Validate User ID/ password on windows form
-
Hi, I'm trying to make a program for booking rooms in my school library automatically. I need a way to check if a certain ID/password is valid on the domain because library uses network credentials. My laptop is on school's domain and it doesn't have admin rights. I tried googling this problem, many people suggested using DirectoryServices, but for some reason when I include this namespace then I get error message saying "Namespace is not valid". Any help will be appreciated. Shivam
-
Hi, I'm trying to make a program for booking rooms in my school library automatically. I need a way to check if a certain ID/password is valid on the domain because library uses network credentials. My laptop is on school's domain and it doesn't have admin rights. I tried googling this problem, many people suggested using DirectoryServices, but for some reason when I include this namespace then I get error message saying "Namespace is not valid". Any help will be appreciated. Shivam
I suggest you try this: 1. in the solution pane, add a reference to your project, use .NET tab, locate "System.DirectoryServices" 2. in your source file(s), add a line
using System.DirectoryServices;And you may have to repeat the same for System.DirectoryServices.AccountManagement (which exists since .NET 3.5) :)Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
-
I suggest you try this: 1. in the solution pane, add a reference to your project, use .NET tab, locate "System.DirectoryServices" 2. in your source file(s), add a line
using System.DirectoryServices;And you may have to repeat the same for System.DirectoryServices.AccountManagement (which exists since .NET 3.5) :)Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
Ya I figured that out before your replied. I tried using method find on internet to authenticate. This is exception I'm getting
System.DirectoryServices.AccountManagement.PrincipalServerDownException was unhandled
Message=The server could not be contacted.
Source=System.DirectoryServices.AccountManagementI used following code.
PrincipalContext adContext = new PrincipalContext(ContextType.Domain);
bool valid;using (adContext) { valid = adContext.ValidateCredentials("studentID", "password"); } Console.Write(valid);What I'm doing wrong here. And is it even possible to validate, because I'm not an admin of domain.
-
Ya I figured that out before your replied. I tried using method find on internet to authenticate. This is exception I'm getting
System.DirectoryServices.AccountManagement.PrincipalServerDownException was unhandled
Message=The server could not be contacted.
Source=System.DirectoryServices.AccountManagementI used following code.
PrincipalContext adContext = new PrincipalContext(ContextType.Domain);
bool valid;using (adContext) { valid = adContext.ValidateCredentials("studentID", "password"); } Console.Write(valid);What I'm doing wrong here. And is it even possible to validate, because I'm not an admin of domain.
I don't really know. I read your question once more, and now I strongly doubt Windows would allow a non-admin to query the user/password list like that. It would support a brute force attack and hence constitute a security risk. You may have to rethink your authentication approach; maybe the user being logged on and running your app is sufficient; or your app should rely on its own authentication (i.e. your own user list in the database). :)
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
-
I don't really know. I read your question once more, and now I strongly doubt Windows would allow a non-admin to query the user/password list like that. It would support a brute force attack and hence constitute a security risk. You may have to rethink your authentication approach; maybe the user being logged on and running your app is sufficient; or your app should rely on its own authentication (i.e. your own user list in the database). :)
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
Luc Pattyn wrote:
You may have to rethink your authentication approach; maybe the user being logged on and running your app is sufficient; or your app should rely on its own authentication (i.e. your own user list in the database).
Indeed. Why query anything? If the machines require a domain account to log onto them, and they are logged on, the username and password were valid.
There is water at the bottom of the ocean. My Mu[sic] My Films My Windows Programs, etc.
-
Luc Pattyn wrote:
You may have to rethink your authentication approach; maybe the user being logged on and running your app is sufficient; or your app should rely on its own authentication (i.e. your own user list in the database).
Indeed. Why query anything? If the machines require a domain account to log onto them, and they are logged on, the username and password were valid.
There is water at the bottom of the ocean. My Mu[sic] My Films My Windows Programs, etc.
Thank you for replying. So basically, right now my program as 15 IDs and password in its data base. I've added a button "contribute" where other students could donate their ID and passwords, these ID and passwords are their credentials on school's domain, also it is used to authenticate the library booking. I need some way to validate this, I first tried to validate using HTTPrequest and directly validating it through logging into library, if error occurs then credentials are not valid. This approach is kind of hard, I found that there is some __ISVALID post parameter that keeps changing, so first I've to parse source to find this parameter then and logging then check its validity. Therefore, I switched to this approach, of checking credential within active directory. Now, this seems not to work either..I wonder, in my laptop I could logging with my friend's network ID and password, so there should to be some way of just VALIDATING the credentials, not tampering it. Or could think of some other way??? :) Shivam
-
Thank you for replying. So basically, right now my program as 15 IDs and password in its data base. I've added a button "contribute" where other students could donate their ID and passwords, these ID and passwords are their credentials on school's domain, also it is used to authenticate the library booking. I need some way to validate this, I first tried to validate using HTTPrequest and directly validating it through logging into library, if error occurs then credentials are not valid. This approach is kind of hard, I found that there is some __ISVALID post parameter that keeps changing, so first I've to parse source to find this parameter then and logging then check its validity. Therefore, I switched to this approach, of checking credential within active directory. Now, this seems not to work either..I wonder, in my laptop I could logging with my friend's network ID and password, so there should to be some way of just VALIDATING the credentials, not tampering it. Or could think of some other way??? :) Shivam
VERY bad practice, storing passwords. Maybe store a hash of a password to compare with the original, but the password itself? The network people would have a hissy fit. Also, what are you going to do in 90 or 180 days when everyone changes their network password and it no longer matches what you have in the database? I think you missed the point. If the computers you are concerned about are on in the domain the network, and they require a user to log in to use them, then the authentication has already taken place and you don't really need to do anything else.
There is water at the bottom of the ocean. My Mu[sic] My Films My Windows Programs, etc.
-
VERY bad practice, storing passwords. Maybe store a hash of a password to compare with the original, but the password itself? The network people would have a hissy fit. Also, what are you going to do in 90 or 180 days when everyone changes their network password and it no longer matches what you have in the database? I think you missed the point. If the computers you are concerned about are on in the domain the network, and they require a user to log in to use them, then the authentication has already taken place and you don't really need to do anything else.
There is water at the bottom of the ocean. My Mu[sic] My Films My Windows Programs, etc.
What?? It is just a hobby project, our school library is always packed, but there is a system which allows you to book rooms exactly at 10:00 AM in morning, it requires three people to log in and book the room..so me and my friends have decided to make a program that can do this automatically for us..its not a large scale program where people would keep changing their IDs and Password..
-
What?? It is just a hobby project, our school library is always packed, but there is a system which allows you to book rooms exactly at 10:00 AM in morning, it requires three people to log in and book the room..so me and my friends have decided to make a program that can do this automatically for us..its not a large scale program where people would keep changing their IDs and Password..
Are you sure about the code you are using? I Googled and found similar, but they had PrincipalContext(ContextType.Domain, Domain) not PrincipalContext(ContextType.Domain)
There is water at the bottom of the ocean. My Mu[sic] My Films My Windows Programs, etc.
-
Are you sure about the code you are using? I Googled and found similar, but they had PrincipalContext(ContextType.Domain, Domain) not PrincipalContext(ContextType.Domain)
There is water at the bottom of the ocean. My Mu[sic] My Films My Windows Programs, etc.
I see..I solved the problem..I'm happy. I used c sharp in build browser control..it is damn easy. You can find any HTML input element using document thingy..then insert some value in it..and click on button..and search if error occurs..Microsoft is best..c sharp rocks..