We are using a software package that requires a username and password. We want to write a routine that would read the users network user name variable on the system and look up the user name and password for the package and login them in automatically.
Any thoughts?
Hi Dhessevick,
If you want to implement automatic authentication in a Windows environment, you might have a Windows NT Authentication option available (I say "might" because this is a Microsoft thing, so if you're working with non Microsoft products like MySQL, Java etc. it makes it more difficult).
One example of this is a SQL Server database with a Microsoft Access face application. You can give Windows user accounts database permissions in the SQL Server database, then tell the Access application to use "Windows NT Authentication" to connect to it. If the logged in user isn't authorised in the SQL Server DB, the connection will be refused.
A more universal, but more complicated option would be to use a "token" in the form of a text file only the user has permission to access. This could be automatically created and replaced at login. The token can just be a text file in a folder like "%userprofile%\Application Data\YourApplicationName\" (%userprofile% by the way is a Windows environment variable. I you type it into the run box, it'll open the logged in user's profile folder).
I would include username (which can be obtained using WMI as mentioned before) and the time/date, then encrypt it with a master key for your application. The master key would ideally be changed regularly for maximum security. I would incldue date/time so that you could have the tokens expire after say an hour, a day, a week... depends on how secure you want it. Then when the user starts your application, it opens the token, decrypts it using your master key, checks it hasn't expired and logs the user in.
There are alot of "depends" answers to your question and some security issues related to the answers to the "depends" questions, but hopefully that gives you some ideas.
Post again if you want clarification on how to do any of the things I mentioned or if anyone wants code examples.
Chris Fry
Canberra, Australia