How to verify if a user has been authenticated

If the user is logged on, isn't that verification enough?

If an authenticated user is issued a unique token, then we want to pass that token to our application, the application will then send the token to Active Directory for verification and if this is successful, application will be launched.

So what I need to know is if :

1) AD issues some kind of a unique token to an authenticated user
2) Can this token be retrieved via C#
3) Is there exists a web service or some other mechanism, that we could send this token to for verification?

Thanks,

If I understand correctly, you want make the launch of the GUI of your application dependent on the authentication status of the user?!

How about an NTLM authentication with InitializeSecurityContext
on localhost?
This is how it generally works:
http://davenport.sourceforge.net/ntlm.html
And here's a reference to the method.
http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx

However, since the tokens are generated as you do the authentication,
you may want to store a challenge token locally, then generate the response token from the stored challenge token.
That way you'll always get the same response token and can use values from
it for that for some kind of encryption.

It's been a long time since I did something similar, but let me try to sum up:

1: don't know about AD, but within the NTLM authentication process you'll get a challenge token - you could store this challenge token locally and reuse it,
if you need the response token to be the same every time
2: yes - you'd need to do the NTLM stuff with C++ as it's Win32, but if you do it with managed C++, you can then use the DLL from C#.
3: yeah, the securitycontext.

I personally never worked with
http://msdn.microsoft.com/en-us/libr...8VS.71%29.aspx
Maybe that does what you want without having to switch language.

Why dont you authenticate user directly against Active Directory while launching ur application using some Login window. I have done similar kind of stuff for one website. I m posting one link...might help u.


http://msdn.microsoft.com/en-us/library/ms180890.aspx

Wait if this was a website you can just add to your web.config that a section of the website requires a valid windows login.

Something like:

The issue is that we don't want to supply the password again to re-authenticate the user.

If an authenticated user is issued a unique token, then we want to pass that token to our application, the application will then send the token to Active Directory for verification and if this is successful, application will be launched.

So what I need to know is if :

1) AD issues some kind of a unique token to an authenticated user
2) Can this token be retrieved via C#
3) Is there exists a web service or some other mechanism, that we could send this token to for verification?

Thanks,

Ok well is this a windows application or a web aplication.

For webapplications, what i listed will NOT throw a popup login box if the user accessing the webpage is:
a) Using IE (FF doesn't do it)
b) A valid user on the domain


For windows applications there is the System.Security.Principal.WindowsIdentity.GetCurre nt() method