|
Hi guys!
I need your input on how to solve a problem that we have.
Our company provides a web-service, a SaaS.
Our idea is to create a destop appilication that can communicate with the web service using https.
I have written a .net app in C#, and I need ideas on how I can login a user without the user needing to type his username and password each time.
The idea is that the user inputs his username and password once and then checks the checkbox to automatically login. Now the user doesn't need to input his login details each time the program restarts. My criteria is that the client should never store the password (clear-text or encrypted) on the local machine.
This is my idea for a solution.
User input the username and password on the desktop-client
The client sends the login details to the webserver, over ssl.
The server verifies the login details and sends back a challenge to the client, if the username and password was correct.
The client then computes a static value using DAPI. This is how i do it:
Code Snippet
private static RSA GetKey(DataProtectionScope scope)
{
switch (scope)
{
case DataProtectionScope.CurrentUser:
if (user == null)
{
CspParameters csp = new CspParameters();
csp.KeyContainerName = "DAPI";
user = new RSACryptoServiceProvider(1536, csp);
}
return user;
default:
throw new CryptographicException("Invalid scope.");
}
}
RSA rsaKey = GetKey(DataProtectionScope.CurrentUser);
RSAParameters keyParam = rsaKey.ExportParameters(true);
Then I use keyParam.P, which is the private key as the static value.
And this static value is dependent on the current user that is loged in to the OS.
I use the static value and the challenged recieved from the server to compute a hash value, H(keyParam.P, challenge).
The client send this value back to the server, and the server will use this hash value in future authentication.
So from now on, the client needs to compute this hash value on runtime, each time he wants to access the webservice.
I think this is strong enough for authentication. But the only problem I see with this solution is that the server has no idea what application is communicating with it. I want from the server only allow application signed or certified by us to contact the server. Because, the problem I see is that, an attacker can create an imitation of my destop client and fetch information from the server, if the user chooses to use "automatic login" feature.
I hope you guys understand my problem. Any replies will be deeply appreciated!
Thank,
/SC
modified on Wednesday, February 06, 2008 5:50:18 AM
|
|
|
|
|
while geeting this.ActiveMDIChild windows return as Form. I need as the original class object. there is any way? thanks in advance.
Have A Nice Day!
Murali.M
|
|
|
|
|
Try this.ActiveMdiChild.GetType()
|
|
|
|
|
hi,
What is the replacement of InputBox function (VB.Net) in C#.Net?
I.e in VB.Net we have InputBox function to allow user for entering details..similarly is there any function in C#.Net?
|
|
|
|
|
Google "c# inputbox" = Clickety
You always pass failure on the way to success.
|
|
|
|
|
Hi,
we can use Microsoft.VisualBasic.dll as reference in your c# application
and then use the following line in your code
Microsoft.VisualBasic.Intereaction.InputBox("entervalues","values","null",0,0);
where enter values is the prompt message for the user ,
values is the title of the input box,
null is the default value
0,0 are the x and y coordinates of the position of input box.
-Suchi
|
|
|
|
|
Suchi Teegala wrote: 0,0
These are actually optional arguments in VB.NET. But since C# does not support the concept of optional arguments, we ought to provide a value explicitly.
Vasudevan Deepak Kumar
Personal Homepage
Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson
|
|
|
|
|
ya deepak but we can directly enter the values as 0,0
can u tell me if there is any problem in writing in that
particular way?
|
|
|
|
|
I'm new for networking programing and i wanna know that how to write a java program for mesure to ping delay for particular site
Ex-: If we ping in command promt www.googe.com how to write a program for mesure ping delay??
CheeN
|
|
|
|
|
sacr83 wrote: I'm new for networking programing and i wanna know that how to write a java program for mesure to ping delay for particular site
Perhaps a Java forum would be better?
We violated nature and our children have to pay the penalty
Don't go near the water children... Johnny Cash - 1974
|
|
|
|
|
Hi all,
Is there a straight forward C# principle that I'm missing here? I have a MDI container in which I can open various MDI children.
