473,324 Members | 2,581 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Authenticating to a service

GM
Hello,

I need ideas, concepts to realize the following things:

I have a service (vb.net) running on a workstation communicating with a
client application.
The data flow does not need to be encrypted, but it must be validated that
it comes from a specific client.

I want to make sure that the client application authenticates to the service
before sending data.
The client of this service should be a local administrator of the
workstation.

How can this be done in a secure way (communicating with the service and
(windows) authentication without possibility of man in the middle attacks.)
Jun 21 '06 #1
1 1625
Rob
GM,

We have the same type of scenerio. We have the following code in our
service and our remote client application calls the authenticate method
(via interface) to logon to the domain.

Hope this helps.

Cheers,
Rob Panosh
Advanced Software Designs.
---- Sample Code ---

Imports System.Security.Principal
Imports System.Security.Permissions
Imports System.Runtime.InteropServices
Imports System.Environment
Public Class Logon

'''
-----------------------------------------------------------------------------
''' <summary>
''' Authenticate a user against the network's users.
''' </summary>
''' <param name="userName">User name of the user to
authenticate.</param>
''' <param name="password">Password of the user to
authenticate.</param>
''' <param name="domain">The domain that is used to authenticate
users on the network (primary domain controller).</param>
''' <returns>Success if the correct credentials are passed to this
function.</returns>
''' <remarks>
''' </remarks>
''' <history>
''' [dave] 12/9/2004 Created
''' </history>
'''
-----------------------------------------------------------------------------
Public Shared Function Authenticate(ByVal userName As String, ByVal
password As String, ByVal domain As String) As Boolean

Dim tokenHandle As New IntPtr(0)
Try

Const LOGON32_PROVIDER_DEFAULT As Integer = 0
Const LOGON32_LOGON_INTERACTIVE As Integer = 2
tokenHandle = IntPtr.Zero

'Call the LogonUser function to obtain a handle to an
access token.
Dim returnValue As Boolean = LogonUser(userName, domain,
password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
tokenHandle)

If returnValue = False Then

'This function returns the error code that the last
unmanaged function returned.
Dim ret As Integer = Marshal.GetLastWin32Error()
Dim errmsg As String = GetErrorMessage(ret)

Throw New System.Exception(errmsg)

Else

'Create the WindowsIdentity object for the Windows user
account that is
'represented by the tokenHandle token.
Dim newId As New WindowsIdentity(tokenHandle)
Dim userperm As New WindowsPrincipal(newId)

'Verify whether the Windows user has administrative
credentials.
If userperm.IsInRole(WindowsBuiltInRole.Administrator )
Then

Else

End If

End If

'Free the access token.
If Not System.IntPtr.op_Equality(tokenHandle, IntPtr.Zero)
Then
CloseHandle(tokenHandle)
End If

Catch ex As Exception
Throw ex ' MessageBox.Show("Exception occurred. " +
ex.Message)
End Try

End Function
'The LogonUser function tries to log on to the local computer
'by using the specified user name. The function authenticates
'the Windows user with the password provided.
Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal
lpszUsername As [String], _
ByVal lpszDomain As [String], ByVal lpszPassword As [String], _
ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer,
_
ByRef phToken As IntPtr) As Boolean

'The FormatMessage function formats a message string that is passed
as input.
<DllImport("kernel32.dll")> _
Public Shared Function FormatMessage(ByVal dwFlags As Integer,
ByRef lpSource As IntPtr, _
ByVal dwMessageId As Integer, ByVal dwLanguageId As Integer,
ByRef lpBuffer As [String], _
ByVal nSize As Integer, ByRef Arguments As IntPtr) As Integer
End Function

'The CloseHandle function closes the handle to an open object such
as an Access token.
Public Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal
handle As IntPtr) As Boolean

'The GetErrorMessage function formats and then returns an error
message
'that corresponds to the input error code.
Public Shared Function GetErrorMessage(ByVal errorCode As Integer)
As String
Dim FORMAT_MESSAGE_ALLOCATE_BUFFER As Integer = &H100
Dim FORMAT_MESSAGE_IGNORE_INSERTS As Integer = &H200
Dim FORMAT_MESSAGE_FROM_SYSTEM As Integer = &H1000

Dim msgSize As Integer = 255
Dim lpMsgBuf As String
Dim dwFlags As Integer = FORMAT_MESSAGE_ALLOCATE_BUFFER Or
FORMAT_MESSAGE_FROM_SYSTEM Or FORMAT_MESSAGE_IGNORE_INSERTS

Dim lpSource As IntPtr = IntPtr.Zero
Dim lpArguments As IntPtr = IntPtr.Zero
'Call the FormatMessage function to format the message.
Dim returnVal As Integer = FormatMessage(dwFlags, lpSource,
errorCode, 0, lpMsgBuf, _
msgSize, lpArguments)
If returnVal = 0 Then
Throw New Exception("Failed to format message for error
code " + errorCode.ToString() + ". ")
End If
Return lpMsgBuf
End Function
GM wrote:
Hello,

I need ideas, concepts to realize the following things:

I have a service (vb.net) running on a workstation communicating with a
client application.
The data flow does not need to be encrypted, but it must be validated that
it comes from a specific client.

I want to make sure that the client application authenticates to the service
before sending data.
The client of this service should be a local administrator of the
workstation.

How can this be done in a secure way (communicating with the service and
(windows) authentication without possibility of man in the middle attacks.)


Jun 21 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Smitro | last post by:
Hi, I'm looking for a Tutorial about Authenticating using PHP and Linux User Accounts. Can some one point me in the right direction? Smitro
4
by: Adam Clauss | last post by:
I have a C# service (running as Network Service account) that needs to access a fileshare: \\machinename\some\path This file share requires me to login with certain credentials. How can I...
3
by: mrwoopey | last post by:
Hi, I am using the example "Authenticate against the Active Directory by Using Forms Authentication and Visual Basic .NET": http://support.microsoft.com/default.aspx?scid=KB;EN-US;326340 ...
3
by: David | last post by:
Hi, I've had a quick look but cannot find a module that will let me authenticate against Kerberos. There appears to be a krb5 module that hasn't been updated for a long time and I can't find...
1
by: Anbu | last post by:
I'm using VS 2005 (Framework 2.0) to consume a Web Service. This web service is hosted on an Unix Server with Digest authentication mode. How can I autherize the client to access the Web Service?...
0
by: Nandagopal | last post by:
Hi, I am using the example "Authenticate against the Active Directory by Using Forms Authentication and C#": But I am having a problem figuring out the LDAP:// The LDAP:// that I pass looks...
1
by: JohnH | last post by:
Hi, In my application which has two or more threads calling web service or just HttpWebRequest I am seeing some HTTP 400 errors retrun in the response. All the calls are going through the same ISA...
4
by: Nick | last post by:
Hi there, I have a website setup which uses the ASP.net login controls to manage user sessions. I would like to be able to login a user through a webservice situated on the same server. ...
0
by: =?Utf-8?B?R3JlZ2k=?= | last post by:
Hello all, I have problem with WCF service authenticating. Please, take a look at the following code: ProductsServiceClient proxy = new...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.