I'm looking for an idea/solution that works on both Windows 8.1 and Windows 10.
For critical actions in my WPF application I want the user to explicitly authenticate again against the operating system. On the web exist many custom solutions like NuGet packages that look like a Windows prompt that asks the user for the password. Like the one that shows up, if you try to access network shares you are not authenticated for.
I do not want to use those custom solutions, I want to use those provided by operating system, if any.
In detail I'm looking for something like that:
WindowsIdentity identity = WindowsIdentity.GetCurrent();
bool authenticated = [WindowsAPI].Authenticate(identity);
if(authenticated)
{
//do critical action
}
Does such a WindowsAPI exist?
EDIT: The WindowsAPI should have an own UI and, in best case, validates the credentials and does not store any.
bool authenticated = [WindowsAPI].Authenticate(identity);
Should it ask user to enter the login and password one more time?
You can try to use Windows API LogonUser. However it does not supply UI to collect user name and password. You can try to create a dialog form with two textboxes by your own.
There is IPublicClientApplication and AcquireToken* methods. Please check the AcquireTokenByIntegratedWindowsAuth.
However it works with AzureAD to get the token so I'm not sure does it fit to your requirements.
The overall answer is: No, there does not exist a Windows API that includes an own UI and additionally validates the entered credentials.
In short, I used CredUIPromptForWindowsCredentials that pops up a configurable operation system dialog to enter credentials, CredUnPackAuthenticationBuffer to unpack credentials and LogonUser to verify the unpacked credentials. At the end clear the memory allocated by CredUIPromptForWindowsCredentials using CoTaskMemFree.
MS Docs:
CredUIPromptForWindowsCredentials
CredUnPackAuthenticationBuffer
LogonUser
CoTaskMemFree
P/Invoke Docs:
CredUIPromptForWindowsCredentials
CredUnPackAuthenticationBuffer
LogonUser
CoTaskMemFree
Related
I have searched all over for an answer to this, and not found anything that seems to answer my question. Which feels like it should be an easy one (but clearly isn't).
I have an API which authenticates using a token. This token I generate from my application - more specifically, I have a new Token Generation web call that will return a token. Currently, I pass in a cookie with the user and password information, and it uses this to identify who I am and what I should be allowed to do. This is all working absolutely fine and hunky-dory.
I am achieving this process by making the Token Generation use OWIN Cookie Authentication, which means that the cookie is read and the Identity is set. I am then able to use this identity to confirm whether the user is allowed to access the system.
What I now want to do is replace this Cookie Authentication process by authenticating against a Windows User (everything is windows based, and this will be an option so non-windows users can still use the cookie authentication route). But I cannot discover how to straightforwardly do this.
Note that I don't actually need to validate that the user is genuine or refer back to the AD at all. If you provide a windows user that matches a user in the system, you can log in.
So how can I - easily - get the requesting user into the Identity Name? Or is this not possible?
If you are looking for information on the current user accessing your program, assuming the program is running on the user's machine and is windows based, you can simply query windows for the user's username or any other publicly available information about the user.
Refer to https://learn.microsoft.com/en-us/dotnet/api/system.environment?view=netframework-4.8 for information on the Enviroment class and what it's features are.
If you could provide some code or further clarity I could help you further.
How can I prompt a user for credentials and obtain its WindowsIdentity (or something like it)?
I assume I need to use CredUIPromptForWindowsCredentials from Credui.dll but I found this wrapper in C#: CredentialUI that only uses username and password while I need to support any method available (username/password, smart card, bio-metric and etc.)
I'm pretty sure that it can be done, because of the following:
The CredUIPromptForWindowsCredentials function creates and displays a configurable dialog box that allows users to supply credential information by using any credential provider installed on the local computer.
From CredUIPromptForWindowsCredentials.
So should I use CredUIPromptForWindowsCredentials or not? If not, then what else? if I should, How?
EDIT:
This is not a duplicate of Impersonate with username and password?, because my question regards to any method of authentication, especially not username/password based authentication, whereas the other question explicitly refers to username/password authentication only.
I have a WPF application that will work offline with local data. On app start I need the user to re-enter their Windows credentials to verify that they are in fact the correct Windows user.
Is there a .NET method to make the user re-login when the app starts?
Or do I need to create a login page and logic and compare against the current user like this?
Seems like a technology solution to a behavior problem, but, you want to look at the CredUIPromptForCredentials API and the LogonUser API to prompt and create the token.
I am working on application which needs to be authenticated in different domain. To authenticate a user I have to capture his/her credentials send to server side and enter them into LsaUserLogon() function to impersonate user.
My fear here is, what I don't want take responsibility for Pop up my own dialog, /cript/encript information for transmittion. I am looking for different approach which removes all responsibility for me to capture user passwords. Only fact here, what I need this credentials on my server machine, to impersonate user. Any tips and suggestions?
( Windows, .NET )
Thanks!
Windows has native API to assist in this case (which helps you launch an IE style dialog to prompt for user name and password).
You can invoke it in .NET,
http://www.microsoft.com/indonesia/msdn/credmgmt.aspx
Anyone heard that it's possible to login to Windows xp programmatically,
I want to modify the way the Domain Controller authenticates the user and if the user authenticated in my special way it returns the user name and password to the service working on the client machine so it should login the user using its passed credentials from the DC without waiting for user to insert his original credentials.
Have a look at this: Gina.dll MSDN
Gina is the system that fingerprint readers etc. use to customise the login screen. You may be able to use this to achieve your purpose?
To future proof your app (Vista and Windows 7) you may wish to look into these: MSDN Mag Vista Credential Providers