using windows username password in C# - c#

how i can use windows stored username and password in my C# APP. I am looking for method which returns bool state of successful login. means :
bool isCredentialValid = CheckLogin(username, password);
so according to bool value I can show proper message.
Updated
class Program
{
static void Main(string[] args)
{
PrincipalContext pc = new PrincipalContext(ContextType.Machine);
Console.WriteLine("Enter username : ");
string user = Console.ReadLine();
Console.WriteLine("Enter password : ");
string pass = Console.ReadLine();
bool isValid = pc.ValidateCredentials(user, pass);
Console.WriteLine("State : {0}",isValid);
Console.ReadLine();
}
}
this code is not working. when i enable Guest account it shows true for every login and when i disable Guest account it does not verifies even existing account. Any help would be appreciated.

Have a look at PrincipalContext.ValidateCredentials method. For example,
PrincipalContext pc = new PrincipalContext(ContextType.Domain);
bool isCredentialValid = pc.ValidateCredentials(username, password);
for local accounts, use ContextType.Machine.
Yet another way would be using win32 api LogonUser function

Add using System.Security.Principal;
//for current Username full
string str = WindowsIdentity.GetCurrent().Name;
Then u can use this username for authentication.
For password it is different.

Related

Is it possible to get client machine OS user name in asp.net web application [duplicate]

