Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Authentication question

Reply
Thread Tools

Authentication question

 
 
Nikolay Petrov
Guest
Posts: n/a
 
      10-22-2004
Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because I
don't wish store an account for every user in my network at my XP machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA


 
Reply With Quote
 
 
 
 
Ken Tucker [MVP]
Guest
Posts: n/a
 
      10-22-2004
Hi,

You can get the user name from the windowsidentity class.
http://msdn.microsoft.com/library/de...snametopic.asp

http://msdn.microsoft.com/library/de...onprovider.asp

Ken
-----------------------
"Nikolay Petrov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because I
don't wish store an account for every user in my network at my XP machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA



 
Reply With Quote
 
 
 
 
richlm
Guest
Posts: n/a
 
      10-25-2004
Need more information about your infrastructure to provide a sensible
answer. Here are some 'leading' questions to make sure we're on the same
track:
- are you looking for single-sign-on?
- when you are talking windows credentials does that imply AD & domain user
accounts - or is this network a workgroup with just local machine accounts?

Also a couple of pointers/ideas:
- Generally you don't store passwords - you only ever store a hash of the
password. After the hash of the password is verified, the password itself is
discarded.
If you do store passwords this is a BIG security risk.
- Have you considerd ADAM (Active Directory Application Mode) as a possible
alternative to SQL server?
see
http://www.microsoft.com/downloads/d...displaylang=en


 
Reply With Quote
 
MP
Guest
Posts: n/a
 
      10-26-2004
Thank you,
We have no intention of using a single logon to our application. We are
aiming at domain accounts, AD.

So far I can prompt the user to enter a user id, domain name and
password. The I validate these using LogonUser and then
I start our application using the user's information, the application is
started under the user's identity.... like runas will do.

This works fine, but now we have 2 clients, one that uses smart-cards
and the other one that uses a fingerprint reader to authenticate the users
at logon. Is there a standard API I can use? or will I have to write a
custom module for each client?

Thank you!

"richlm" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Need more information about your infrastructure to provide a sensible
> answer. Here are some 'leading' questions to make sure we're on the same
> track:
> - are you looking for single-sign-on?
> - when you are talking windows credentials does that imply AD & domain
> user accounts - or is this network a workgroup with just local machine
> accounts?
>
> Also a couple of pointers/ideas:
> - Generally you don't store passwords - you only ever store a hash of the
> password. After the hash of the password is verified, the password itself
> is discarded.
> If you do store passwords this is a BIG security risk.
> - Have you considerd ADAM (Active Directory Application Mode) as a
> possible alternative to SQL server?
> see
> http://www.microsoft.com/downloads/d...displaylang=en
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Failed Authentication, Status "Unsupported Authentication Algorithm" Rafael Cisco 1 11-26-2004 03:57 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM
ASP.Net Forms authentication with basic authentication popup Brett Porter ASP .Net 2 01-20-2004 02:17 PM
Moving from Baisc Authentication to Forms Authentication raj mandadi ASP .Net 0 12-22-2003 12:16 AM
Forms Authentication, external authentication server, & rerouting to orig. req. URL Andrew Connell ASP .Net 1 10-21-2003 05:41 PM



Advertisments