"ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
news:eREVPUToGHA.1204@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> I have to develop an application that will consist of a service and a
> windows forms application... the service could be on a distant server but
I
> need to authenticate the user as being part of the same domain. so when
the
> application starts, I can send something to the remote service and query
for
> some objects and the service can give me the objects if I'm the right user
> (part of the right group). I don't want to send username and password nor
> password hash over the network so if there is a better way (just like SQL
> server does or many other apps), I would like to know it (maybe if you
have
> a link)
>
> Thanks
>
> ThunderMusic
>
>

"ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
news:eREVPUToGHA.1204@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> I have to develop an application that will consist of a service and a
> windows forms application... the service could be on a distant server but
> I need to authenticate the user as being part of the same domain. so when
> the application starts, I can send something to the remote service and
> query for some objects and the service can give me the objects if I'm the
> right user (part of the right group). I don't want to send username and
> password nor password hash over the network so if there is a better way
> (just like SQL server does or many other apps), I would like to know it
> (maybe if you have a link)
>
> Thanks
>
> ThunderMusic
>

"ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
news:eREVPUToGHA.1204@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> I have to develop an application that will consist of a service and a
> windows forms application... the service could be on a distant server but
> I need to authenticate the user as being part of the same domain. so when
> the application starts, I can send something to the remote service and
> query for some objects and the service can give me the objects if I'm the
> right user (part of the right group). I don't want to send username and
> password nor password hash over the network so if there is a better way
> (just like SQL server does or many other apps), I would like to know it
> (maybe if you have a link)
>
> Thanks
>
> ThunderMusic
>

"ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
news:uhQRdjToGHA.4176@TK2MSFTNGP05.phx.gbl...
> Ok, I found the WindowsPrincipal class, and it's serializable. Does an
> instance of this class guaranty the user is logged on a computer and has
> been authenticated or is there a way to query the domain server if the
> user is a rightful user? I mean, I must be sure the user making the
> request (or query) is who he claims to be and is logged on the domain. My
> app does not allow impersonnation, but I don't want anybody trying to
> impersonnate someone on my network and claim being, let's say, the
> president of the company and start making anything he wants with the
> remote objects... you know what I mean? I need a way to secure things so
> only an authenticated user or a user I can authenticate can have access to
> the objects the service is providing. And I definitly need to know the
> domain groups this user belongs to...
>
> Thanks
>
> ThunderMusic
>
> "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
> news:eREVPUToGHA.1204@TK2MSFTNGP04.phx.gbl...
>> Hi,
>>
>> I have to develop an application that will consist of a service and a
>> windows forms application... the service could be on a distant server
>> but I need to authenticate the user as being part of the same domain. so
>> when the application starts, I can send something to the remote service
>> and query for some objects and the service can give me the objects if I'm
>> the right user (part of the right group). I don't want to send username
>> and password nor password hash over the network so if there is a better
>> way (just like SQL server does or many other apps), I would like to know
>> it (maybe if you have a link)
>>
>> Thanks
>>
>> ThunderMusic
>>
>
>

> ThunderMusic,
>
> Unfortunately, no, it does not allow that. All it is is a
> representation of a user. Anyone could theoretically make one and send it
> to you. It doesn't tell you if it is logged on or not.
>
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> - mvp@spam.guard.caspershouse.com
>
> "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
> news:uhQRdjToGHA.4176@TK2MSFTNGP05.phx.gbl...
>> Ok, I found the WindowsPrincipal class, and it's serializable. Does an
>> instance of this class guaranty the user is logged on a computer and has
>> been authenticated or is there a way to query the domain server if the
>> user is a rightful user? I mean, I must be sure the user making the
>> request (or query) is who he claims to be and is logged on the domain. My
>> app does not allow impersonnation, but I don't want anybody trying to
>> impersonnate someone on my network and claim being, let's say, the
>> president of the company and start making anything he wants with the
>> remote objects... you know what I mean? I need a way to secure things
>> so only an authenticated user or a user I can authenticate can have
>> access to the objects the service is providing. And I definitly need to
>> know the domain groups this user belongs to...
>>
>> Thanks
>>
>> ThunderMusic
>>
>> "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
>> news:eREVPUToGHA.1204@TK2MSFTNGP04.phx.gbl...
>>> Hi,
>>>
>>> I have to develop an application that will consist of a service and a
>>> windows forms application... the service could be on a distant server
>>> but I need to authenticate the user as being part of the same domain. so
>>> when the application starts, I can send something to the remote service
>>> and query for some objects and the service can give me the objects if
>>> I'm the right user (part of the right group). I don't want to send
>>> username and password nor password hash over the network so if there is
>>> a better way (just like SQL server does or many other apps), I would
>>> like to know it (maybe if you have a link)
>>>
>>> Thanks
>>>
>>> ThunderMusic
>>>
>>
>>
>
>

"ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
news:OAuk53ToGHA.4784@TK2MSFTNGP04.phx.gbl...
> ok, so is there a way I can get the token Windows send us when we log on
> and send it to my service so the service can verify with the domain server
> if this token is valid?
>
> thanks
>
> ThunderMusic
>
> "Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com> wrote
> in message news:OPBgFlToGHA.1244@TK2MSFTNGP05.phx.gbl...
>> ThunderMusic,
>>
>> Unfortunately, no, it does not allow that. All it is is a
>> representation of a user. Anyone could theoretically make one and send
>> it to you. It doesn't tell you if it is logged on or not.
>>
>>
>> --
>> - Nicholas Paldino [.NET/C# MVP]
>> - mvp@spam.guard.caspershouse.com
>>
>> "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
>> news:uhQRdjToGHA.4176@TK2MSFTNGP05.phx.gbl...
>>> Ok, I found the WindowsPrincipal class, and it's serializable. Does an
>>> instance of this class guaranty the user is logged on a computer and has
>>> been authenticated or is there a way to query the domain server if the
>>> user is a rightful user? I mean, I must be sure the user making the
>>> request (or query) is who he claims to be and is logged on the domain.
>>> My app does not allow impersonnation, but I don't want anybody trying to
>>> impersonnate someone on my network and claim being, let's say, the
>>> president of the company and start making anything he wants with the
>>> remote objects... you know what I mean? I need a way to secure things
>>> so only an authenticated user or a user I can authenticate can have
>>> access to the objects the service is providing. And I definitly need to
>>> know the domain groups this user belongs to...
>>>
>>> Thanks
>>>
>>> ThunderMusic
>>>
>>> "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
>>> news:eREVPUToGHA.1204@TK2MSFTNGP04.phx.gbl...
>>>> Hi,
>>>>
>>>> I have to develop an application that will consist of a service and a
>>>> windows forms application... the service could be on a distant server
>>>> but I need to authenticate the user as being part of the same domain.
>>>> so when the application starts, I can send something to the remote
>>>> service and query for some objects and the service can give me the
>>>> objects if I'm the right user (part of the right group). I don't want
>>>> to send username and password nor password hash over the network so if
>>>> there is a better way (just like SQL server does or many other apps), I
>>>> would like to know it (maybe if you have a link)
>>>>
>>>> Thanks
>>>>
>>>> ThunderMusic
>>>>
>>>
>>>
>>
>>
>
>

"ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
news:O1t%23y6ToGHA.4616@TK2MSFTNGP05.phx.gbl...
> ok, I answered a part of my question :
> System.Security.Principal.WindowsIdentity.GetCurrent().Token.... So now
> is there a way I can deal with this in my service? can I sen the Windows
> Identity instance over remoting?
>
> thanks
>
> ThunderMusic
>
> "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
> news:OAuk53ToGHA.4784@TK2MSFTNGP04.phx.gbl...
>> ok, so is there a way I can get the token Windows send us when we log on
>> and send it to my service so the service can verify with the domain
>> server if this token is valid?
>>
>> thanks
>>
>> ThunderMusic
>>
>> "Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard.caspershouse.com> wrote
>> in message news:OPBgFlToGHA.1244@TK2MSFTNGP05.phx.gbl...
>>> ThunderMusic,
>>>
>>> Unfortunately, no, it does not allow that. All it is is a
>>> representation of a user. Anyone could theoretically make one and send
>>> it to you. It doesn't tell you if it is logged on or not.
>>>
>>>
>>> --
>>> - Nicholas Paldino [.NET/C# MVP]
>>> - mvp@spam.guard.caspershouse.com
>>>
>>> "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
>>> news:uhQRdjToGHA.4176@TK2MSFTNGP05.phx.gbl...
>>>> Ok, I found the WindowsPrincipal class, and it's serializable. Does an
>>>> instance of this class guaranty the user is logged on a computer and
>>>> has been authenticated or is there a way to query the domain server if
>>>> the user is a rightful user? I mean, I must be sure the user making the
>>>> request (or query) is who he claims to be and is logged on the domain.
>>>> My app does not allow impersonnation, but I don't want anybody trying
>>>> to impersonnate someone on my network and claim being, let's say, the
>>>> president of the company and start making anything he wants with the
>>>> remote objects... you know what I mean? I need a way to secure things
>>>> so only an authenticated user or a user I can authenticate can have
>>>> access to the objects the service is providing. And I definitly need to
>>>> know the domain groups this user belongs to...
>>>>
>>>> Thanks
>>>>
>>>> ThunderMusic
>>>>
>>>> "ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in
>>>> message news:eREVPUToGHA.1204@TK2MSFTNGP04.phx.gbl...
>>>>> Hi,
>>>>>
>>>>> I have to develop an application that will consist of a service and a
>>>>> windows forms application... the service could be on a distant server
>>>>> but I need to authenticate the user as being part of the same domain.
>>>>> so when the application starts, I can send something to the remote
>>>>> service and query for some objects and the service can give me the
>>>>> objects if I'm the right user (part of the right group). I don't want
>>>>> to send username and password nor password hash over the network so if
>>>>> there is a better way (just like SQL server does or many other apps),
>>>>> I would like to know it (maybe if you have a link)
>>>>>
>>>>> Thanks
>>>>>
>>>>> ThunderMusic
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

"ThunderMusic" <NoSpAmdanlatathotmaildotcom@NoSpAm.com> wrote in message
news:eREVPUToGHA.1204@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> I have to develop an application that will consist of a service and a
> windows forms application... the service could be on a distant server but
> I need to authenticate the user as being part of the same domain. so when
> the application starts, I can send something to the remote service and
> query for some objects and the service can give me the objects if I'm the
> right user (part of the right group). I don't want to send username and
> password nor password hash over the network so if there is a better way
> (just like SQL server does or many other apps), I would like to know it
> (maybe if you have a link)
>
> Thanks
>
> ThunderMusic
>

ThunderMusic wrote:

> Hi,
>
> I have to develop an application that will consist of a service and a
> windows forms application... the service could be on a distant server but
> I need to authenticate the user as being part of the same domain. so when
> the application starts, I can send something to the remote service and
> query for some objects and the service can give me the objects if I'm the
> right user (part of the right group). I don't want to send username and
> password nor password hash over the network so if there is a better way
> (just like SQL server does or many other apps), I would like to know it
> (maybe if you have a link)
>
> Thanks
>
> ThunderMusic