How do I get the current username in .NET using C#?
string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
If you are in a network of users, then the username will be different:
Environment.UserName
- Will Display format : 'Username'
rather than
System.Security.Principal.WindowsIdentity.GetCurrent().Name
- Will Display format : 'NetworkName\Username'
Choose the format you want.
Try the property: Environment.UserName.
The documentation for Environment.UserName seems to be a bit conflicting:
Environment.UserName Property
On the same page it says:
Gets the user name of the person who is currently logged on to the Windows operating system.
AND
displays the user name of the person who started the current thread
If you test Environment.UserName using RunAs, it will give you the RunAs user account name, not the user originally logged on to Windows.
I totally second the other answers, but I would like to highlight one more method which says
String UserName = Request.LogonUserIdentity.Name;
The above method returned me the username in the format: DomainName\UserName. For example, EUROPE\UserName
Which is different from:
String UserName = Environment.UserName;
Which displayed in the format: UserName
And finally:
String UserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
which gave: NT AUTHORITY\IUSR (while running the application on IIS server) and DomainName\UserName (while running the application on a local server).
Use:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
That will be the logon name.
Just in case someone is looking for user Display Name as opposed to User Name, like me.
Here's the treat :
System.DirectoryServices.AccountManagement.UserPrincipal.Current.DisplayName
Add Reference to System.DirectoryServices.AccountManagement in your project.
String myUserName = Environment.UserName
This will give you output - your_user_name
You may also want to try using:
Environment.UserName;
Like this...:
string j = "Your WindowsXP Account Name is: " + Environment.UserName;
Hope this has been helpful.
I tried several combinations from existing answers, but they were giving me
DefaultAppPool
IIS APPPOOL
IIS APPPOOL\DefaultAppPool
I ended up using
string vUserName = User.Identity.Name;
Which gave me the actual users domain username only.
Use System.Windows.Forms.SystemInformation.UserName for the actually logged in user as Environment.UserName still returns the account being used by the current process.
I've tried all the previous answers and found the answer on MSDN after none of these worked for me. See 'UserName4' for the correct one for me.
I'm after the Logged in User, as displayed by:
<asp:LoginName ID="LoginName1" runat="server" />
Here's a little function I wrote to try them all. My result is in the comments after each row.
protected string GetLoggedInUsername()
{
string UserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name; // Gives NT AUTHORITY\SYSTEM
String UserName2 = Request.LogonUserIdentity.Name; // Gives NT AUTHORITY\SYSTEM
String UserName3 = Environment.UserName; // Gives SYSTEM
string UserName4 = HttpContext.Current.User.Identity.Name; // Gives actual user logged on (as seen in <ASP:Login />)
string UserName5 = System.Windows.Forms.SystemInformation.UserName; // Gives SYSTEM
return UserName4;
}
Calling this function returns the logged in username by return.
Update: I would like to point out that running this code on my Local server instance shows me that Username4 returns "" (an empty string), but UserName3 and UserName5 return the logged in User. Just something to beware of.
try this
ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT UserName FROM Win32_ComputerSystem");
ManagementObjectCollection collection = searcher.Get();
string username = (string)collection.Cast<ManagementBaseObject>().First()["UserName"];
now it looks better
Here is the code (but not in C#):
Private m_CurUser As String
Public ReadOnly Property CurrentUser As String
Get
If String.IsNullOrEmpty(m_CurUser) Then
Dim who As System.Security.Principal.IIdentity = System.Security.Principal.WindowsIdentity.GetCurrent()
If who Is Nothing Then
m_CurUser = Environment.UserDomainName & "\" & Environment.UserName
Else
m_CurUser = who.Name
End If
End If
Return m_CurUser
End Get
End Property
Here is the code (now also in C#):
private string m_CurUser;
public string CurrentUser
{
get
{
if(string.IsNullOrEmpty(m_CurUser))
{
var who = System.Security.Principal.WindowsIdentity.GetCurrent();
if (who == null)
m_CurUser = System.Environment.UserDomainName + #"\" + System.Environment.UserName;
else
m_CurUser = who.Name;
}
return m_CurUser;
}
}
For a Windows Forms app that was to be distributed to several users, many of which log in over vpn, I had tried several ways which all worked for my local machine testing but not for others. I came across a Microsoft article that I adapted and works.
using System;
using System.Security.Principal;
namespace ManageExclusion
{
public static class UserIdentity
{
// concept borrowed from
// https://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity(v=vs.110).aspx
public static string GetUser()
{
IntPtr accountToken = WindowsIdentity.GetCurrent().Token;
WindowsIdentity windowsIdentity = new WindowsIdentity(accountToken);
return windowsIdentity.Name;
}
}
}
Get the current Windows username:
using System;
class Sample
{
public static void Main()
{
Console.WriteLine();
// <-- Keep this information secure! -->
Console.WriteLine("UserName: {0}", Environment.UserName);
}
}
I went over most of the answers here and none of them gave me the right user name.
In my case I wanted to get the logged in user name, while running my app from a different user, like when shift+right click on a file and "Run as a different user".
The answers I tried gave me the 'other' username.
This blog post supplies a way to get the logged in user name, which works even in my scenario:
https://smbadiwe.github.io/post/track-activities-windows-service/
It uses Wtsapi
Edit: the essential code from the blog post, in case it ever disappears, is
Add this code to a class inheriting from ServiceBase
[DllImport("Wtsapi32.dll")]
private static extern bool WTSQuerySessionInformation(IntPtr hServer, int sessionId, WtsInfoClass wtsInfoClass, out IntPtr ppBuffer, out int pBytesReturned);
[DllImport("Wtsapi32.dll")]
private static extern void WTSFreeMemory(IntPtr pointer);
private enum WtsInfoClass
{
WTSUserName = 5,
WTSDomainName = 7,
}
private static string GetUsername(int sessionId, bool prependDomain = true)
{
IntPtr buffer;
int strLen;
string username = "SYSTEM";
if (WTSQuerySessionInformation(IntPtr.Zero, sessionId, WtsInfoClass.WTSUserName, out buffer, out strLen) && strLen > 1)
{
username = Marshal.PtrToStringAnsi(buffer);
WTSFreeMemory(buffer);
if (prependDomain)
{
if (WTSQuerySessionInformation(IntPtr.Zero, sessionId, WtsInfoClass.WTSDomainName, out buffer, out strLen) && strLen > 1)
{
username = Marshal.PtrToStringAnsi(buffer) + "\\" + username;
WTSFreeMemory(buffer);
}
}
}
return username;
}
If you don't have one already, add a constructor to the class; and add this line to it:
CanHandleSessionChangeEvent = true;
EDIT:
Per comments requests, here's how I get the session ID - which is the active console session ID:
[DllImport("kernel32.dll")]
private static extern uint WTSGetActiveConsoleSessionId();
var activeSessionId = WTSGetActiveConsoleSessionId();
if (activeSessionId == INVALID_SESSION_ID) //failed
{
logger.WriteLog("No session attached to console!");
}
In case it's helpful to others, when I upgraded an app from c#.net 3.5 app to Visual Studio 2017 this line of code User.Identity.Name.Substring(4); threw this error "startIndex cannot be larger than length of string" (it didn't baulk before).
It was happy when I changed it to System.Security.Principal.WindowsIdentity.GetCurrent().Name however I ended up using Environment.UserName; to get the logged in Windows user and without the domain portion.

