Modify Windows Logon UI (Credential Provider) using Pgina in c# - c#

I am trying to use Pgina-fork to modify windows logon. Instead of using username and password, I want to login user with a single field authentication that doesn't use a password . I am done with custom plugin modifications and building procedures but am not able to find a way to modify the logon UI. I need to hide the password field and modify other info that is not useful to me. If anyone knows how to do that in the Credential provider source code of Pgina-fork ?

You need to modify pGina Fork source Code for that.
pGina src have a folder named CredentialProvider.. that is what you need
In file credential.cpp
you can use this code
//hide password
m_fields->fields[m_fields->passwordFieldIdx].fieldStatePair.fieldState = CPFS_HIDDEN;
if (m_usageScenario == CPUS_CHANGE_PASSWORD) {
m_fields->fields[CredProv::CPUIFI_NEW_PASSWORD].fieldStatePair.fieldState = CPFS_HIDDEN;
m_fields->fields[CredProv::CPUIFI_CONFIRM_NEW_PASSWORD].fieldStatePair.fieldState = CPFS_HIDDEN;
}
This is the block of code which main pGina provides.

Related

Can I srore email & password on my class code not database for jwt token generate

I want to store my credintial like email and password hardcode on my code, when I create jwt token then I want to use it. Can I do this??
If it possible how to access email and password.
First of all you can use credentials class and some collection of them in memory.
Secondly, you can use database
But: It is in general not recommended to store the user's password anywhere without encryption
Example: User -> Max#gmail.com, Password -> qwerty123 must be stored as: Max#mail.com and pass as awofi12312ASOIFDAOSF#?#?"!£!". No matter where: in memory, in db.
For usage you must also implement decryption in order to check credentials from encrypted value to it's decrypted state (from -> awofi12312ASOIFDAOSF#?#?"!£!" to -> qwerty123)
You can use the settings file to overcome this problem. Go to the Add New Item window and select the settings file. Then it will open a table and put "email" and "password" to identify the references. And also you need to select the data type and if you want to add a default value, you can add that one here too.
So you can read data by this line,
bool dataSaved = savedSetting.Default.dataSaved;
And also you can write data by this code,
savedSetting.Default.dataSaved = true;
savedSetting.Default.Save();

How to save an email/password combination for windows program?

I am creating a windows service that has to send an email out at specific intervals to various people. I am using an account on a server that I need to connect with securely.
I found this reference: https://nimblegecko.com/how-to-store-login-details-securely-in-application-config-file/
the code I was trying to implement is this:
var configuration = ConfigurationManager.OpenExeConfiguration(Assembly.GetExecutingAssembly().Location);
configuration.AppSettings.Settings["username"].Value = EncryptString("new username", configPassword);
configuration.AppSettings.Settings["password"].Value = EncryptString("new password", configPassword);
configuration.Save();
My question is encoding the username and password as fixed text still seems to result in the same exposure as hard-coding it right?
any help would greatly be appreciated?
Uhm... Don't store in AppConfig settings.
If you cannot use a database for that (storing hashed and encrypted strings) get a new file for that, you can even protect it to allow only the service user account to read/modify it, or store it on the service profile directory (its user account profile directory)
I would do it using an ini file structure more easy to read than an xml, where each line contains something like
var mergedCredential = string.Format("{0}|{1}", "user#here.com" , "P#ssw0rd");
User1HashedCredentials=EncryptString("new username", mergedCredential);
I used a pipe to "merge" the credential as you can prevent users to use it on username
When you decrypt you split by "|"
var credentials = DecryptString("new username", User1HashedCredentials);
var splitted = credentials.Split('|');
Username = splitted[0]
Password = splitted[1]
An example of ini file:
[Users]
Count=5
[SendEmailSection]
User1=dsaa$#asdasd$##rr==
User2=dggggjh7/sd$##rr==
User3=dsaasd"/$%asdasd$##rr==
User4=dsas/&"dasd$##rr==
User5=dsAa&s3dasd$##rr==
Which is easier to mantain and modify. You can even make your own specialized ini reader/writer Read sections, split by "="
I do not suggest to store credential in app.config file. if you are planned to store there then you should store with proper encryption and decryption.
for you info you can refer this link
But I would suggest you to use window credential manager to store your password
for more details you can use their nuget package and their sample
Nuget
Another reference
Github
You can find it in your app's Preferences.
Right click on your project. Select add. Add .settings form. Then crate a table which contains email, password etc.

