I have a windows forms project that uses PrincipalContext.ValidateCredentials Method
Everything works fine, but...
First, a user logs in to windows environment by using his/her windows username and password. Then, this user logs in to my app by using his/her windows username and password. This is a duplicate work isn't ?
My goal is to create something like SSMS's windows authentication (if you connect to DB selecting windows authentication it doesn't ask for your windows password because you are already logged in). So I want to get currently logged-in user's username and something like (Hash, GUID, SID etc.) and use that info to authenticate user.
Is there any way to achieve this ?
Related
I have a WinForms application that uses custom authentication (username/password).
In addition to this, I would like to associate Windows/AD users to app users so that if a Windows/AD user is logged in, my app does not request login credentials.
In app user management I could associate the Windows/AD user SID to the app user, and then check it later: when app is launched, if an app user with the currently logged in SID associated is found, then this user is authenticated on the app without requesting password.
I wonder if there may be security issues with this approach.
a c# windows application give privilege to users with a specific profile in its database. The application does not handle user and password but get the username of the authetcated user in Windows session.
They asked me to authenticate the user by a IAM service such as Microsoft IAM. But I'm a bit confused. It means that I have to ask username and password to user and verify them with IAM? I don't want to store in my db password.
I cannot figure how to use an external IAM.
No, you will not need to deal with passwords.
In short, your application will need to display a mini browser window (WebControl, WebView, etc.) where the IAM provider's login screen is displayed. Users provide their credentials directly to that login screen. Your application never touches those credentials and only receives the valid tokens afterwards from which it can get information like unique user ID, email address, etc.
Check out this WPF tutorial from one of the best IAM providers, auth0 (disclaimer: I'm not affiliated with auth0 in any way).
https://auth0.com/docs/quickstart/native/wpf-winforms/01-login
You can sign up for a free trial account to quickly try it out.
Side note: This method is not entirely safe from abuse as your malicious application could intercept key strokes as users type in their credentials into the IAM login page (since it is hosted within your application's process).
I am working in C# on a web application that requires a login username and password. This application is made to be compatible with Windows and is being written in VS 2013. In this company's network, all computers require user credentials, and in all cases the user's credentials for the app will be the same as their Windows logon credentials. Therefore we are trying to implement a system where, instead of signing onto Windows and then entering the same credentials again in the app, the app can access the Windows credentials that were given by the current user and attempt to sign in automatically with those. I know there is a way to do this using active directory with Azure, but for the time being we are trying to avoid using Azure. I have tried using WindowsIdentity.GetCurrent() and Environment.UserName so far, but both of those only supply the username, not the password, and we need the full credentials. It wouldn't shock me if this cannot be done in this way for security purposes, but if there is a way it would be incredibly helpful. Does anyone know of a way to access the current user's credentials? Thanks
You don't need Azure to accomplish this. Your application pool simply needs to have Windows Authentication enabled. You will not have access to the password, however.
After that, you will need to most likely write a HttpHandler which will get the HttpContext.Current.User.Identity value and check it against a database or collection of authorized users. You don't need to "re-authenticate".
I have the requirement when any remote user log in by using VPN , my ASP.Net application must be able to read the username.
I just want to read the username which is loging in by VPN and my ASP.Net application works inside VPN.
Note: That username is not same as Active directory and Windows User, also I don't want to read Windows User ID.
I have tried the thing which is shown in the link you have provided, but this is returning the windows login ID and i need the VPN user id by which the user will login to the vpn site first like vpn.xxx.xxx and then provide user name and password and then comes to my application. At the login of my application i want to use VPN user id
I have .NET application, that is intended to set password or change password for existing Windows User Account. I have done the coding to Set/Change password and it works fine. My problem is that , while we Set new password for User Account, we need to create Password Hint, but is there any way to save Password Hint in my C#.NET Application?
Can I make this coding OS independent i.e. work on both Win7 and WinXP?
Have you tried using the Active Directory attribute editor? You can add attributes to your active directory objects, like Skype Username or Password Hint.
As far as I know, Domain security does not do Password Hints like Windows Workstation does.
There are companies that inject their code into the logon screen executable for Windows, which makes the user able to reset his/her password based on completing a form with questions in.
Your application needs to be certified by Microsoft first before they will let you use the logon screen.
3rd party app :: http://www.specopssoft.com/products/specops-password-reset
Microsoft Forefront Identity Manager :: http://technet.microsoft.com/en-us/library/ff621362(v=ws.10).aspx