Can't figure out why method as argument in another method is repeating

I am new and just started learning C# and there is this challenge where you have to create your own pseudo-login system using methods. The instructor used methods as argument in another method just fine, but when I do it, it is repeating for whatever reason I am unaware of.
I have looked and fiddled for hours now and have been unsuccessful in finding a relevant solution, so I created this account. Please help!
using System; //namespace
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace ConsoleApp2
{
class Program
{
public static void Main(string[] args)
{
Login(RegisterName(), RegisterPassword());
Console.ReadKey();
}
public static string RegisterName()
{
string userName = "Error. ";
Console.WriteLine("Hello, let us begin registration.\n\nPlease enter your desired username. ");
userName = Console.ReadLine();
Console.Write("{0} has been registered as your username. ", userName);
return userName;
}
static string RegisterPassword()
{
string userPassword = "Error. ";
Console.WriteLine("\nNow please enter your desired password. ");
userPassword = Console.ReadLine();
Console.Write("{0} has been registered as your password.\n\nAccount registration successful.\n", userPassword);
return userPassword;
}
static void Login(string _userName, string _userPassword)
{
string enteredName;
string enteredPassword;
Console.WriteLine("Let us login; first, enter your username. ");
enteredName = Console.ReadLine();
Console.WriteLine("Next, your password. ");
enteredPassword = Console.ReadLine();
// check
if (enteredName.Equals( RegisterName() ) && enteredPassword.Equals( RegisterPassword() ) )
{
Console.WriteLine("Successful login. Welcome {0}. ", enteredName);
}
else
{
Console.WriteLine("Your username or password does not match any known registration. Have you forgotten your details? Please try again or register if you haven't already. ");
}
}
}
}
And this is the output:
Hello, let us begin registration.
Please enter your desired username.
test
test has been registered as your username.
Now please enter your desired password.
test
test has been registered as your password.
Account registration successful.
Let us login; first, enter your username.
test
Next, your password.
test
Hello, let us begin registration.
Please enter your desired username.
test
test has been registered as your username. Now please enter your desired password.
test
test has been registered as your password.
Account registration successful.
Successful login. Welcome test.
(Please forgive the sloppy formatting of the output, and the using stuff that i am not actually using is just stuff left in by the instructor iirc.)
if (enteredName.Equals( RegisterName() ) && enteredPassword.Equals( RegisterPassword()) ) {
Console.WriteLine("Successful login. Welcome {0}. ", enteredName);
}
This is calling the function twice. What you really want to do here is:
if (enteredName.Equals( _userName ) && enteredPassword.Equals( _userPassword) ) {
Console.WriteLine("Successful login. Welcome {0}. ", enteredName);
}
This is a very sloppy way to do something like this, but by the looks of it you're just doing it for learning purposes.

Authentication user to web application from desktop application

I am a novice programmer. I need write desktop application, where user enters the username and password. After clicked on button calls the method Start class Process. Unfortunately, appears in an error message System.ComponentModel.Win32Exception, username or password is incorrect.
My code:
//Download data
String user = this.textBoxUser.Text;
String pass = this.textBoxPassword.Text;
//Password
SecureString secret = SecureStringConverter.ConvertToSecureString(pass);
//Webbrowser
string file = "chrome.exe";
string domain = #"http://localhost:62074/";
//Process start
Process proc = new Process();
Microsoft.Win32.RegistryKey subKey = Microsoft.Win32.Registry.ClassesRoot.OpenSubKey(#"http\shell\open\command");
String DefaultBrowser = subKey.GetValue(null).ToString();
if (DefaultBrowser != null)
{
int startIndex = DefaultBrowser.IndexOf("\"") + 1;
int endIndex = DefaultBrowser.IndexOf("\"", startIndex);
string RegDefaultBrowserPath = DefaultBrowser.Substring(startIndex, endIndex - startIndex);
proc.StartInfo.FileName = RegDefaultBrowserPath;
proc.StartInfo.Arguments = domain;
proc.StartInfo.UseShellExecute = false;
proc.StartInfo.LoadUserProfile = false;
proc.StartInfo.UserName = user;
proc.StartInfo.Password = secret;
proc.Start();
}
And this method to convert string to SecureString
public static class SecureStringConverter
{
public static SecureString ConvertToSecureString(string password)
{
if (password == null)
throw new ArgumentNullException("password");
unsafe
{
fixed (char* passwordChars = password)
{
var securePassword = new SecureString(passwordChars, password.Length);
securePassword.MakeReadOnly();
return securePassword;
}
}
}
}
I don't think your approach will work. At least not as simple as you might expect it to happen. You may get it working by launching Internet Explorer with explicit credentials to authenticate against applications hosted in IIS, as they may be configured to use domain account for authentication. This scenario essentially is for Intranet web applications. With Crome it is a completely different story.
Merits of your approach are completely not obvious. It is expected that credentials of user logged in to Windows are used for authentication. With your idea, it sounds more like someone else signs in to Windows for me, and I use my own credentials to run web app, but still use remaining windows apps with someone else's credentials.
The following article should give you an idea that it will depend on infrastructure support, and specific sign in process, not just as simple as forwarding explicit credentials to get it working with external web applications who knows nothing about your domain:
https://support.google.com/a/answer/60224?hl=en

