|
|
You're in the
dotnet security
group:Authenticating NT Credentials in C#
dotnet security:
I must be missing something since this seems like a common task, but I can't
find any .NET samples of, if given an NT domain/username and password, to validate that the username and password are correct. LogonUser won't work since the code needs to run on Windows 2000 without admin priviledges. I would think there to be a .NET class for this purpose, but the only thing I've found is the SSPI example here http://support.microsoft.com/?id=180548
The only examples I am able to see that use that class involve writing a
server as well and validating the client against that server. I'm interested in validating against the NT domain - not my own server. [quoted text, click to view] "Joe Kaplan" wrote:
> There is a wrapper in .NET 2.0 for SSPI-authenticated streams called > NegotiateStream. You might want to look around for some implementations > that demonstrate how to use it for that purpose. > > Joe K. > > -- > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services Programming" > http://www.directoryprogramming.net > -- > "Matthew Wieder" <MatthewWieder@discussions.microsoft.com> wrote in message > news:DE970525-1EB3-4923-A6E1-C04770B86840@microsoft.com... > >I must be missing something since this seems like a common task, but I > >can't > > find any .NET samples of, if given an NT domain/username and password, to > > validate that the username and password are correct. LogonUser won't work > > since the code needs to run on Windows 2000 without admin priviledges. I > > would think there to be a .NET class for this purpose, but the only thing > > I've found is the SSPI example here > > http://support.microsoft.com/?id=180548 > > using C++. > >
There is a wrapper in .NET 2.0 for SSPI-authenticated streams called
NegotiateStream. You might want to look around for some implementations that demonstrate how to use it for that purpose. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "Matthew Wieder" <MatthewWieder@discussions.microsoft.com> wrote in message news:DE970525-1EB3-4923-A6E1-C04770B86840@microsoft.com... >I must be missing something since this seems like a common task, but I >can't > find any .NET samples of, if given an NT domain/username and password, to > validate that the username and password are correct. LogonUser won't work > since the code needs to run on Windows 2000 without admin priviledges. I > would think there to be a .NET class for this purpose, but the only thing > I've found is the SSPI example here > http://support.microsoft.com/?id=180548 > using C++.
I'm not sure how you are supposed to deal with that. If you could connect
to an existing RPC server endpoint that supports SSPI auth (most of them in Windows), then you could probably get by with just the client. However, I'm not sure what you are supposed to do there to be honest. Perhaps looking at one of the C++ samples might give you a clue as to how to go about doing that. Another option would be to use LDAP to do the authentication and use the ability of MS LDAP to do SSPI for authentication. You would need to be able to find an LDAP server to connect to, but that can usually be located via DNS/DC locator service if you have the domain name to use. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "Matthew Wieder" <MatthewWieder@discussions.microsoft.com> wrote in message news:26F3D7BE-497C-4454-9746-60FDCF7E23A1@microsoft.com... > The only examples I am able to see that use that class involve writing a > server as well and validating the client against that server. I'm > interested > in validating against the NT domain - not my own server. > > "Joe Kaplan" wrote: > >> There is a wrapper in .NET 2.0 for SSPI-authenticated streams called >> NegotiateStream. You might want to look around for some implementations >> that demonstrate how to use it for that purpose. >> >> Joe K. >> >> -- >> Joe Kaplan-MS MVP Directory Services Programming >> Co-author of "The .NET Developer's Guide to Directory Services >> Programming" >> http://www.directoryprogramming.net >> -- >> "Matthew Wieder" <MatthewWieder@discussions.microsoft.com> wrote in >> message >> news:DE970525-1EB3-4923-A6E1-C04770B86840@microsoft.com... >> >I must be missing something since this seems like a common task, but I >> >can't >> > find any .NET samples of, if given an NT domain/username and password, >> > to >> > validate that the username and password are correct. LogonUser won't >> > work >> > since the code needs to run on Windows 2000 without admin priviledges. >> > I >> > would think there to be a .NET class for this purpose, but the only >> > thing >> > I've found is the SSPI example here >> > http://support.microsoft.com/?id=180548 >> > using C++. >> >> >>
Maybe your doing something different, but the user is already logged on -
corrent? If so, just check the .IsAuthenticated is true on the WindowsIdentity object for the current session. That way you don't have to get in the biz of passwords, etc. -- William Stacey [C# MVP] Crypt your script www.powerlocker.com [quoted text, click to view] "Matthew Wieder" <MatthewWieder@discussions.microsoft.com> wrote in message |I must be missing something since this seems like a common task, but I news:DE970525-1EB3-4923-A6E1-C04770B86840@microsoft.com... can't | find any .NET samples of, if given an NT domain/username and password, to | validate that the username and password are correct. LogonUser won't work | since the code needs to run on Windows 2000 without admin priviledges. I | would think there to be a .NET class for this purpose, but the only thing | I've found is the SSPI example here http://support.microsoft.com/?id=180548 | using C++.
try this
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToGetATokenForAUser.html ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) [quoted text, click to view] > I must be missing something since this seems like a common task, but I > can't find any .NET samples of, if given an NT domain/username and > password, to validate that the username and password are correct. > LogonUser won't work since the code needs to run on Windows 2000 > without admin priviledges. I would think there to be a .NET class for > this purpose, but the only thing I've found is the SSPI example here > http://support.microsoft.com/?id=180548 using C++. >
Just stumbled across the link (as per prev post) having read this thread
earlier today: http://www.pluralsight.com/samplecontent/sspi_auth.cpp [quoted text, click to view] "Dominick Baier" wrote:
> try this > > http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToGetATokenForAUser.html > > ----- > Dominick Baier (http://www.leastprivilege.com) > > Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) > > > I must be missing something since this seems like a common task, but I > > can't find any .NET samples of, if given an NT domain/username and > > password, to validate that the username and password are correct. > > LogonUser won't work since the code needs to run on Windows 2000 > > without admin priviledges. I would think there to be a .NET class for > > this purpose, but the only thing I've found is the SSPI example here > > http://support.microsoft.com/?id=180548 using C++. > > > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |