473,320 Members | 2,088 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Authentication question

Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because I
don't wish store an account for every user in my network at my XP machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA
Nov 18 '05 #1
7 2189
You cannot extract the password.
For extract username you must enable ONLY windows autentication from iis en
obtain username from HttpContext.current.user.identity.name.

"Nikolay Petrov" <jo******@mail.bg> ha scritto nel messaggio
news:uZ**************@TK2MSFTNGP14.phx.gbl...
Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because
I don't wish store an account for every user in my network at my XP
machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA

Nov 18 '05 #2
Second question.
When a user connects to my ASP .NET app and provides it Windows credentials
the authentication will fail, because my machine does not know anything
about it's username and password, right?
That is the point that I need to authenticato to SQL database, not to
Windows account. Any ideas how to accomplish this?

"Cirrosi" <Ci****************@fastwebnet.it> wrote in message
news:ze*******************@tornado.fastwebnet.it.. .
You cannot extract the password.
For extract username you must enable ONLY windows autentication from iis
en obtain username from HttpContext.current.user.identity.name.

"Nikolay Petrov" <jo******@mail.bg> ha scritto nel messaggio
news:uZ**************@TK2MSFTNGP14.phx.gbl...
Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users
to authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because
I don't wish store an account for every user in my network at my XP
machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA


Nov 18 '05 #3
That's what I thought, but wan's quite sure.
Thanks

"Cirrosi" <Ci****************@fastwebnet.it> wrote in message
news:ze*******************@tornado.fastwebnet.it.. .
You cannot extract the password.
For extract username you must enable ONLY windows autentication from iis
en obtain username from HttpContext.current.user.identity.name.

"Nikolay Petrov" <jo******@mail.bg> ha scritto nel messaggio
news:uZ**************@TK2MSFTNGP14.phx.gbl...
Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users
to authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because
I don't wish store an account for every user in my network at my XP
machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA


Nov 18 '05 #4
Hi,

You can get the user name from the windowsidentity class.
http://msdn.microsoft.com/library/de...snametopic.asp

http://msdn.microsoft.com/library/de...onprovider.asp

Ken
-----------------------
"Nikolay Petrov" <jo******@mail.bg> wrote in message
news:uZ**************@TK2MSFTNGP14.phx.gbl...
Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because I
don't wish store an account for every user in my network at my XP machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA

Nov 18 '05 #5
> I have an Windows XP station where i run my ASP .NET apps. I wish users
to authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because
I don't wish store an account for every user in my network at my XP

machine.

Turn on Integrated Windows Authentication on the web server running ASP.NET
applications. Users will automatically authenticate using their current
windows usernames/passwords, and your ASP.NET application will run with that
credential.

I do not know why you store user login names/passwords in a separate SQL
database that can be out-of-sync with the actual remote user's
name/password.

If you want to use custom authentication where you store username/password
in your own user database, then that has nothing to with windows
username/password because the browser won't understand your custom
authentication scheme. You will have to cook up your own mechanism (why not
use ASP.NET Forms Authentication ??? ).

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Nikolay Petrov" <jo******@mail.bg> wrote in message
news:uZ**************@TK2MSFTNGP14.phx.gbl...
Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because I
don't wish store an account for every user in my network at my XP machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA

Nov 18 '05 #6
Need more information about your infrastructure to provide a sensible
answer. Here are some 'leading' questions to make sure we're on the same
track:
- are you looking for single-sign-on?
- when you are talking windows credentials does that imply AD & domain user
accounts - or is this network a workgroup with just local machine accounts?

Also a couple of pointers/ideas:
- Generally you don't store passwords - you only ever store a hash of the
password. After the hash of the password is verified, the password itself is
discarded.
If you do store passwords this is a BIG security risk.
- Have you considerd ADAM (Active Directory Application Mode) as a possible
alternative to SQL server?
see
http://www.microsoft.com/downloads/d...displaylang=en
Nov 18 '05 #7
MP
Thank you,
We have no intention of using a single logon to our application. We are
aiming at domain accounts, AD.

So far I can prompt the user to enter a user id, domain name and
password. The I validate these using LogonUser and then
I start our application using the user's information, the application is
started under the user's identity.... like runas will do.

This works fine, but now we have 2 clients, one that uses smart-cards
and the other one that uses a fingerprint reader to authenticate the users
at logon. Is there a standard API I can use? or will I have to write a
custom module for each client?

Thank you!

"richlm" <ri*****@h0tmai1.com> wrote in message
news:eO**************@tk2msftngp13.phx.gbl...
Need more information about your infrastructure to provide a sensible
answer. Here are some 'leading' questions to make sure we're on the same
track:
- are you looking for single-sign-on?
- when you are talking windows credentials does that imply AD & domain
user accounts - or is this network a workgroup with just local machine
accounts?

Also a couple of pointers/ideas:
- Generally you don't store passwords - you only ever store a hash of the
password. After the hash of the password is verified, the password itself
is discarded.
If you do store passwords this is a BIG security risk.
- Have you considerd ADAM (Active Directory Application Mode) as a
possible alternative to SQL server?
see
http://www.microsoft.com/downloads/d...displaylang=en

Nov 18 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
4
by: Andrew | last post by:
Hey all, I would like to preface my question by stating I am still learning ASP.net and while I am confident in the basics and foundation, the more advanced stuff is still a challenge. Ok....
6
by: Ming Zhang | last post by:
Hi guys, I have couple of ASP.NET applications that only support digest windows authentication, and credentials are managed in a central AD. When users login to one app, they can easily navigate...
6
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
18
by: troywalker | last post by:
I am new to LDAP and Directory Services, and I have a project that requires me to authenticate users against a Sun Java System Directory Server in order to access the application. I have found...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.