|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How do I determine if a windows identity is authenticated to the network domainI have a Click Once application which makes a secure remoting call to the server. The server can see the windowsidentity of the person making the call and can then do authorization checks and pass that information back to the client. This works fine when I run the application in-house. When I run this on a computer that is NOT on the domain (but I am VPN'd in to the network) I get a: System.Security.Authentication.InvalidCredentialException Invalid credentials error. At this point, we've decided that we are not going to allow access to the application unless you can authenticate. We can easily determine if a user is authenticated because the secure remoting call works and we know when the user is not authenticated (because the call doesn't work - it throws that exception). My question is: is there a better way to disallow access to the application rather than catching an invalidcredentialexception? In other words, is there a way to know ahead of time if a user is authenticated to the domain or not? Thanks everyone, John The credentials presented to the server are the ones the client application
is started under. If you are connecting to the server application from a client PC NOT part of the domain (ie. that of the server); the server will surely not recognize the credentials. This explains why you get an InvalidCredentialsException. The IIdentity (e.g. implemented by WindowsIdentity) interface contains a boolean parameter called IsAuthenticated; which you potentially could use for check before continuting into the authorization schema of your backend systems. -- Show quoteHide quotergds. /Claus Konrad "JohnK" wrote: > Hello: > > I have a Click Once application which makes a secure remoting call to > the server. The server can see the windowsidentity of the person making > the call and can then do authorization checks and pass that information > back to the client. > > This works fine when I run the application in-house. When I run this on > a computer that is NOT on the domain (but I am VPN'd in to the network) > I get a: System.Security.Authentication.InvalidCredentialException > Invalid credentials error. > > At this point, we've decided that we are not going to allow access to > the application unless you can authenticate. We can easily determine if > a user is authenticated because the secure remoting call works and we > know when the user is not authenticated (because the call doesn't work > - it throws that exception). > > My question is: is there a better way to disallow access to the > application rather than catching an invalidcredentialexception? In > other words, is there a way to know ahead of time if a user is > authenticated to the domain or not? > > > Thanks everyone, > John > > 
Other interesting topics
Creating MSI for installing .NET security policies
SecurityException thrown when serializing custom exception class ActiveDirectory group membership in offline profile How to deploy a VS2005 VB app without signing the clickonce manifest and assy Question on the use of CryptoStream COM+ Security error The remote server returned an error: (403) Forbidden in webrequest Which encryption type ???? Why am I not trusted? Credentials Double Hop |
|||||||||||||||||||||||