How to tell if SPUser is Active Directory account

I'm working on a project where the client wants to restrict some content to only Active Directory users . Is there any way to identify that a SPUser is an AD user short of parsing the username string for the domain (or something along those lines). Something like SPUser.IsADUser would be awesome.
Edit
This seems to work, but I'm not sure if this is reliable enough? For this use case, identifying that a user is a windows user is enough (there are no local system accounts)
SPUser user = SPContext.Current.Web.CurrentUser;
string userName = user.LoginName.Substring(user.LoginName.IndexOf('|') + 1);
SPPrincipalInfo info = SPUtility.ResolveWindowsPrincipal(SPContext.Current.Site.WebApplication, userName, SPPrincipalType.User, false);
if(info != null){
//THIS IS A WINDOWS ACCOUNT
}
In my experience it is much better to use audiences for this purpose. You then can easily trim any web part using "Audience" property. You can read about audiences here. Of course it will only work if you have user profile synchronization configured.

Setting user password using C# does not work, any ideas?

I need to reset a user password. to do so, I use the following code:
DirectoryEntry de = ..
de.AuthenticationType = AuthenticationType.Secure
de.Password = txtPassword.text
de.CommitChanges()
When i run the code - nothing happens. The user password does not change, and no exception is thrown.
if i use the following method:
de.Invoke("SetPassword", .. );
when i run the code, I get a message that says: Please insert smartcard ...
I have admin privilages over the user account.
The user does not have UAV set for smart card.
Any ideas ?
The Password property of the DirectoryEntry class isn't what you think it is. You're not changing the user's password, you're changing the password you're using to access further information from the DirectoryEntry object.
From the MSDN documentation:
You can set the Username and Password properties to specify alternate
credentials with which to access the information in Active Directory
Domain Services. Any other DirectoryEntry objects retrieved from this
instance (for example, through Children) are automatically created
with the same alternate credentials.
With your second method, if you're being asked to insert a smartcard I doubt that has anything to do with the user you're modifying - it's more likely it's asking for your smartcard. If you're not set up to use smartcards either, then I'm really not sure why it's asking you for one at all.
Take a look at this related question and see if the answers there help.

Change User Password in ASP.NET Forms Authentication

I code in C# (ASP.NET) and am using Forms authentication.
I would like to know which is the best method to change a user password without using the asp:ChangePassword control.
I dont want to use the reset password method.
I just want to grab the password i have inside my textbox and replace it with my older password.
Please note that the PasswordFormat I use is passwordFormat="Hashed"
Some code snippets would be helpful
Edit:
In my web.config, I have set enablePasswordRetrieval="false"
I used the following method
var myUser = Membership.GetUser(userID);
bool isChangeSuccess = myUser.ChangePassword(
myUser.GetPassword(),
ActivateUserPasswordText.Text.Trim());
It gives me the error,
This Membership Provider has not been
configured to support password
retrieval.
What could be done to solve these issues?
I would really like my PasswordFormat to be hash itself.
Regards,
Naveen Jose
Got it solved. Thanks to my fellow developer.
var myUser = Membership.GetUser(userID);
bool isChangeSuccess = myUser.ChangePassword(
myUser.ResetPassword(),
ActivateUserPasswordText.Text.Trim());
Cant say I liked it much though.
I thought ResetPassword() would be returning a bool.
Assuming you are using the ASP.NET security thingies.
System.Web.Security.MembershipProvider.ChangePassword method
Only the Hash value for the passwords are usually stored by the asp.net membership provider, so it is not possible to retrieve the original password. It is possible to change this behavior by configuration, but it is not recommended.
Simply ask the user to enter the old password also while changing the password. You can use the old password entered by the user in the User.ChangePassword method and it should work fine.
This Membership Provider has not been configured to support password retrieval.
The above message is displayed because of your password format will be salt and so that you can't get the password of the user. If you want to do this change the password format and try again.
On the off chance someone is using the ApplicationUser and not the Membership - as I was because I did not want to set a Membership Provider - you can change the password this way:
Dim manager = New UserManager()
Dim userChange As ApplicationUser = manager.FindById(IDUser)
userChange.PasswordHash = manager.PasswordHasher.HashPassword(newPassword.Value)
Dim val As Object = manager.Update(userChange)
Hope this helps someone

Categories