I'm currently working on integrating a c# gesture authentication program using the kinect into windows as a form of authentication for part of my final year project. Once the c# program authenticates, there will be an event fired if the gesture supplied is authenticated to be a valid gesture.
So my question is:
I'm currently using the sampleHardWareEventCredentialProvider from microsoft. Is it suitable for what I want to achieve?
Can the custom credential provider be coded in such a way that it can call my c# program to do the authenticating and return an event to the credentialProvider whether the authentication was a success or not? If yes, could anyone kindly point me in the right direction?
I think that to create a custom Credential Provider you need to implement the ICredentialProvider COM interface http://msdn.microsoft.com/en-us/library/windows/desktop/bb776042.aspx . You can do this using C# (maybe like http://www.codeproject.com/Articles/7859/Building-COM-Objects-in-C ). Are you already using SampleHardWareEventCredentialProvider with C# successfully?
The sample hardware Credential Provider, certainly from what I've read, is made for what you're trying to do, as it;s currently geared-up for authentication a user via third-party hardware, such as fingerprint readers, etc. One would imagine that Kinect would fit nicely into that model, assuming you could get the gesture element right!! Also, bear in mind that the Credential Providers were written for Vista, so Kinect may not have been a glint in a MS-Dev's eye at the time.
In terms of your second point, about being able to call a C# application to do the authenticating, yes you certainly can, as I've done it this week myself using a WPF application to write a self-service password reset app. I've not needed to return an event/data back to the Credential Provider from the C# application, as I've not needed to do that, but can't imagine that this is a massive pitfall.
Hope this helps.
Related
I am trying to build one intranet application. What I am trying to do is to authenticate the user using the biometric system, fingerprints to be precise. Like in some laptops or notebooks I have seen there is
a fingerprint authentication system. The same thing I am trying to build but not for a particular person. The only difference is that the person's biometric information would be stored on LDAP server. So
that anyone who has the right access to use that particular machine can use after getting authenticated. I am trying to get the user's biometric information using an external biometric device. I have gone through few documentations on Windows Biometric Framework. And using sensor adapter and engine adapter as plug-ins I can get the user's biometric information and also get processed and can send to the server.
The only query I am having here is:
First thing first am I breaking any Microsoft's policy here by achieving this?
If not then how can I get windows system lock and unlock after
getting the response from the server whether the user is valid or not?
Has anyone ever tried this ?
Can anyone help me to get this ?
Thank you in advance.
If you're saying that you want to actually notify the built in windows login / authentication system (known as a system credential provider) that the user is authenticated then this is not supported by the official windows API. If this was supported anyone could create malware that simply notified the API that a user is authenticated / authorized, thereby essentially rendering all of windows security meaningless. So we should be grateful this is not officially supported.
Trying to implement something like that without official API support would definitely be against the terms of use. Since its not officially supported, you would have to resort to some awful hacks to get it to work, the implementation of which would almost certainly be considered either reverse engineering the kernel or hacking the kernel (or both) by Microsoft's legal team. Even if you believed they were wrong... would you really want to fight them (and their deep pockets)?
Let's also consider that if no official unlock API exists, then you would be required to use some kind of backdoor to achieve it. If such a thing even exists, then it would certainly be subject to being rendered useless by an MS update (which would nuke your app's login implementation).
Now that the fire and fury is out of the way, let me state that all is not lost, provided you are targeting a more recent version of windows.
You can implement your own biometric security system as you described. This is now known as a third party credential provider This would be a separate system, and Microsoft recommends that you require users setup a system credential provider as a fallback in case your third party credential system fails for any reason. If not, the user account would be impossible to recover. Again, they key difference from the first example is that your system is separate and distinct from the system credential provider (windows native lock screen).
I would like to stress though, that implementing a third party credential system is still far from trivial. You will want to read up extensively on the proper interfaces you will have to implement. I'd recommend starting here:
https://msdn.microsoft.com/en-us/library/windows/desktop/mt158211%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
There is also apparently a sample located in the Windows SDK installation directory under \Samples\Security\CredentialProvider. Also, there is a nice technical reference of credential providers located here:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb648647%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
Click the link that says "Credential Provider driven Windows Logon Experience" to download the tech document.
I need to know if is there any documentation on how I could add a custom user interface with a code written by me in C# to a credential provider done with pGina (http://pgina.org/) for Windows 10.
I have an application to make facial recognition done with Egmu CV in C# and in another side, I have developed a plugin with pGina to be used as a Windows Credential Provider, but I don't know how to join both things.