Check Password Reset on Active Directory Server

I need to reset windows password of any user through my .Net application. I am using the user's username to get its Directory Entry from AD server. I got these two different methods for changing password :
entry.Invoke("ChangePassword", oldPass, newPass);
&
entry.Invoke("SetPassword", "pass#123");
But I am getting the following error when am trying these methods on live AD server :
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
I have 2 AD servers. One of them is live and another is for testing purpose. I just want to check if my code is working or not. Since, access is denied on live server I can not change and check later my own password through code.
And if I am using the test AD server to change password, I don't know how to check whether the pasword is changed or not.
Kindly give any suggestions to check if my code is working properly or not.
Thanks in advance.
I think you're not getting a proper context setup before you call the invoke. Here's what I use for something similar. You'll need to set your own variables:
I'm using System.DirectoryServices.AccountManagement to get the functions.
//Domain related info
string _DCToUse = "myserver.domain.local";
string _ADConDomain = "DC=domain,DC=local";
string _AdDomain = "domain";
string _ADAdminUser = "administrator";
string _ADAdminPass = "password";
//User specific
string _UserName = "jsmith";
string _CurrentPass = "oldPass";
string _NewPass = "newPass";
PrincipalContext principalContext =
new PrincipalContext(ContextType.Domain, _DCToUse,
_ADConDomain, _ADDomain+#"\"+_ADAdminUser, _ADAdminPass);
UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, _UserName);
if (user == null)
{
string ADErrorMsg = "Couldn't find user, check your spelling.";
return Changed;
}
user.ChangePassword(oldPass, newPass);
user.Save();

How do I get the current username in .NET using C#?

