Platform: Visual Studio 2003
Language: C#
NOTES:
1. Application will need to run on Windows 2000, Windows 2003, Windows
XP
2. Client machines will be standalone NOT part of a domain.
3. I don't want to depend on having Active Directory installed
Problem Description:
When my application starts, it checks if the current windows user
belongs to a group. If he/she does belong to the group it allows them
to run it. If he/she does NOT belong to the group, it prompts them to
log in as another user that will belong to that group. I having trouble
authenticating the windows login and password. I reasearched this issue
for quite some time but no luck. These are some of my attempts to solve
the problem:
1. Using the LogonUser () function. This call will not work under
Windows 2000 unless you
make a change to the security policy. Not good for me!
2. Using the DirectoryEntry in DirectoryServices namespace. I created
an instance of the
DirectoryEntry class and passed the path, name, login, password and
authenticationtype.
Tried to bind to the Native object with "Object native =
deDirEntry.NativeObject;" but it did
not work. I used the following value for path: "WinNT://" +
Environment.MachineName
NOTE: If I could do this with managed code that would be great.
Thanks in Advance
7  2649 
You should probably write your own custom authentication if you're not
part of a domain. Basically you want Integrated Authentication but
you're not integrated to anything.
This is an administrative issue, if a user is logged on to windows using his
logon credentials he should be member of the right group, if he's not a
member of the right group, you should ask to logoff and logon to windows
using the correct credentials, you should never authenticate in code.
Willy.
"Nick" <ko******@yahoo.com> wrote in message
news:11**********************@i40g2000cwc.googlegr oups.com...
| Platform: Visual Studio 2003
| Language: C#
| NOTES:
| 1. Application will need to run on Windows 2000, Windows 2003, Windows
| XP
| 2. Client machines will be standalone NOT part of a domain.
| 3. I don't want to depend on having Active Directory installed
|
| Problem Description:
| When my application starts, it checks if the current windows user
| belongs to a group. If he/she does belong to the group it allows them
| to run it. If he/she does NOT belong to the group, it prompts them to
| log in as another user that will belong to that group. I having trouble
| authenticating the windows login and password. I reasearched this issue
| for quite some time but no luck. These are some of my attempts to solve
| the problem:
| 1. Using the LogonUser () function. This call will not work under
| Windows 2000 unless you
| make a change to the security policy. Not good for me!
| 2. Using the DirectoryEntry in DirectoryServices namespace. I created
| an instance of the
| DirectoryEntry class and passed the path, name, login, password and
| authenticationtype.
| Tried to bind to the Native object with "Object native =
| deDirEntry.NativeObject;" but it did
| not work. I used the following value for path: "WinNT://" +
| Environment.MachineName
|
| NOTE: If I could do this with managed code that would be great.
|
| Thanks in Advance
|
I appreciate everyone's input but I still have to do it. (Per
management). Could someone show me how to do it?
Thanks in Advance
"Nick" <ko******@yahoo.com> wrote in message
news:11*********************@v46g2000cwv.googlegro ups.com...
|I appreciate everyone's input but I still have to do it. (Per
| management). Could someone show me how to do it?
|
| Thanks in Advance
|
You don't get it really, by calling "LogonUser" you simply validate the
specified users credentials, but that doesn't mean that your application
(thread) runs as the user specified in the LogonUser call, to do so you need
to impersonate the new Logon token obtained by LogonUser.
But that's not all, the environment and profile loaded and attached to the
application is still the one of the initial logon users (the one that
started the application). That means that the application will fail if it
relies on the presence of the "impersonating users" profile.
If the latter is no issue, you should search MSDN it contains a sample how
to impersonate a user.
Willy.
Hello Willy,
First of all, I would like to thank you for taking the time and
responding to my question. Here are some additional information that
may help you understand where I am coming from:
When a logged on user double clicks on the application icon the
application checks if the user belongs to that special group. If he/she
does NOT then we need to prompt for
a windows user login and password that does belong to that group. If
he/she belongs to that special group then to need to prompt for login
and password. It's just a convenience so the user does NOT need to log
off and log back in as that user. The application does NOT care about
any environment or profile information.
