Network Security Issue
-
We have a client/Server application which, on the server side, runs on a dedicated, stand alone, server. We have a logon procedure by which we force users to authenticate themselves to us when they logon with a username and password. We would like to avoid this for those users who access our service if they are already properly logged onto their local network. For example, what we want is to have some means of identifying a user trying to log onto our system as a properly authenticated member of domain XYZ of their network server. Is there any means of acquiring network information from the client side, which can be passed to our server which would allow us validate a user automatically? Clients might be running under Win 95/98. Also, is there any way to uniquely identify a given network domain? That is, can we distinquish domain XYZ of one network, from domain XYZ of another network using the standard Windows networking API?
-
We have a client/Server application which, on the server side, runs on a dedicated, stand alone, server. We have a logon procedure by which we force users to authenticate themselves to us when they logon with a username and password. We would like to avoid this for those users who access our service if they are already properly logged onto their local network. For example, what we want is to have some means of identifying a user trying to log onto our system as a properly authenticated member of domain XYZ of their network server. Is there any means of acquiring network information from the client side, which can be passed to our server which would allow us validate a user automatically? Clients might be running under Win 95/98. Also, is there any way to uniquely identify a given network domain? That is, can we distinquish domain XYZ of one network, from domain XYZ of another network using the standard Windows networking API?
If the client use Named Pipes to talk to the server, you can do it pretty easy. Named Pipes supports NT Security :) If you want to know more about Named Pipes and NT Security, I recommend the book: "Programming Server Side Applications for Windows 2000", from MS Press... - Anders Money talks, but all mine ever says is "Goodbye!"
-
If the client use Named Pipes to talk to the server, you can do it pretty easy. Named Pipes supports NT Security :) If you want to know more about Named Pipes and NT Security, I recommend the book: "Programming Server Side Applications for Windows 2000", from MS Press... - Anders Money talks, but all mine ever says is "Goodbye!"
Thank you. I will look into that. However, one quick question, doesn't the use of a named pipe imply that you have a service running on the server in question in order to establish the converstation between client and server? In our situation, our service is running on a server external to the primary network that a client might be on. We simply want to be able to basically "piggy back" off of their existing network security so the user does not have to log on twice, once to get onto their network, and once to get into our service. No solution that requires us to have something running on thier server is going to work. We need to have information from the client relative to its status on the network so that we know that when the client calls us, it can tell us if it is, in fact, properly logged on to the its network.
-
Thank you. I will look into that. However, one quick question, doesn't the use of a named pipe imply that you have a service running on the server in question in order to establish the converstation between client and server? In our situation, our service is running on a server external to the primary network that a client might be on. We simply want to be able to basically "piggy back" off of their existing network security so the user does not have to log on twice, once to get onto their network, and once to get into our service. No solution that requires us to have something running on thier server is going to work. We need to have information from the client relative to its status on the network so that we know that when the client calls us, it can tell us if it is, in fact, properly logged on to the its network.
Ohhh, now I know what you want, and you are right, you cannot use Named Pipes for that. I guess I would get my client app. to chech that the user is authentificated against a DC, and send a special packet to the server, when connecting, saying "I'm ok - Anders Money talks, but all mine ever says is "Goodbye!"
-
Ohhh, now I know what you want, and you are right, you cannot use Named Pipes for that. I guess I would get my client app. to chech that the user is authentificated against a DC, and send a special packet to the server, when connecting, saying "I'm ok - Anders Money talks, but all mine ever says is "Goodbye!"
Thanks. I think that is what we have decided to do. Unfortunantly, to do that authentication from 95/98 does not appear to be straight forward, and might involve the use of the old 16 bit network api.