 | |
A twist to "Logon User at Domain"
Dotnet Security microsoft.public.dotnet.security
 |
| | Thread Tools | Search this Thread | Display Modes |
#1
 
| |||
| |||
|
A twist to "Logon User at Domain" -
02-16-2007
, 07:33 AM
#2
| |||
| |||
|
|
Hi all, just scanned the postings and i'm alittle suprised. There seams to be no way, to make a user logon/authenticate at a domain WITHOUT the user making his username AND PASSWORD available to the application initiating the logon/ authentication process.... Is that right? I'm refering to CredUIPromptForCredentials function which "publishes" the password of the application the invoking it. Any hint how to initiate the authentication process in a way which does not make password readable to the invoking appliction? I really hope i'm just missing something, and it's not by design.... TIA br Radek |
#3
| |||
| |||
|
|
If the user is already logged in to Windows, then you can just use their security token directly. Otherwise, perhaps you can explain what you are trying to do. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net --<Radek.Jedras... (AT) gmail (DOT) com> wrote in message news:1171629185.547619.184480 (AT) t69g2000cwt (DOT) googlegroups.com... Hi all, just scanned the postings and i'm alittle suprised. There seams to be no way, to make a user logon/authenticate at a domain WITHOUT the user making his username AND PASSWORD available to the application initiating the logon/ authentication process.... Is that right? I'm refering to CredUIPromptForCredentials function which "publishes" the password of the application the invoking it. Any hint how to initiate the authentication process in a way which does not make password readable to the invoking appliction? I really hope i'm just missing something, and it's not by design.... TIA br Radek- Hide quoted text - - Show quoted text - |
This is a vpn scenario: user starts his machine and logs in with his
local user name.
Later he connects via vpn to a company network.
With this connection in place he can start an application which needs
his
company-domain identity.
This works already, we are able to authenticate the user in the
company domain,
BUT only by presenting him a login dialog (Windows api) and ** passing
over ** the info he provides (user name / password)
to the DomainControler for authentication ....
The point is: is there a way to do this, without enabling the
application to "read" users login info ?
thanks for reading
cheerio
Radek
#4
| |||
| |||
|
|
Yes, the user is logged in already, but at a different domain. This is a vpn scenario: user starts his machine and logs in with his local user name. Later he connects via vpn to a company network. With this connection in place he can start an application which needs his company-domain identity. This works already, we are able to authenticate the user in the company domain, BUT only by presenting him a login dialog (Windows api) and ** passing over ** the info he provides (user name / password) to the DomainControler for authentication .... The point is: is there a way to do this, without enabling the application to "read" users login info ? thanks for reading cheerio Radek |
|
« Previous Thread
|
Next Thread »
| Thread Tools | Search this Thread |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.