Windows authentication in WinForms project

Question

5.00/5 (1 vote)

See more:

Hi everyone,

I am trying to find a way to provide windows authentication in my C# forms project. I have found a couple of tutorials, including one here on Code Project, but they fail to satisfy my precise requirements in one fundamental way: they all work by testing a text box username / password against the current logged in user. My problem is that I want to be able to authenticate any user that has a valid Windows account. The reason for this is that I want to restrict some administration functionality in my project to certain known individuals and I'd like to do it by testing their Windows credentials because it means they can use their regular workstation login credentials and I don't have to concern myself with creating a separate, secure credentials database. The approved individuals would not be logged in to the machine that the project is running on - the project runs on a standard user account and can be accessed by anyone.

Okay, so I could implement a solution that involves them having to log into the target workstation first and then use the regular solutions I've found on here and elsewhere. But it's an extra layer of hassle for the administrators that if possible I'd like to avoid.

Is this even possible? I am lead to believe that it is primarily because here at work we use SVN to manage our code and the Tortoise SVN UI authenticates us using our standard Windows credentials, and I can do that regardless of whether or not I am the currently logged in user on the machine.

If someone is able to point me in the direction of a useful information source for this problem I would very much appreciate it.

Thanks in advance,

Brian

Posted 18-Dec-13 0:13am

bh_

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Member 10434230 · Accepted Answer · 2013-12-18T01:09:00

Solution 1

Try using Interop Services. check the below Code:

[System.Runtime.InteropServices.DllImport("advapi32.dll")]
public static extern bool LogonUser(string userName, string domainName, string password, int LogonType, int LogonProvider, ref IntPtr phToken);

public bool IsValidateCredentials(string userName, string password, string domain)
{
IntPtr tokenHandler = IntPtr.Zero;
bool isValid = LogonUser(userName, domain, password, 3, 0, ref tokenHandler);
return isValid;
}

Posted 18-Dec-13 1:09am

Member 10434230

Comments

bh_ 18-Dec-13 7:33am

Thanks for the solution. Your solution is actually the method I was already evaluating, but it transpires that I was lead down the garden path with it! I tested the solution using my own username/password and it returned valid. But I am the logged in user on my machine so to test it with someone else's credentials I asked a colleague to try his username/password on it for me. It then failed to authenticate him. He tried it a few times but it failed every time. I therefore assumed that my solution was only working for myself. I've now tried the code on his machine with my username/password and it authenticates just fine. So he must have been typing his password wrong when I asked him earlier!!!

I guess there is still a problem for me to solve though; I now want to be able to check the verified credentials against a group to ensure that the user is a member of a specific admin group that I will set up and add users to. I will crack on with that.

Thanks again!