Re: Validating a user using SSPI

From: Pieter Philippaerts (Pieter_at_nospam.mentalis.org)
Date: 12/05/03

• Next message: Mallikarjun Tuppad: "Re: smart client - different error."
• Previous message: Brad: "Re: StrongNameIdentityPermission at Assembly level?"
• In reply to: Edwin: "Validating a user using SSPI"
• Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Validating a user using SSPI"
• Reply: Joe Kaplan \(MVP - ADSI\): "Re: Validating a user using SSPI"
• Reply: Pieter Philippaerts: "Re: Validating a user using SSPI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 5 Dec 2003 17:17:54 +0100

"Edwin" <Edwin.Loubser@comau.co.za> wrote in message
> My problem is trying to authenticate using windows
> integrated security, based on the user name and password
> supplied by the user.

You can use the WindowsIdentity class for this. The constructor expects a
token generated by LogonUser, so you'll have to do some P/Invoke too.
Here's some code that you can use: [warning: untested air code]

using System.Runtime.InteropServices;
using System.Security.Principal;

[DllImport("advapi32.dll")]
static extern int LogonUser(string Username, string Domain, string Password,
int LogonType, int LogonProvider, ref IntPtr Token);

private IPrincipal Authenticate(string user, string pass) {
    m_ClientSocket.Send(new byte[]{5, 0});
    IntPtr token = IntPtr.Zero;
    int ret = LogonUser(user, ".", pass, 2, 0, ref token);
    if(ret == 0)
        throw new SecurityException();
    WindowsIdentity wi = new WindowsIdentity(token);
    return new WindowsPrincipal(wi);
}

Once you have an IPrincipal instance, you can use IsInRole method to check
whether a user belongs to a certain group.

Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl

---

• Next message: Mallikarjun Tuppad: "Re: smart client - different error."
• Previous message: Brad: "Re: StrongNameIdentityPermission at Assembly level?"
• In reply to: Edwin: "Validating a user using SSPI"
• Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Validating a user using SSPI"
• Reply: Joe Kaplan \(MVP - ADSI\): "Re: Validating a user using SSPI"
• Reply: Pieter Philippaerts: "Re: Validating a user using SSPI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: LogonUser() ... // This sample can be run only on Windows XP. ... String lpszPassword, ... int dwLogonType, int dwLogonProvider, ref IntPtr phToken); ... private unsafe static extern int FormatMessage(int dwFlags, ref IntPtr ... (microsoft.public.dotnet.security) Crypto API problem while using forms authentication ... instead of integrated windows authentication because i don't like this pop ... public static extern int LogonUser(String lpszUserName, ... String lpszPassword, ... protected TextBox txtUserName; ... (microsoft.public.dotnet.security) Crypto API problem while using forms authentication ... instead of integrated windows authentication because i don't like this pop ... public static extern int LogonUser(String lpszUserName, ... String lpszPassword, ... protected TextBox txtUserName; ... (microsoft.public.dotnet.framework.aspnet.security) Re: C# messaging ... The string you specify here needs to be a unique string in the Windows ... will get an int returned to you so save it. ... use the same exact string as you did in your C app). ... (microsoft.public.dotnet.languages.csharp) Re: Brian Kernighan, maybe Im not worthy, maybe Im scum ... conformant string. ... int repeats, reps; ... ref satisfierLength); ... (comp.programming)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)