|
web
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Authenticating to a serviceHello,
I need ideas, concepts to realize the following things: I have a service (vb.net) running on a workstation communicating with a client application. The data flow does not need to be encrypted, but it must be validated that it comes from a specific client. I want to make sure that the client application authenticates to the service before sending data. The client of this service should be a local administrator of the workstation. How can this be done in a secure way (communicating with the service and (windows) authentication without possibility of man in the middle attacks.) GM,
We have the same type of scenerio. We have the following code in our service and our remote client application calls the authenticate method (via interface) to logon to the domain. Hope this helps. Cheers, Rob Panosh Advanced Software Designs. ---- Sample Code --- Imports System.Security.Principal Imports System.Security.Permissions Imports System.Runtime.InteropServices Imports System.Environment Public Class Logon ''' ----------------------------------------------------------------------------- ''' <summary> ''' Authenticate a user against the network's users. ''' </summary> ''' <param name="userName">User name of the user to authenticate.</param> ''' <param name="password">Password of the user to authenticate.</param> ''' <param name="domain">The domain that is used to authenticate users on the network (primary domain controller).</param> ''' <returns>Success if the correct credentials are passed to this function.</returns> ''' <remarks> ''' </remarks> ''' <history> ''' [dave] 12/9/2004 Created ''' </history> ''' ----------------------------------------------------------------------------- Public Shared Function Authenticate(ByVal userName As String, ByVal password As String, ByVal domain As String) As Boolean Dim tokenHandle As New IntPtr(0) Try Const LOGON32_PROVIDER_DEFAULT As Integer = 0 Const LOGON32_LOGON_INTERACTIVE As Integer = 2 tokenHandle = IntPtr.Zero 'Call the LogonUser function to obtain a handle to an access token. Dim returnValue As Boolean = LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, tokenHandle) If returnValue = False Then 'This function returns the error code that the last unmanaged function returned. Dim ret As Integer = Marshal.GetLastWin32Error() Dim errmsg As String = GetErrorMessage(ret) Throw New System.Exception(errmsg) Else 'Create the WindowsIdentity object for the Windows user account that is 'represented by the tokenHandle token. Dim newId As New WindowsIdentity(tokenHandle) Dim userperm As New WindowsPrincipal(newId) 'Verify whether the Windows user has administrative credentials. If userperm.IsInRole(WindowsBuiltInRole.Administrator) Then Else End If End If 'Free the access token. If Not System.IntPtr.op_Equality(tokenHandle, IntPtr.Zero) Then CloseHandle(tokenHandle) End If Catch ex As Exception Throw ex ' MessageBox.Show("Exception occurred. " + ex.Message) End Try End Function 'The LogonUser function tries to log on to the local computer 'by using the specified user name. The function authenticates 'the Windows user with the password provided. Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _ ByVal lpszDomain As [String], ByVal lpszPassword As [String], _ ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _ ByRef phToken As IntPtr) As Boolean 'The FormatMessage function formats a message string that is passed as input. <DllImport("kernel32.dll")> _ Public Shared Function FormatMessage(ByVal dwFlags As Integer, ByRef lpSource As IntPtr, _ ByVal dwMessageId As Integer, ByVal dwLanguageId As Integer, ByRef lpBuffer As [String], _ ByVal nSize As Integer, ByRef Arguments As IntPtr) As Integer End Function 'The CloseHandle function closes the handle to an open object such as an Access token. Public Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean 'The GetErrorMessage function formats and then returns an error message 'that corresponds to the input error code. Public Shared Function GetErrorMessage(ByVal errorCode As Integer) As String Dim FORMAT_MESSAGE_ALLOCATE_BUFFER As Integer = &H100 Dim FORMAT_MESSAGE_IGNORE_INSERTS As Integer = &H200 Dim FORMAT_MESSAGE_FROM_SYSTEM As Integer = &H1000 Dim msgSize As Integer = 255 Dim lpMsgBuf As String Dim dwFlags As Integer = FORMAT_MESSAGE_ALLOCATE_BUFFER Or FORMAT_MESSAGE_FROM_SYSTEM Or FORMAT_MESSAGE_IGNORE_INSERTS Dim lpSource As IntPtr = IntPtr.Zero Dim lpArguments As IntPtr = IntPtr.Zero 'Call the FormatMessage function to format the message. Dim returnVal As Integer = FormatMessage(dwFlags, lpSource, errorCode, 0, lpMsgBuf, _ msgSize, lpArguments) If returnVal = 0 Then Throw New Exception("Failed to format message for error code " + errorCode.ToString() + ". ") End If Return lpMsgBuf End Function GM wrote: Show quoteHide quote > Hello, > > I need ideas, concepts to realize the following things: > > I have a service (vb.net) running on a workstation communicating with a > client application. > The data flow does not need to be encrypted, but it must be validated that > it comes from a specific client. > > I want to make sure that the client application authenticates to the service > before sending data. > The client of this service should be a local administrator of the > workstation. > > How can this be done in a secure way (communicating with the service and > (windows) authentication without possibility of man in the middle attacks.) 
Other interesting topics
|
|||||||||||||||||||||||