How do I get the current username in .NET using C#?
string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
If you are in a network of users, then the username will be different:
Environment.UserName
- Will Display format : 'Username'
rather than
System.Security.Principal.WindowsIdentity.GetCurrent().Name
- Will Display format : 'NetworkName\Username'
Choose the format you want.
Try the property: Environment.UserName.
The documentation for Environment.UserName seems to be a bit conflicting:
Environment.UserName Property
On the same page it says:
Gets the user name of the person who is currently logged on to the Windows operating system.
AND
displays the user name of the person who started the current thread
If you test Environment.UserName using RunAs, it will give you the RunAs user account name, not the user originally logged on to Windows.
I totally second the other answers, but I would like to highlight one more method which says
String UserName = Request.LogonUserIdentity.Name;
The above method returned me the username in the format: DomainName\UserName. For example, EUROPE\UserName
Which is different from:
String UserName = Environment.UserName;
Which displayed in the format: UserName
And finally:
String UserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
which gave: NT AUTHORITY\IUSR (while running the application on IIS server) and DomainName\UserName (while running the application on a local server).
Use:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
That will be the logon name.
Just in case someone is looking for user Display Name as opposed to User Name, like me.
Here's the treat :
System.DirectoryServices.AccountManagement.UserPrincipal.Current.DisplayName
Add Reference to System.DirectoryServices.AccountManagement in your project.
String myUserName = Environment.UserName
This will give you output - your_user_name
You may also want to try using:
Environment.UserName;
Like this...:
string j = "Your WindowsXP Account Name is: " + Environment.UserName;
Hope this has been helpful.
I tried several combinations from existing answers, but they were giving me
DefaultAppPool
IIS APPPOOL
IIS APPPOOL\DefaultAppPool
I ended up using
string vUserName = User.Identity.Name;
Which gave me the actual users domain username only.
Use System.Windows.Forms.SystemInformation.UserName for the actually logged in user as Environment.UserName still returns the account being used by the current process.
I've tried all the previous answers and found the answer on MSDN after none of these worked for me. See 'UserName4' for the correct one for me.
I'm after the Logged in User, as displayed by:
<asp:LoginName ID="LoginName1" runat="server" />
Here's a little function I wrote to try them all. My result is in the comments after each row.
protected string GetLoggedInUsername()
{
string UserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name; // Gives NT AUTHORITY\SYSTEM
String UserName2 = Request.LogonUserIdentity.Name; // Gives NT AUTHORITY\SYSTEM
String UserName3 = Environment.UserName; // Gives SYSTEM
string UserName4 = HttpContext.Current.User.Identity.Name; // Gives actual user logged on (as seen in <ASP:Login />)
string UserName5 = System.Windows.Forms.SystemInformation.UserName; // Gives SYSTEM
return UserName4;
}
Calling this function returns the logged in username by return.
Update: I would like to point out that running this code on my Local server instance shows me that Username4 returns "" (an empty string), but UserName3 and UserName5 return the logged in User. Just something to beware of.
try this
ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT UserName FROM Win32_ComputerSystem");
ManagementObjectCollection collection = searcher.Get();
string username = (string)collection.Cast<ManagementBaseObject>().First()["UserName"];
now it looks better
Here is the code (but not in C#):
Private m_CurUser As String
Public ReadOnly Property CurrentUser As String
Get
If String.IsNullOrEmpty(m_CurUser) Then
Dim who As System.Security.Principal.IIdentity = System.Security.Principal.WindowsIdentity.GetCurrent()
If who Is Nothing Then
m_CurUser = Environment.UserDomainName & "\" & Environment.UserName
Else
m_CurUser = who.Name
End If
End If
Return m_CurUser
End Get
End Property
Here is the code (now also in C#):
private string m_CurUser;
public string CurrentUser
{
get
{
if(string.IsNullOrEmpty(m_CurUser))
{
var who = System.Security.Principal.WindowsIdentity.GetCurrent();
if (who == null)
m_CurUser = System.Environment.UserDomainName + #"\" + System.Environment.UserName;
else
m_CurUser = who.Name;
}
return m_CurUser;
}
}
For a Windows Forms app that was to be distributed to several users, many of which log in over vpn, I had tried several ways which all worked for my local machine testing but not for others. I came across a Microsoft article that I adapted and works.
using System;
using System.Security.Principal;
namespace ManageExclusion
{
public static class UserIdentity
{
// concept borrowed from
// https://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity(v=vs.110).aspx
public static string GetUser()
{
IntPtr accountToken = WindowsIdentity.GetCurrent().Token;
WindowsIdentity windowsIdentity = new WindowsIdentity(accountToken);
return windowsIdentity.Name;
}
}
}
Get the current Windows username:
using System;
class Sample
{
public static void Main()
{
Console.WriteLine();
// <-- Keep this information secure! -->
Console.WriteLine("UserName: {0}", Environment.UserName);
}
}
I went over most of the answers here and none of them gave me the right user name.
In my case I wanted to get the logged in user name, while running my app from a different user, like when shift+right click on a file and "Run as a different user".
The answers I tried gave me the 'other' username.
This blog post supplies a way to get the logged in user name, which works even in my scenario:
https://smbadiwe.github.io/post/track-activities-windows-service/
It uses Wtsapi
Edit: the essential code from the blog post, in case it ever disappears, is
Add this code to a class inheriting from ServiceBase
[DllImport("Wtsapi32.dll")]
private static extern bool WTSQuerySessionInformation(IntPtr hServer, int sessionId, WtsInfoClass wtsInfoClass, out IntPtr ppBuffer, out int pBytesReturned);
[DllImport("Wtsapi32.dll")]
private static extern void WTSFreeMemory(IntPtr pointer);
private enum WtsInfoClass
{
WTSUserName = 5,
WTSDomainName = 7,
}
private static string GetUsername(int sessionId, bool prependDomain = true)
{
IntPtr buffer;
int strLen;
string username = "SYSTEM";
if (WTSQuerySessionInformation(IntPtr.Zero, sessionId, WtsInfoClass.WTSUserName, out buffer, out strLen) && strLen > 1)
{
username = Marshal.PtrToStringAnsi(buffer);
WTSFreeMemory(buffer);
if (prependDomain)
{
if (WTSQuerySessionInformation(IntPtr.Zero, sessionId, WtsInfoClass.WTSDomainName, out buffer, out strLen) && strLen > 1)
{
username = Marshal.PtrToStringAnsi(buffer) + "\\" + username;
WTSFreeMemory(buffer);
}
}
}
return username;
}
If you don't have one already, add a constructor to the class; and add this line to it:
CanHandleSessionChangeEvent = true;
EDIT:
Per comments requests, here's how I get the session ID - which is the active console session ID:
[DllImport("kernel32.dll")]
private static extern uint WTSGetActiveConsoleSessionId();
var activeSessionId = WTSGetActiveConsoleSessionId();
if (activeSessionId == INVALID_SESSION_ID) //failed
{
logger.WriteLog("No session attached to console!");
}
In case it's helpful to others, when I upgraded an app from c#.net 3.5 app to Visual Studio 2017 this line of code User.Identity.Name.Substring(4); threw this error "startIndex cannot be larger than length of string" (it didn't baulk before).
It was happy when I changed it to System.Security.Principal.WindowsIdentity.GetCurrent().Name however I ended up using Environment.UserName; to get the logged in Windows user and without the domain portion.

Categories