The problem I have is that all the documentation I have found on the web, is based on using the Windows user and password inputs interface, but I need to be able to show the webcam capture in the logon and unlock screens, authenticate the user using the app I've done, and if everything is right, authorize the user to access the computer. The KeyLemon app, has this feature, I need to know if it is possible to do it with pGina, to avoid the pain of creating all the CP code from scratch.
Any help will be really appreciated.
Thank you very much!!!!!!
I'm completely new to the whole facebook login scene. Unfortunately the login process seems so complicated considering I simply want to be able to call a login dialog and get back the user's App Token. When I run the example code the login screen asks for an app token not an email and password like I'd expect to see as a user.
From my understanding it appears that even using the Facebook Unity SDK I am still required to build my own login page with app token generator which I have no idea how to do. It also appears there are different ways it needs to be done whether you are on IOS, Android, Web Player, Windows and Windows Phone. Is there really not one way to do this?
I followed the tutorial here: https://developers.facebook.com/docs/games/unity/unity-tutorial although all the images regarding setting up your app on developers.facebook.com/apps are out of date and I can't find a good majority of the options it mentions.
So I guess my main questions are:
Can you have one way across all platforms to allow email/password login for a user?
Do you need to build your own token generator on a website?
How do I set up a game for Unity in the new facebook layout?
Thanks everyone. I've never dealt with authentication via any online service before and this seems much preferable to having my own login authentication for my games. I just wish it wasn't such a confusing mess to someone who has never dealt with any of this before.
The app token thing is only used in Unity editor, so only in development. This is a work-around, since it was impossible to simulate regular facebook login flow in Unity editor and we wanted devs to be able to test their games in the editor, which is much faster than building and uploading it.
You are not supposed to create your own login process. Just import the sdk package into Unity and open scene InteractiveConsole in Assets\Examples
Try building it for iOS/android/canvas, it works on all platforms without any code change necessary
Let me know if have any problems
1 and 2
My assumption is the access "token" you mention is a generic login for testing in unity. Your app should handle the login differently across platforms, in regard to the "Facebook Unity SDK API's" handling the bulk stuff so you are free to plug and play.
3
Image of my settings for the canvas demo https:// developers .facebook .com/apps/#____#/settings/
https://drive.google.com/file/d/0B7Lk_CfjfKfTdVlNQWlINkNCTU0/edit?usp=sharing
I am writing a new version of a Delphi app in WPF/MVVM. It is not a complete redesign from the ground up, but rather just replacing Delphi code with WPF code, with a few modernization changes. I currently only have access to the running Delphi app, not source, but will have that soon.
Currently authentication uses a database query for a user name and hashed - I suspect it's not quite one way, but must address that later than today - password. How do I store that a user is authenticated, to check for access to all application commands and data? A simple private boolean in the User view model, an instance which is contained in the top level, application, view model? Or maybe when I extend to authorization, simply the fact that the User view model has been allocated a null list of permissions? What is normally done here?
The application is an access control and time and attendance management app for a very large international corporation, so security levels need be fairly high. Using AD is not feasible at this point due to the equally massive user base and list of access rights, and the rewrite is on very high priority.
Not a simple question, actually.
This doesn't fit as a comment, so I'm posting this as an answer:
what is the architecture of your application? 2-tier? 3-tier?
are you using WCF for the communication?
who are the users of your application? Windows users?
from where is your application used? In a Windows domain? Over the Internet?
Those questions might help you decide which way to go.
For example, if you're using 3-tier architecture, WCF for the communication, application used on a Windows domain, you might be interested in a non-custom authentication (you could use Windows authentication). See MSDN (Authentication, Authorization, and Identities in WCF).
I am writing an app using WPF 3.5 and I need twitter integration.
I know that there are many API's for C# and most of them seem to be on the right track.
But one, painfully annoying (seemingly 100% required) step of the twitter posting is that you need to redirect the user to the twitter website, in which they need to login and click "allow" which then shows a PIN number which the user must enter in to my client app in order to simply tweet.
This is so cumbersome and annoying for each run of the app, I dont mind a once off thing, but each time?? Am I not doing this right, why isnt it just a once off allowance of a registered app? How do apps like TweetDeck do it so that they dont have to re-approve each time I load the app?
You need to store the token and the key provided by the server when you perform the OAuth authentication. You can continue to sign your requests using those keys. I'm not entirely sure which library you're using, which makes it hard to say, but there should be a means of retrieving the key/token that Twitter provides you with and passing this back in as a means of authentication.
One other alternative is to use xAuth, which makes it a little easier for your app to authenticate the user. The downside is that it's pretty oblique and might not be supported by the library you're using.
Good luck!