I have a WPF application that will work offline with local data. On app start I need the user to re-enter their Windows credentials to verify that they are in fact the correct Windows user.
Is there a .NET method to make the user re-login when the app starts?
Or do I need to create a login page and logic and compare against the current user like this?
Seems like a technology solution to a behavior problem, but, you want to look at the CredUIPromptForCredentials API and the LogonUser API to prompt and create the token.
Related
I'm looking for an idea/solution that works on both Windows 8.1 and Windows 10.
For critical actions in my WPF application I want the user to explicitly authenticate again against the operating system. On the web exist many custom solutions like NuGet packages that look like a Windows prompt that asks the user for the password. Like the one that shows up, if you try to access network shares you are not authenticated for.
I do not want to use those custom solutions, I want to use those provided by operating system, if any.
In detail I'm looking for something like that:
WindowsIdentity identity = WindowsIdentity.GetCurrent();
bool authenticated = [WindowsAPI].Authenticate(identity);
if(authenticated)
{
//do critical action
}
Does such a WindowsAPI exist?
EDIT: The WindowsAPI should have an own UI and, in best case, validates the credentials and does not store any.
bool authenticated = [WindowsAPI].Authenticate(identity);
Should it ask user to enter the login and password one more time?
You can try to use Windows API LogonUser. However it does not supply UI to collect user name and password. You can try to create a dialog form with two textboxes by your own.
There is IPublicClientApplication and AcquireToken* methods. Please check the AcquireTokenByIntegratedWindowsAuth.
However it works with AzureAD to get the token so I'm not sure does it fit to your requirements.
The overall answer is: No, there does not exist a Windows API that includes an own UI and additionally validates the entered credentials.
In short, I used CredUIPromptForWindowsCredentials that pops up a configurable operation system dialog to enter credentials, CredUnPackAuthenticationBuffer to unpack credentials and LogonUser to verify the unpacked credentials. At the end clear the memory allocated by CredUIPromptForWindowsCredentials using CoTaskMemFree.
MS Docs:
CredUIPromptForWindowsCredentials
CredUnPackAuthenticationBuffer
LogonUser
CoTaskMemFree
P/Invoke Docs:
CredUIPromptForWindowsCredentials
CredUnPackAuthenticationBuffer
LogonUser
CoTaskMemFree
When we call LiveAuthClient.LoginAsync(...) method from Windows 8 app, it will contact authorization server to get access token using OAuth 2.0 protocol (this initiates sign-in process). Then authorization server authenticates resource owner and gets whether owner grant/denies the permission. To do this it throws up UI dialogs on the user agent (in this case it is Windows 8 app).
I would like to know how this dialog pops up on our app. Will some information be sent by authorization server, using that Live SDK is popping up the dialog? I would like to know the origination point of the dialog. I appreciate if someone could help me in understanding it.
I haven't used the LiveSDK myself but that sounds very much like a standard OAuth procedure like you would get when you use WebAuthenticationBroker yourself.
Not sure if I understood your question correctly, though. If you want to get more insight into the authentication broker you should have a look at the sample code mentioned in the documentation.
I thought this would be a very common practice, but I am having a hard time finding anything on how to show the user a default windows authentication credential prompt in c#?
Users will be using this windows forms app to connect to a web service on a different domain, so I cant just pass in the default credentials. These users will have a separate login to access the web service, and I want them to be prompted by the default Windows prompt, and then I can pass their creds through to the web service.
Thanks!
This was answered on SO a while back, I believe. You can use the credential management API. Here's a link with a code example that should get you started.
You need to P/invoke CredUIPromptForWindowsCredentials on Vista and up, or CredUIPromptForCredentials on XP.
Is there a Win32 function I can call to show a Windows login dialog?
E.g., Internet Explorer and Visual Studio's Team Explorer both show a credentials dialog when accessing a website - how can I show that dialog?
I have a .NET Windows client application that uses the logged in Windows user identity when communicating to web services. The services use that user ID to determine who is calling the service and to decide what they have permissions to see.
I would like to add a command that allows the current user to do effectively a "run as", where they can enter the username/password of another user and we have the application act as them.
I could build a custom dialog and use the LoginUser() function, but I would rather use something "official".
You can use the CredUIPromptForCredentials API function
See also here
I think you're stuck creating your own dialog. It's not that hard to make it look official though.
Anyone heard that it's possible to login to Windows xp programmatically,
I want to modify the way the Domain Controller authenticates the user and if the user authenticated in my special way it returns the user name and password to the service working on the client machine so it should login the user using its passed credentials from the DC without waiting for user to insert his original credentials.
Have a look at this: Gina.dll MSDN
Gina is the system that fingerprint readers etc. use to customise the login screen. You may be able to use this to achieve your purpose?
To future proof your app (Vista and Windows 7) you may wish to look into these: MSDN Mag Vista Credential Providers