for my MS Access db?


A

Adam

I am installing an MS Access database on an Intrant, and
am wondering if it is possible to give users access based
on their Windows userID and password, - so they don't have
to authenticate themselves when starting the database.

I'd appreciate any pointers you can offer.

Thanks,

Adam
 
Ad

Advertisements

D

Douglas J. Steele

Access doesn't have the equivalent of Trusted Connection in SQL Server. You
can determine what their ID is (see
http://www.mvps.org/access/api/api0008.htm at "The Access Web"), but you
can't provide any security to prevent them from seeing the code and changing
it.
 
C

Cory Hug

I am installing an MS Access database on an Intrant, and
am wondering if it is possible to give users access based
on their Windows userID and password, - so they don't have
to authenticate themselves when starting the database.
Access doesn't have any built-in way to do this, but I've come up with
a way to fake it.

In my case, I'm authenticating users against our mainframe system
through an IBM DB2 connection using ODBC. However, my idea can be
adopted to use any sort of authentication method you choose, as long
as you're able to write a VBA procedure in Access to accomplish it.

I've expanded upon an idea that was expressed a few times in this
newsgroup already by a gentleman named Jeff Conrad. In Jeff's case,
all he was doing was creating a custom login screen to log in to
Access security.

The basic idea is to create a front-end unsecured database with a
single form of your own design that prompts for the user ID and
password, then uses the Shell command to launch the real database and
automatically log in as the user ID and password provided in the front
end. Compile the front end as an .MDE file (so users can't view the
code behind the scenes) and disable the ability to
use the Shift Key to bypass the startup.

I took that general idea and added an intermediate step in the front
end that verifies the user ID and password against another system
first, then launches the real database and logs into the Access
user-level security. You still create user ID's in Access for all of
your users, but there are 2 ways to handle the passwords (so you don't
have to change them in the Access security every time the external
password changes, my company forces passwords to change every 30
days). Either hard code the passwords in the Access security (every
user has the same password in Access security), or what
I did was use a lookup table to match the System user ID that you
authenticate with through your method (LDAP, Active Directory,
whatever) to an Access security user ID and password. This table is
stored in your real database (which is secured) and read by the front
end, so not just anybody can read the back end Access security user
ID's and passwords.

I've created a simple template .mdb file that can easily be adopted to
any authentication purpose, as mentioned above as long as you can
write a VBA procedure in Access to perform your authentication. If
you'd like a copy of it, e-mail me directly or post a reply here and I
can e-mail you my .mdb file as an attachment. It's only about 250k.
(Oh, it's in Access 2000, but should easily convert to whatever
version you need.)

On a side note, if somebody does have or writes VBA code to perform
LDAP or Active Directory authentication checks, I'd sure love to get
it. Right now, as I mentioned above, I'm authenticating against our
mainframe because that was the easiest thing I could figure out to do,
but I'd love to authenticate against Active Directory instead.
 
Ad

Advertisements

Joined
Apr 2, 2015
Messages
1
Reaction score
0
On Fri, 6 Aug 2004 10:51:30 -0700, "Adam" <> wrote:

>I am installing an MS Access database on an Intrant, and
>am wondering if it is possible to give users access based
>on their Windows userID and password, - so they don't have
>to authenticate themselves when starting the database.


Access doesn't have any built-in way to do this, but I've come up with
a way to fake it.

In my case, I'm authenticating users against our mainframe system
through an IBM DB2 connection using ODBC. However, my idea can be
adopted to use any sort of authentication method you choose, as long
as you're able to write a VBA procedure in Access to accomplish it.

I've expanded upon an idea that was expressed a few times in this
newsgroup already by a gentleman named Jeff Conrad. In Jeff's case,
all he was doing was creating a custom login screen to log in to
Access security.

The basic idea is to create a front-end unsecured database with a
single form of your own design that prompts for the user ID and
password, then uses the Shell command to launch the real database and
automatically log in as the user ID and password provided in the front
end. Compile the front end as an .MDE file (so users can't view the
code behind the scenes) and disable the ability to
use the Shift Key to bypass the startup.

