Extracting user's password for alternate authentication
-
I'm trying to use the CrystalDecisions assembly to access Crystal Reports. To do this, I need to get the user's authentication information so I can authenticate into Crystal Reports itself. I want to do this with the user's windows authentication so the user is saved the trouble of having to log in. Here's where I'm putting the information:
CrystalDecisions.Shared.ConnectionInfo crConnectionInfo = new CrystalDecisions.Shared.ConnectionInfo; crConnectionInfo.ServerName = "ServerName"; crConnectionInfo.DatabaseName = "DBName"; crConnectionInfo.UserID = "UserID"; crConnectionInfo.Password = "Password";ServerName and DBName are key values in my web.config file, so they're easy. Getting the current user's UserID from System.Security is also pretty straightforward. What I can't find is a way to extract the password from somewhere. I realize there may be security in place specifically to prevent exactly what I'm trying to do, but has anybody come across a way to do it? Perhaps finding the user's object on the AD? Perhaps pulling it from Windows somewhere? Perhaps a way to pass a security token to Crystal Reports? Thanks for your help! -
I'm trying to use the CrystalDecisions assembly to access Crystal Reports. To do this, I need to get the user's authentication information so I can authenticate into Crystal Reports itself. I want to do this with the user's windows authentication so the user is saved the trouble of having to log in. Here's where I'm putting the information:
CrystalDecisions.Shared.ConnectionInfo crConnectionInfo = new CrystalDecisions.Shared.ConnectionInfo; crConnectionInfo.ServerName = "ServerName"; crConnectionInfo.DatabaseName = "DBName"; crConnectionInfo.UserID = "UserID"; crConnectionInfo.Password = "Password";ServerName and DBName are key values in my web.config file, so they're easy. Getting the current user's UserID from System.Security is also pretty straightforward. What I can't find is a way to extract the password from somewhere. I realize there may be security in place specifically to prevent exactly what I'm trying to do, but has anybody come across a way to do it? Perhaps finding the user's object on the AD? Perhaps pulling it from Windows somewhere? Perhaps a way to pass a security token to Crystal Reports? Thanks for your help!If I remember correctly, the user's password is encrypted using a one way hash. So even if you could find it there would be nothing you could do with it. When you type a password in Windows it performs the same one way hash and compares the two hash values. This way, if the passwords are compromised there would be no way to get back to the original password.
My: Blog | Photos "Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucious