«

Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because I
don't wish store an account for every user in my network at my XP machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA

Hi,

You can get the user name from the windowsidentity class.
http://msdn.microsoft.com/library/de...snametopic.asp

http://msdn.microsoft.com/library/de...onprovider.asp

Ken
-----------------------
"Nikolay Petrov" <> wrote in message
news:...
Can I authenticate users of my ASP .NET apps, using their windows
credentials, but using a SQL db.
Let me explain a little more.
I have an Windows XP station where i run my ASP .NET apps. I wish users to
authenticate them using their current windows usernames and passwords.
I have stored my users login names and passwords in SQL database, because I
don't wish store an account for every user in my network at my XP machine.
So is it posible to pass windows credential for verification against SQL
database? Or maybe the right question is, can I extract the username and
password as clear text from the passed credentials.
I am not quite shure are there any possibilities.

TIA

Need more information about your infrastructure to provide a sensible
answer. Here are some 'leading' questions to make sure we're on the same
track:
- are you looking for single-sign-on?
- when you are talking windows credentials does that imply AD & domain user
accounts - or is this network a workgroup with just local machine accounts?

Also a couple of pointers/ideas:
- Generally you don't store passwords - you only ever store a hash of the
password. After the hash of the password is verified, the password itself is
discarded.
If you do store passwords this is a BIG security risk.
- Have you considerd ADAM (Active Directory Application Mode) as a possible
alternative to SQL server?
see
http://www.microsoft.com/downloads/d...displaylang=en

Thank you,
We have no intention of using a single logon to our application. We are
aiming at domain accounts, AD.

So far I can prompt the user to enter a user id, domain name and
password. The I validate these using LogonUser and then
I start our application using the user's information, the application is
started under the user's identity.... like runas will do.

This works fine, but now we have 2 clients, one that uses smart-cards
and the other one that uses a fingerprint reader to authenticate the users
at logon. Is there a standard API I can use? or will I have to write a
custom module for each client?

Thank you!

"richlm" <> wrote in message
news:...
> Need more information about your infrastructure to provide a sensible
> answer. Here are some 'leading' questions to make sure we're on the same
> track:
> - are you looking for single-sign-on?
> - when you are talking windows credentials does that imply AD & domain
> user accounts - or is this network a workgroup with just local machine
> accounts?
>
> Also a couple of pointers/ideas:
> - Generally you don't store passwords - you only ever store a hash of the
> password. After the hash of the password is verified, the password itself
> is discarded.
> If you do store passwords this is a BIG security risk.
> - Have you considerd ADAM (Active Directory Application Mode) as a
> possible alternative to SQL server?
> see
> http://www.microsoft.com/downloads/d...displaylang=en
>
>