I took that general idea and added an intermediate step in the front
end that verifies the user ID and password against another system
first, then launches the real database and logs into the Access
user-level security. You still create user ID's in Access for all of
your users, but there are 2 ways to handle the passwords (so you don't
have to change them in the Access security every time the external
password changes, my company forces passwords to change every 30
days). Either hard code the passwords in the Access security (every
user has the same password in Access security), or what
I did was use a lookup table to match the System user ID that you
authenticate with through your method (LDAP, Active Directory,
whatever) to an Access security user ID and password. This table is
stored in your real database (which is secured) and read by the front
end, so not just anybody can read the back end Access security user
ID's and passwords.

I've created a simple template .mdb file that can easily be adopted to
any authentication purpose, as mentioned above as long as you can
write a VBA procedure in Access to perform your authentication. If
you'd like a copy of it, e-mail me directly or post a reply here and I
can e-mail you my .mdb file as an attachment. It's only about 250k.
(Oh, it's in Access 2000, but should easily convert to whatever
version you need.)

On a side note, if somebody does have or writes VBA code to perform
LDAP or Active Directory authentication checks, I'd sure love to get
it. Right now, as I mentioned above, I'm authenticating against our
mainframe because that was the easiest thing I could figure out to do,
but I'd love to authenticate against Active Directory instead.[/QUOTE
On Fri, 6 Aug 2004 10:51:30 -0700, "Adam" <(e-mail address removed)> wrote:

>I am installing an MS Access database on an Intrant, and
>am wondering if it is possible to give users access based
>on their Windows userID and password, - so they don't have
>to authenticate themselves when starting the database.


Access doesn't have any built-in way to do this, but I've come up with
a way to fake it.

In my case, I'm authenticating users against our mainframe system
through an IBM DB2 connection using ODBC. However, my idea can be
adopted to use any sort of authentication method you choose, as long
as you're able to write a VBA procedure in Access to accomplish it.

I've expanded upon an idea that was expressed a few times in this
newsgroup already by a gentleman named Jeff Conrad. In Jeff's case,
all he was doing was creating a custom login screen to log in to
Access security.

The basic idea is to create a front-end unsecured database with a
single form of your own design that prompts for the user ID and
password, then uses the Shell command to launch the real database and
automatically log in as the user ID and password provided in the front
end. Compile the front end as an .MDE file (so users can't view the
code behind the scenes) and disable the ability to
use the Shift Key to bypass the startup.

I took that general idea and added an intermediate step in the front
end that verifies the user ID and password against another system
first, then launches the real database and logs into the Access
user-level security. You still create user ID's in Access for all of
your users, but there are 2 ways to handle the passwords (so you don't
have to change them in the Access security every time the external
password changes, my company forces passwords to change every 30
days). Either hard code the passwords in the Access security (every
user has the same password in Access security), or what
I did was use a lookup table to match the System user ID that you
authenticate with through your method (LDAP, Active Directory,
whatever) to an Access security user ID and password. This table is
stored in your real database (which is secured) and read by the front
end, so not just anybody can read the back end Access security user
ID's and passwords.

I've created a simple template .mdb file that can easily be adopted to
any authentication purpose, as mentioned above as long as you can
write a VBA procedure in Access to perform your authentication. If
you'd like a copy of it, e-mail me directly or post a reply here and I
can e-mail you my .mdb file as an attachment. It's only about 250k.
(Oh, it's in Access 2000, but should easily convert to whatever
version you need.)

On a side note, if somebody does have or writes VBA code to perform
LDAP or Active Directory authentication checks, I'd sure love to get
it. Right now, as I mentioned above, I'm authenticating against our
mainframe because that was the easiest thing I could figure out to do,
but I'd love to authenticate against Active Directory instead.
Cory,
I'm in need of this functionality. Would you be willing to share your template with me? Thanks kindly for any assistance you can offer. - JS
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top