none
.NET security: authenticating a user: WindowsIdentity.GetCurrent() VS Environment.UserName() RRS feed

  • Question

  • hi guys!

    i need the most secure approach of getting the logged-on user's user name (which is then stored in a SecureString).
    which method is considered to be more secure, WindowsIdentity.GetCurrent() or Environment.UserName()? also, could those properties be changed / masqueraded at runtime by some malicious tool which attaches to the running process?

    what i need to do is to get information about the currently logged on user from a DB (unfortunately no kind of DBMS which supports kerberos / NTML auth), so i need to be absolutely sure that the username hasn't been tampered with. SSO is not an option here, unfortunately.

    thanks,
    Tom
    Wednesday, October 28, 2009 10:25 AM

Answers

  • GetCurrent returns the Windows token that is used to execute the current thread (or process - depends if you are impersonating somewhere). So this is the recommended approach to retrieve the current Windows user name.

    Not sure why you would have to secure that value (especially with SecureString)...

    Dominick Baier | thinktecture | http://www.leastprivilege.com
    • Marked as answer by TomTom1234 Wednesday, October 28, 2009 11:52 AM
    Wednesday, October 28, 2009 11:01 AM

All replies

  • GetCurrent returns the Windows token that is used to execute the current thread (or process - depends if you are impersonating somewhere). So this is the recommended approach to retrieve the current Windows user name.

    Not sure why you would have to secure that value (especially with SecureString)...

    Dominick Baier | thinktecture | http://www.leastprivilege.com
    • Marked as answer by TomTom1234 Wednesday, October 28, 2009 11:52 AM
    Wednesday, October 28, 2009 11:01 AM
  • Dominick,

    thanks alot for your quick response.

    as for why it is a necessity to secure that string ... well that's rather complicated to explain.
    basically, over-simplified, i have to fire a query against a database which does not support single sign on. no kerberos, no NTLM. just username & PW, albeit encrypted. this is a desktop application, btw. no webservices involved. even if webservices were used for this it wouldn't change a thing.

    say i were to fire this command String.Format("select very_private_secrets where username = {0} from user_db;", WindowsIdentity.GetCurrent().Name); i need to make absolutely sure that a potential attacker won't be able to tamper whatever WindowsIdentity.GetCurrent().Name returns. if he could, he would be able to retrieve confidential and sensitive information.

    forget about SecureString though, which won't be helpful in this particular scenario either.
    • Edited by TomTom1234 Wednesday, October 28, 2009 12:09 PM
    Wednesday, October 28, 2009 12:03 PM
  • Well - if the attacker is an administrator on the client machine, he will be always able to do that.


    Dominick Baier | thinktecture | http://www.leastprivilege.com
    Wednesday, October 28, 2009 12:06 PM
  • Well - if the attacker is an administrator on the client machine, he will be always able to do that.


    Dominick Baier | thinktecture | http://www.leastprivilege.com
    if a malicious user should happen to gain access to our domain/local administrative/root credentials ... i'm pretty sure he could do ANYTHING, probably copying the very database files themselves ... this would breach security on a much highler level than i'm concerned/in charge of ;)
    Wednesday, October 28, 2009 12:13 PM