locked
Using Windows Authentication/NTLM RRS feed

  • Question

  • Hi all,
    I have an application that use Active Directory for authenticating users.

    Now I want my app. to authenticate the users of the local machine.

    I found lots of articles for doing this in ASP.NET, but dont know how to do this using c# in a class-library project.
    Please revert even if there is some way to do this in WCF-service.

    Thanks.
    Monday, April 13, 2009 3:54 PM

Answers

  • Hi,
    Sure. You can go refer to WindowsIdentity and WindowsPrincipal classes in same namespace that will give you info for current user as well as they allow to impersonate other user. For example, the code below will give you current logged in user information and token

    WindowsIdentity identity= WindowsIdentity.GetCurrent();
    Console.WriteLine(identity.Name);
    Console.WriteLine(identity.Token);
    And if you have User Name and Password then you need to impersonate. One way of doing that is WindowsIdentity.Impersonate Method but for that you need to have token of the user and for that I guess you need to call Un managed code :)

    For that please refer to pages with sample:
    http://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity.impersonate.aspx
    http://msdn.microsoft.com/en-us/library/chf6fbt4.aspx
    http://venkriss.blogspot.com/2007/07/windowsidentity-impersonation.html

    I hope this will solve your problem :) feel free to ask further. Also don't forget to mark all replies as helpful or answer if it does helped you in anyway so that others visiting the thread later would know the solution.
    Adil Mughal - MCP http://adilamughal.blogspot.com
    • Proposed as answer by Adil Mughal Tuesday, April 14, 2009 11:04 AM
    • Proposed as answer by Adil Mughal Tuesday, April 14, 2009 11:05 AM
    • Marked as answer by Pankaj Gupta Wednesday, April 15, 2009 6:35 AM
    Tuesday, April 14, 2009 11:04 AM

All replies

  • Hi,
    You can use either LDAP to communicate with AD or ADSI in .NET. Please refer to following links:
    http://www.codeproject.com/KB/system/arbauthentication.aspx
    http://www.c-sharpcorner.com/UploadFile/john_charles/AccessingtheActiveDirectoryfromMicrosoftNET04172007154931PM/AccessingtheActiveDirectoryfromMicrosoftNET.aspx

    Hope this will help you. Please feel free to discuss further.
    Adil Mughal - MCP http://adilamughal.blogspot.com
    • Proposed as answer by Adil Mughal Monday, April 13, 2009 4:00 PM
    Monday, April 13, 2009 3:59 PM
  • Thank you Adil,
    and sorry for I did not clearly stated my problem.

    Currently, in my C# class library, I do use authentication using LDAP, which asks for UserName, Password and the domain-controller name
    (currently all three fields ie. username, password and domain-controller name are mendatory).

    I want to make login process a bit more flexible, suppose in cases where domain-controller is not present at all(he would leave the domain-controller name field as empty in this case).
    So, in such cases, I want to allow all the users of local machine(all those who can log-in into the localhost-machine with administrative privileges) to login into and mark as authenticated for my application.

    So, now if user does not provide the domain-controller name, his credentials would be checked against localhost machine-users.

    Please revert even if someone knows how to do this in WCF-service.

    Thanks.
    Monday, April 13, 2009 7:05 PM
  • Hi,
    It's quite simple in WCF. You need to set binding behavior such as

    <basicHttpBinding>
            <binding name="httpWithSecurity">
              <security mode="Transport">
                <transport clientCredentialType="Windows"/>
              </security>
            </binding>
     </basicHttpBinding>

    Or instead of Windows, you can use set clientCredentialType to "UserName" in which you provide custom User name and password or you can set to NTLM as well and then you can simply set the bindingConfiguration

    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="httpWithSecurity" contract="WcfService2.IService1">
    And you are done! But if you want to do everything without WCF then you can make use of LDAP or NTAccount class in System.Security.Principal namespace or other classes in that namespace as well.

    I hope this will help you out but you are most welcome to ask further.

    Have a great day!
    Adil Mughal - MCP http://adilamughal.blogspot.com
    • Proposed as answer by Adil Mughal Monday, April 13, 2009 10:22 PM
    Monday, April 13, 2009 10:22 PM
  • Thanks Adil.

    I am interested in 'NTAccount' class in 'System.Security.Principal namespace'.
    I did went through the msdn help, but to no avail.
    Would greatly appreciate if some sample is provided.

    I have UserName and Password with me and want to check if a user with this UserName and Password exist on the local machine or not.
    Tuesday, April 14, 2009 10:35 AM
  • Hi,
    Sure. You can go refer to WindowsIdentity and WindowsPrincipal classes in same namespace that will give you info for current user as well as they allow to impersonate other user. For example, the code below will give you current logged in user information and token

    WindowsIdentity identity= WindowsIdentity.GetCurrent();
    Console.WriteLine(identity.Name);
    Console.WriteLine(identity.Token);
    And if you have User Name and Password then you need to impersonate. One way of doing that is WindowsIdentity.Impersonate Method but for that you need to have token of the user and for that I guess you need to call Un managed code :)

    For that please refer to pages with sample:
    http://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity.impersonate.aspx
    http://msdn.microsoft.com/en-us/library/chf6fbt4.aspx
    http://venkriss.blogspot.com/2007/07/windowsidentity-impersonation.html

    I hope this will solve your problem :) feel free to ask further. Also don't forget to mark all replies as helpful or answer if it does helped you in anyway so that others visiting the thread later would know the solution.
    Adil Mughal - MCP http://adilamughal.blogspot.com
    • Proposed as answer by Adil Mughal Tuesday, April 14, 2009 11:04 AM
    • Proposed as answer by Adil Mughal Tuesday, April 14, 2009 11:05 AM
    • Marked as answer by Pankaj Gupta Wednesday, April 15, 2009 6:35 AM
    Tuesday, April 14, 2009 11:04 AM
  • Thanks Adil.

    Was confused about impersonisation. Your reply made things better.
    Wednesday, April 15, 2009 6:37 AM