?
Solved

Single sign-on solution for winforms application

Posted on 2008-06-17
3
Medium Priority
?
2,422 Views
Last Modified: 2013-12-04
I am trying to build a single sign-on winforms application that will work the following way
- the user logs to windows
- the user tries to launch the application
- the application extracts the user token and authenticates the user using this token by accessing the domain controller/active directory
- if the user logged in localy then he is not authenticated and the application will not launch, if he logged onto the domain then he is authenticated and the application will launch

I have found many examples that use username-password authentication on active directory but didn't find any examples that demostrate how to authenticate a user using kerberos/ntlm security token, I am trying to avoid forcing the user to retype his username and password and I know that this is possible since applications like outlook for example do exactly that (when you open an outlook you are authenticated without entering your credentials)
0
Comment
Question by:Peretsof
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Accepted Solution

by:
joechina earned 2000 total points
ID: 21815189
As long as the user's machine has joined the domian you can do:

WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
WindowsPrincipal currentPrincipal = new WindowsPrincipal(currentIdentity);
if (currentPrincipal.IsInRole(@"YourDomain\YourGroup"))
{
 ...
}



Hope it is you are looking for.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month8 days, 16 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question