Platform: Visual Studio 2003
Language: C#
NOTES:
1. Application will need to run on Windows 2000, Windows 2003, Windows
XP
2. Client machines will be standalone NOT part of a domain.
3. I don't want to depend on having Active Directory installed
Problem Description:
When my application starts, it checks if the current windows user
belongs to a group. If he/she does belong to the group it allows them
to run it. If he/she does NOT belong to the group, it prompts them to
log in as another user that will belong to that group. I having trouble
authenticating the windows login and password. I reasearched this issue
for quite some time but no luck. These are some of my attempts to solve
the problem:
1. Using the LogonUser () function. This call will not work under
Windows 2000 unless you
make a change to the security policy. Not good for me!
2. Using the DirectoryEntry in DirectoryServic es namespace. I created
an instance of the
DirectoryEntry class and passed the path, name, login, password and
authenticationt ype.
Tried to bind to the Native object with "Object native =
deDirEntry.Nati veObject;" but it did
not work. I used the following value for path: "WinNT://" +
Environment.Mac hineName
NOTE: If I could do this with managed code that would be great.
Thanks in Advance 7 2671
You should probably write your own custom authentication if you're not
part of a domain. Basically you want Integrated Authentication but
you're not integrated to anything.
This is an administrative issue, if a user is logged on to windows using his
logon credentials he should be member of the right group, if he's not a
member of the right group, you should ask to logoff and logon to windows
using the correct credentials, you should never authenticate in code.
Willy.
"Nick" <ko******@yahoo .com> wrote in message
news:11******** **************@ i40g2000cwc.goo glegroups.com.. .
| Platform: Visual Studio 2003
| Language: C#
| NOTES:
| 1. Application will need to run on Windows 2000, Windows 2003, Windows
| XP
| 2. Client machines will be standalone NOT part of a domain.
| 3. I don't want to depend on having Active Directory installed
|
| Problem Description:
| When my application starts, it checks if the current windows user
| belongs to a group. If he/she does belong to the group it allows them
| to run it. If he/she does NOT belong to the group, it prompts them to
| log in as another user that will belong to that group. I having trouble
| authenticating the windows login and password. I reasearched this issue
| for quite some time but no luck. These are some of my attempts to solve
| the problem:
| 1. Using the LogonUser () function. This call will not work under
| Windows 2000 unless you
| make a change to the security policy. Not good for me!
| 2. Using the DirectoryEntry in DirectoryServic es namespace. I created
| an instance of the
| DirectoryEntry class and passed the path, name, login, password and
| authenticationt ype.
| Tried to bind to the Native object with "Object native =
| deDirEntry.Nati veObject;" but it did
| not work. I used the following value for path: "WinNT://" +
| Environment.Mac hineName
|
| NOTE: If I could do this with managed code that would be great.
|
| Thanks in Advance
|
I appreciate everyone's input but I still have to do it. (Per
management). Could someone show me how to do it?
Thanks in Advance
"Nick" <ko******@yahoo .com> wrote in message
news:11******** *************@v 46g2000cwv.goog legroups.com...
|I appreciate everyone's input but I still have to do it. (Per
| management). Could someone show me how to do it?
|
| Thanks in Advance
|
You don't get it really, by calling "LogonUser" you simply validate the
specified users credentials, but that doesn't mean that your application
(thread) runs as the user specified in the LogonUser call, to do so you need
to impersonate the new Logon token obtained by LogonUser.
But that's not all, the environment and profile loaded and attached to the
application is still the one of the initial logon users (the one that
started the application). That means that the application will fail if it
relies on the presence of the "impersonat ing users" profile.
If the latter is no issue, you should search MSDN it contains a sample how
to impersonate a user.
Willy.
Hello Willy,
First of all, I would like to thank you for taking the time and
responding to my question. Here are some additional information that
may help you understand where I am coming from:
When a logged on user double clicks on the application icon the
application checks if the user belongs to that special group. If he/she
does NOT then we need to prompt for
a windows user login and password that does belong to that group. If
he/she belongs to that special group then to need to prompt for login
and password. It's just a convenience so the user does NOT need to log
off and log back in as that user. The application does NOT care about
any environment or profile information.
As for the LogonUser, my understanding is that there is some security
issue with Windows 2000 and I don't want to enforce any policy changes
on the user's machine.
Thanks Again
"Nick" <ko******@yahoo .com> wrote in message
news:11******** *************@i 40g2000cwc.goog legroups.com...
| Hello Willy,
|
| First of all, I would like to thank you for taking the time and
| responding to my question. Here are some additional information that
| may help you understand where I am coming from:
| When a logged on user double clicks on the application icon the
| application checks if the user belongs to that special group. If he/she
| does NOT then we need to prompt for
| a windows user login and password that does belong to that group.