If a MDI child is maximised and I open a new one, I want it to be maximised by default. This works, so far so good. However, if I close the last open MDI child form (even though it is maximised) the MDI container lose that status and the next MDI child that I open will not be maximised.
I want to now two things:
1. Is there a way I can have the MDI container with no open children remember whether the last open MDI child was maximised or not and open any new MDI children in the same state?
2. Is there a way I can have the MDI container open the very first child in a maximised state by default (on first execution)?
I hope my questions make sense.
Cheers
|
|
|
|
|
Create a static variable outside your form classes of type FormWindowState and set its initial value to FormWindowState.Maximized.
In the form closing event of each child, set this variable to the child's WindowState, and in the Load set the child's WindowState to the variable's value.
Another solution instead of a static variable is to use a Setting with user scope that way you could persist your last window state even when the app is restarted.
|
|
|
|
|
Hi All,
I am using vs.net 2005 and Fxcop 1.35.
I want to write some custome rule for naming conventions.
please provide me url for writing custom rules step by step
Thank you
|
|
|
|
|
|
I’ve deployed my program from VS 2005 for about 2 years now and updates have worked just fine with VS Setup deployment project.
When I increment my version number from 1.0.50 to 1.0.51 the reinstallation seams to go fine but it doesn’t replace the new dlls and exe files in the installation dir…
If I uninstall an then install it works fine but I don’t want my users to do that every time I release a new version.
RemovePreviousVersions = true
DetectNewerInstalledVersion = true
_____________________________
...and justice for all
APe
|
|
|
|
|
Hi,
I am trying to open an existing excel spreadsheet which has an Addins.
When I open it using .net code, it opens the file but the addins does not appear in the file.
So, after doing some search, I found there is a VBA code which does what I want but unfortunately I do not know how to add this VBA code to my .net code.
I am using c# but you can let me know the code in vb.net if you prefer.
Thanks
Here is the VBA which is supposed to have the Addins in the excel file:
Dim oAddin As AddIn
Dim oTempBk As Workbook
Set oTempBk = Workbooks.Add
Set oAddin = oXL.AddIns.Add("C:\blp\blp.xla", True)
oAddin.Installed = True
oTempBk.Close
In case you are interested, I am using c# to open my current excel file:
Microsoft.Office.Interop.Excel.Application EApp = new Microsoft.Office.Interop.Excel.Application();
Microsoft.Office.Interop.Excel.Worksheet WS = ((Microsoft.Office.Interop.Excel.Worksheet)(EApp.Workbooks.Open(@"C:\MarketAnalytics\YieldsSpreads\YieldsSpreads.xls",
Type.Missing, Type.Missing, Type.Missing, Type.Missing, Type.Missing, Type.Missing, Type.Missing, Type.Missing, Type.Missing, Type.Missing, Type.Missing, Type.Missing, Type.Missing, Type.Missing).ActiveSheet));
EApp.Visible = true;
|
|
|
|
|
hi
how can i open outlook and send mail usin c# code ?
thank's
|
|
|
|
|
Why would you want to open Outlook for that? Feel free to browse this[^]
Cheers,
Vikram.
"I will put my new found knolage to good use" - Captain See Sharp.
"Every time Lotus Notes starts up, somewhere a puppy, a kitten, a lamb, and a baby seal are killed." - Gary Wheeler.
|
|
|
|
|
You shouldn't use Outlook for that. What is wrong with the correct responses here[^] and here[^] that pointed you in the right direction to get your job done? Are you still trying to get someone to write the code for you?
I'm going to become rich when I create a device that allows me to punch people in the face over the internet.
"If an Indian asked a programming question in the forest, would it still be urgent?" - John Simmons / outlaw programmer
|
|
|
|
|
Hi all,
I have a textbox control in my windows form, where user can type the message and insert any picture he wants and export it. If he selects any picture, i am appending the message like "Picture picno Inserted" to the textbox.
