Authentication question

You cannot extract the password.
For extract username you must enable ONLY windows autentication from iis en
obtain username from HttpContext.current.user.identity.name.

"Nikolay Petrov" <jo******@mail.bg> ha scritto nel messaggio
news:uZ**************@TK2MSFTNGP14.phx.gbl...

Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because
I don't wish store an account for every user in my network at my XP
machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA

Second question.
When a user connects to my ASP .NET app and provides it Windows credentials
the authentication will fail, because my machine does not know anything
about it's username and password, right?
That is the point that I need to authenticato to SQL database, not to
Windows account. Any ideas how to accomplish this?

"Cirrosi" <Ci****************@fastwebnet.it> wrote in message
news:ze*******************@tornado.fastwebnet.it.. .

You cannot extract the password.
For extract username you must enable ONLY windows autentication from iis
en obtain username from HttpContext.current.user.identity.name.

"Nikolay Petrov" <jo******@mail.bg> ha scritto nel messaggio
news:uZ**************@TK2MSFTNGP14.phx.gbl...

Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users
to authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because
I don't wish store an account for every user in my network at my XP
machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA

That's what I thought, but wan's quite sure.
Thanks

"Cirrosi" <Ci****************@fastwebnet.it> wrote in message
news:ze*******************@tornado.fastwebnet.it.. .

You cannot extract the password.
For extract username you must enable ONLY windows autentication from iis
en obtain username from HttpContext.current.user.identity.name.

"Nikolay Petrov" <jo******@mail.bg> ha scritto nel messaggio
news:uZ**************@TK2MSFTNGP14.phx.gbl...

Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users
to authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because
I don't wish store an account for every user in my network at my XP
machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA

Hi,

You can get the user name from the windowsidentity class.
http://msdn.microsoft.com/library/de...snametopic.asp

http://msdn.microsoft.com/library/de...onprovider.asp

Ken
-----------------------
"Nikolay Petrov" <jo******@mail.bg> wrote in message
news:uZ**************@TK2MSFTNGP14.phx.gbl...
Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because I
don't wish store an account for every user in my network at my XP machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA

> I have an Windows XP station where i run my ASP .NET apps. I wish users

to authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because
I don't wish store an account for every user in my network at my XP

machine.

Turn on Integrated Windows Authentication on the web server running ASP.NET
applications. Users will automatically authenticate using their current
windows usernames/passwords, and your ASP.NET application will run with that
credential.

I do not know why you store user login names/passwords in a separate SQL
database that can be out-of-sync with the actual remote user's
name/password.

If you want to use custom authentication where you store username/password
in your own user database, then that has nothing to with windows
username/password because the browser won't understand your custom
authentication scheme. You will have to cook up your own mechanism (why not
use ASP.NET Forms Authentication ??? ).

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Nikolay Petrov" <jo******@mail.bg> wrote in message
news:uZ**************@TK2MSFTNGP14.phx.gbl...
Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because I
don't wish store an account for every user in my network at my XP machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA

Need more information about your infrastructure to provide a sensible
answer. Here are some 'leading' questions to make sure we're on the same
track:
- are you looking for single-sign-on?
- when you are talking windows credentials does that imply AD & domain user
accounts - or is this network a workgroup with just local machine accounts?

Also a couple of pointers/ideas:
- Generally you don't store passwords - you only ever store a hash of the
password. After the hash of the password is verified, the password itself is
discarded.
If you do store passwords this is a BIG security risk.
- Have you considerd ADAM (Active Directory Application Mode) as a possible
alternative to SQL server?
see
http://www.microsoft.com/downloads/d...displaylang=en

Thank you,
We have no intention of using a single logon to our application. We are
aiming at domain accounts, AD.

So far I can prompt the user to enter a user id, domain name and
password. The I validate these using LogonUser and then
I start our application using the user's information, the application is
started under the user's identity.... like runas will do.

This works fine, but now we have 2 clients, one that uses smart-cards
and the other one that uses a fingerprint reader to authenticate the users
at logon. Is there a standard API I can use? or will I have to write a
custom module for each client?

Thank you!

"richlm" <ri*****@h0tmai1.com> wrote in message
news:eO**************@tk2msftngp13.phx.gbl...

Need more information about your infrastructure to provide a sensible
answer. Here are some 'leading' questions to make sure we're on the same
track:
- are you looking for single-sign-on?
- when you are talking windows credentials does that imply AD & domain
user accounts - or is this network a workgroup with just local machine
accounts?

Also a couple of pointers/ideas:
- Generally you don't store passwords - you only ever store a hash of the
password. After the hash of the password is verified, the password itself
is discarded.
If you do store passwords this is a BIG security risk.
- Have you considerd ADAM (Active Directory Application Mode) as a
possible alternative to SQL server?
see
http://www.microsoft.com/downloads/d...displaylang=en