Hi,
I am working on a Windows form application (C#.Net 2.0) and have found
out that it needs to be able to do the following:
Have the application start in Administrative mode the first time it is run
after installation.
Make the administrator to alter the admin password.
Allow the administrator to create new users with or without admin access
After the first time it is run, require logon
Maintain its own list of username/passwords, not one associated with Windows.
I have never dealt with security except in a web environment where all the
username/password type information was stored on the server. Everything I can
think of to store username/password on the local system seems vulnerable
someone local breaking into it. Can anyone point in the right direction for
how to set something like this up?
Thanks!
Ethan
5  2839 
On Jul 16, 12:06*pm, Ethan Strauss
<EthanStra...@discussions.microsoft.comwrote:
Hi,
* *I am working on a Windows form application (C#.Net 2.0) and have found
out that it needs to be able to do the following:
Have the application start in Administrative mode the first time it is run
after installation.
Make the administrator to alter the admin password.
Allow the administrator to create new users with or without admin access
After the first time it is run, require logon
Maintain its own list of username/passwords, not one associated with Windows.
I have never dealt with security except in a web environment where all the
username/password type information was stored on the server. Everything Ican
think of to store username/password on the local system seems vulnerable
someone local breaking into it. Can anyone point in the right direction for
how to set something like this up?
Thanks!
Ethan
What is your question about?
how to store the login/password or how to run it as admin the first
time?
Because first of all, you do not REALLY need to be an adminsitrator to
setup the users , heck you could even do this in the setup probably.
Regarding how to save the values, you can use a table in the DB or
even as simple as a XML text. you can encrypt the password and store
the encrupted data.
What I really need to know is how to store the username/passwords.
I can set up everything else.
If I store it as an encrypted XML file, won't the encryption key need to be
in the code somewhere and thus, at least theoretically, be accessible?
Thanks!
Ethan
"Ignacio Machin ( .NET/ C# MVP )" wrote:
On Jul 16, 12:06 pm, Ethan Strauss
<EthanStra...@discussions.microsoft.comwrote:
Hi,
I am working on a Windows form application (C#.Net 2.0) and have found
out that it needs to be able to do the following:
Have the application start in Administrative mode the first time it is run
after installation.
Make the administrator to alter the admin password.
Allow the administrator to create new users with or without admin access
After the first time it is run, require logon
Maintain its own list of username/passwords, not one associated with Windows.
I have never dealt with security except in a web environment where all the
username/password type information was stored on the server. Everything I can
think of to store username/password on the local system seems vulnerable
someone local breaking into it. Can anyone point in the right direction for
how to set something like this up?
Thanks!
Ethan
What is your question about?
how to store the login/password or how to run it as admin the first
time?
Because first of all, you do not REALLY need to be an adminsitrator to
setup the users , heck you could even do this in the setup probably.
Regarding how to save the values, you can use a table in the DB or
even as simple as a XML text. you can encrypt the password and store
the encrupted data.
"Ethan Strauss" <Et**********@discussions.microsoft.comwrote in message
news:70**********************************@microsof t.com...
Hi,
I am working on a Windows form application (C#.Net 2.0) and have found
out that it needs to be able to do the following:
Have the application start in Administrative mode the first time it is run
after installation.
Make the administrator to alter the admin password.
Allow the administrator to create new users with or without admin access
After the first time it is run, require logon
Maintain its own list of username/passwords, not one associated with
Windows.
The requirements above there are rediculous. You can only do so much.
>
I have never dealt with security except in a web environment where all the
username/password type information was stored on the server. Everything I
can
think of to store username/password on the local system seems vulnerable
someone local breaking into it. Can anyone point in the right direction
for
how to set something like this up?
Use .Net Role based security, keep roles, user-id and encrypted password in
an Access database table. All of the how-to(s) on how to do it is out there
on Google or Dogpile.com
Just a thought: You could store a SHA encryption of the username and password
in a file, and just compare these whenever the administrator attempts to log
in.
SHA encryption is just one I have worked with before. There are others, but
at least it gives you something to google.
"Ethan Strauss" wrote:
Hi,
I am working on a Windows form application (C#.Net 2.0) and have found
out that it needs to be able to do the following:
Have the application start in Administrative mode the first time it is run
after installation.
Make the administrator to alter the admin password.
Allow the administrator to create new users with or without admin access
After the first time it is run, require logon
Maintain its own list of username/passwords, not one associated with Windows.
I have never dealt with security except in a web environment where all the
username/password type information was stored on the server. Everything I can
think of to store username/password on the local system seems vulnerable
someone local breaking into it. Can anyone point in the right direction for
how to set something like this up?
Thanks!
Ethan
On Jul 16, 3:11*pm, Ethan Strauss
<EthanStra...@discussions.microsoft.comwrote:
What I really need to know is how to store the username/passwords.
I can set up everything else.
If I store it as an encrypted XML file, won't the encryption key need to be
in the code somewhere and thus, at least theoretically, be accessible?
no really, you do not store the password, you stored a hashed
representation of it. The drawback is that you cannot go back, meaning
getting the password from the value stoerd in the file. but this in
general is not a problem. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Empire City |
last post by:
I saw the following requirement somewhere:
"....using WinForms and the screens should be described in XML. The XML is
to prescribe both the layout as well as the connectivity to the underlying...
|
by: John Boghossian |
last post by:
I know this isn´t spot on for this group, but the problem relates to an
asp.net project i am working on.
I am trying to develop an windows forms control to be used in IE in an
intranet solution....
|
by: Richard |
last post by:
I know there is a bit of discussion already about this subject, but I'd like
to hear any thoughts about which might be a better way to go.
I'm developing an app (actually converting an Access...
|
by: Segfahlt |
last post by:
I need a little help here please.
I have 2 win forms user controls in 2 different projects that I'm hosting in
2 different virtual directories. The controls have been test and operate okay
in...
|
by: 3Cooks |
last post by:
I have a windows application written in Visual Basic 6.0 that is going
to be redeveloped in dotNET. We are trying to decide if we should
deploy using Webforms or Winforms and I need advice from...
|
by: deko |
last post by:
When to use a privileged user thread rather than a windows service?
That's the question raised in a previous post . It was suggested that if the service needs to interact
with a WinForms app...
|
by: google |
last post by:
OK, I know how to encrypt and decrypt data, but here's the deal:
I have a large Winforms .NET 2.0 application which is currently storing
the connection string in the app.config file unencrypted...
|
by: brian.wilson4 |
last post by:
Our group is currently comparing winforms vs webforms.....app is Corp
LAN based - we have control of desktops.....Below is pros and cons list
we have come up with - if anything strikes you as...
|
by: Jules Winfield |
last post by:
Guys,
I've been designing applications for the financial services industry using
MSFT technologies for many years (Win32 API, MFC, and now .NET WinForms).
All applications are Internet-based,...
|
by: raylopez99 |
last post by:
Took a look at a demo of font dialog for WPF, and it looks
complicated. You could do the same thing in C# 3 WinForms 2.0 in about
one-half to one-fourth the code.
So I wonder, for you that have...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