Now, my problem is, if he uses backspace key to delete anything in the message, the "Picture inserted" message should not get deleted. Means, that particular string has to be greyed out & disabled in the textbox. So, that i need not get bothered about calculating length for each keypress event.
Could any one please tell me how can I achieve this? Meanwhile, i tried of selecting the text & changing the color of the selected text but didn't get how to disable that particular text... And also i tried of using RichTextBox too but in vain.
Thanks in aDvance,
Durga.
Strength is life, Weakness is death.
--- Swami vivekananda
|
|
|
|
|
You cannot disable part of the text in a textbox. You will have to handle TextChanged yourself.
Cheers,
Vikram.
"I will put my new found knolage to good use" - Captain See Sharp.
"Every time Lotus Notes starts up, somewhere a puppy, a kitten, a lamb, and a baby seal are killed." - Gary Wheeler.
|
|
|
|
|
Create your own class similar to...
public class picno
{
private int _PictureNumber;
public int PictureNumber
{
get { return _PictureNumber; }
set { _PictureNumber = value; }
}
public override string ToString()
{
return "Picture " + _PictureNumber.ToString() + " Inserted";
}
public picno(int PictureNumber)
{
_PictureNumber = PictureNumber;
}
}
then, when a picture is selected, create an instance of this assigning the picture number to the property and update the text. Something like...
picno myPicNo = new picno(25);
textBox1.Tag = myPicNo;
textBox1.Text += textBox1.Text + " " + (picno)textBox1.Tag;
On the text changed event, look to see if the alteration would change any text that matches (picno)textBox1.Tag and disallow if needed.
(You may need to use (picno)textBox1.Tag.ToString() for some operations)
modified on Wednesday, February 06, 2008 6:41:19 AM
|
|
|
|
|
Hey all,
In a lottery system website what are the things to keep in mind?
So far I thought about:
SSL to secure the client/server connection
Login site to authenticate and authorize the people working for the lottery place.
Database to store all the info.
The application itself, which by the way, would it be possible to make this website interface look like a desktop form?
It has to be a website type application because it needs to be OS independent. It has to run in a Unix Computer as well as in a Nintendo DS and everything in between.
Where can i get some c# scripts tutorials/books? I have googled it but I haven't been lucky so far.
I have a solid php/apache/mysql/javascript base but I am like quick sand in asp/IIS/Sql Server. I know the basics of Sql Server but so far it gets frustrating.
But I have learned my lesson you guy taught me, always work with the best and the best tools if you want to be part of the elite.
thanxs all!!!!
PS: this is the random question: which one is better asp or php, IIS or Apache, Javascript or C# scripts or vbscripts, python or c# or VB or Java?
And what is the difference between J# and C# because all examples i see in MSDN look the same to me!
Luis E Tineo S
|
|
|
|
|
Hi,
I am using Windows authentication and I get the current user like this:
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);<br />
WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;<br />
<br />
Response.Write(myPrincipal.Identity.Name + "<br /><br />");
I get the current groups like this:
foreach (IdentityReference idref in WindowsIdentity.GetCurrent().Groups)<br />
{<br />
Response.Write(idref.Translate(typeof(NTAccount)).Value + "<br />");<br />
Response.Write(idref.Translate(typeof(NTAccount)).Value + "<br />");<br />
}
What I need to find out is if the user belongs to any of these groups. How do I test this?
Please can some one help?
Regards,
Brendan
|
|
|
|
|
hi, I'm having a problem in declaring and passing a value to a public variable in C#.Net. I am a VB.Net user not a C#.Net user, i just thinking if i convert my VB.Net code to C#.Net and that's what I'm doing now.
In VB.Net you can create a Module where you can declare all your public variables to use it again and again. My problem now is, how can i declare a public variable/s in C#.Net so that i can use it for many times and also to pass a value to that variable so that i can get the value i pass to public variable.
Example.
Public strFullName as String, where strFullName is the variable where i pass the FullName of the person who logged to the system.
Thank You.
Don't block the drive way of all the newbies in programming. 
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
.