As for the LogonUser, my understanding is that there is some security
issue with Windows 2000 and I don't want to enforce any policy changes
on the user's machine.
Thanks Again
"Nick" <ko******@yahoo.com> wrote in message
news:11*********************@i40g2000cwc.googlegro ups.com...
| Hello Willy,
|
| First of all, I would like to thank you for taking the time and
| responding to my question. Here are some additional information that
| may help you understand where I am coming from:
| When a logged on user double clicks on the application icon the
| application checks if the user belongs to that special group. If he/she
| does NOT then we need to prompt for
| a windows user login and password that does belong to that group.
Note that this way the "user" pretends he is someone else, but the
application still runs as the initial logon user, using the initials
security token, environment and profile, hope that's clear.
If
| he/she belongs to that special group then to need to prompt for login
| and password. It's just a convenience so the user does NOT need to log
| off and log back in as that user. The application does NOT care about
| any environment or profile information.
| As for the LogonUser, my understanding is that there is some security
| issue with Windows 2000 and I don't want to enforce any policy changes
| on the user's machine.
|
True, W2K needs TCB privileges in order to call LogonUser. An other option
is to use DirectoryServices, something like this may do.
....
try
{
using(DirectoryEntry AD = new
DirectoryEntry("WinNT://sixfour,computer", "administrator", "keviin",
AuthenticationTypes.Secure))
{
object no = AD.Guid;
}
}
catch (Exception ex)
{
int hr = Marshal.GetHRForException(ex);
if(hr == -2147023570) //0x8007052E
Console.WriteLine("Logon failure");
}
Willy.
Another question I was dealing with elsewhere just had an example .. http://www.experts-exchange.com/Prog..._21824079.html
Cheers,
Greg Young
MVP - C#
"Nick" <ko******@yahoo.com> wrote in message
news:11*********************@v46g2000cwv.googlegro ups.com... I appreciate everyone's input but I still have to do it. (Per
management). Could someone show me how to do it?
Thanks in Advance This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Bob Everland |
last post by:
I have an application that is ISAPI and the only way to
secure it is through NT permissions. I need to have a way
to login to windows authentication so that when I get to
the ISAPI application no...
|
by: sherkozmo |
last post by:
I have my SQL 7.0 server set for Mixed security. I see now (finally)
the advantages of having windows authentication security for windows
groups.
I do most of my developing in Access Projects...
|
by: Dave |
last post by:
Hi,
Is there anyway to mimic forms authentication's loginUrl
and RedirectFromLoginPage functionality using Windows
authentication?
We are developing intranet sites using basic
authentication...
|
by: Wade Wegner |
last post by:
Hello,
I have been desperately trying to programmatically authenticate a windows
user, create their credentials, and then redirect them to a different server
while passing the credentials at the...
|
by: Andrew |
last post by:
Hey all,
I would like to preface my question by stating I am still learning ASP.net
and while I am confident in the basics and foundation, the more advanced
stuff is still a challenge. Ok....
|
by: Kevin Yu |
last post by:
is it possible to for user to click a logout button to logout and when the
user want to get into the system again, the user have to login again?
Kevin
|
by: serge calderara |
last post by:
Dear all,
I clearly underdand the advantage of both type of authentification but is it
allowed or possible to set the Authentication mode to Windows and then handle
a login form for defined...
|
by: Keith H |
last post by:
I'm looking for a way to force the user to re-authenticate with their Windows
username/password/domain after clicking the submit button on an ASP.NET page.
This is for an internal application.
...
|
by: Evan Camilleri |
last post by:
I have a problem for a Windows Service to login on an SQL server (different
machine) - neither Windows Authentication nor SQL Authentication worked.
LOGIN FAILED FOR USER sa (for example).
If...
|
by: =?Utf-8?B?UGFyYWcgR2Fpa3dhZA==?= |
last post by:
Hi All,
We have a requirement where we have to develop a custom Login Page which
will accept user's NT credentials ( Username , password, domain name).
This then needs to be passed to a website...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