Note that this way the "user" pretends he is someone else, but the
application still runs as the initial logon user, using the initials
security token, environment and profile, hope that's clear.
If
| he/she belongs to that special group then to need to prompt for login
| and password. It's just a convenience so the user does NOT need to log
| off and log back in as that user. The application does NOT care about
| any environment or profile information.
| As for the LogonUser, my understanding is that there is some security
| issue with Windows 2000 and I don't want to enforce any policy changes
| on the user's machine.
|
True, W2K needs TCB privileges in order to call LogonUser. An other option
is to use DirectoryServic es, something like this may do.
....
try
{
using(Directory Entry AD = new
DirectoryEntry( "WinNT://sixfour,compute r", "administrator" , "keviin",
AuthenticationT ypes.Secure))
{
object no = AD.Guid;
}
}
catch (Exception ex)
{
int hr = Marshal.GetHRFo rException(ex);
if(hr == -2147023570) //0x8007052E
Console.WriteLi ne("Logon failure");
}
Willy.
Another question I was dealing with elsewhere just had an example .. http://www.experts-exchange.com/Prog..._21824079.html
Cheers,
Greg Young
MVP - C#
"Nick" <ko******@yahoo .com> wrote in message
news:11******** *************@v 46g2000cwv.goog legroups.com... I appreciate everyone's input but I still have to do it. (Per management). Could someone show me how to do it?
Thanks in Advance This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Bob Everland |
last post by:
I have an application that is ISAPI and the only way to
secure it is through NT permissions. I need to have a way
to login to windows authentication so that when I get to
the ISAPI application no boxes come up. I want an ASP page
to sit between the user and the ISAPI application. The
rest of my application is using authentication that is
database driven and wouldn't want the users to know the
userid and password. Is this possible? If so...
|
by: sherkozmo |
last post by:
I have my SQL 7.0 server set for Mixed security. I see now (finally)
the advantages of having windows authentication security for windows
groups.
I do most of my developing in Access Projects which require a login of
some type. I have been using my SQL login to develop with SQL and
then when I give it to the user, I set the project to use Windows
authentication. I want to be able to have Windows authentication on
my domain account but...
|
by: Dave |
last post by:
Hi,
Is there anyway to mimic forms authentication's loginUrl
and RedirectFromLoginPage functionality using Windows
authentication?
We are developing intranet sites using basic
authentication and we want to always redirect a user to a
default 'splash' or welcome page that is set to anonymous
if they are not logged in. This page would have
|
by: Wade Wegner |
last post by:
Hello,
I have been desperately trying to programmatically authenticate a windows
user, create their credentials, and then redirect them to a different server
while passing the credentials at the same time so that they don't have to
login again.
Specifically, I have two webservers in the same domain. When I have a user
go to Webserver A (which uses basic authentication) I programmatically
create either a user credential or impersonate...
|
by: Andrew |
last post by:
Hey all,
I would like to preface my question by stating I am still learning ASP.net
and while I am confident in the basics and foundation, the more advanced
stuff is still a challenge. Ok. :)
| |
by: Kevin Yu |
last post by:
is it possible to for user to click a logout button to logout and when the
user want to get into the system again, the user have to login again?
Kevin
|
by: serge calderara |
last post by:
Dear all,
I clearly underdand the advantage of both type of authentification but is it
allowed or possible to set the Authentication mode to Windows and then handle
a login form for defined users in Credential section like as follow :
<authentication mode="Windows" >
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="Jessee" password="JuneBug"/>
|
by: Keith H |
last post by:
I'm looking for a way to force the user to re-authenticate with their Windows
username/password/domain after clicking the submit button on an ASP.NET page.
This is for an internal application.
Does anyone know if/how this can be done?
|
by: Evan Camilleri |
last post by:
I have a problem for a Windows Service to login on an SQL server (different
machine) - neither Windows Authentication nor SQL Authentication worked.
LOGIN FAILED FOR USER sa (for example).
If SQL Server is on the same PC of the Windows Service the connection works
OK.
The same code works in a Windows Form using same user and authentication
methods to the SQL Server on a different machine.
|
by: =?Utf-8?B?UGFyYWcgR2Fpa3dhZA==?= |
last post by:
Hi All,
We have a requirement where we have to develop a custom Login Page which
will accept user's NT credentials ( Username , password, domain name).
This then needs to be passed to a website which uses Windows Authentication
Now my question is how do we pass these credentials to IIS in classic ASP?
Would appreciate any help/pointers on this.
Thanks in advance.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |