In a Windows desktop (C# / WPF) application, I need to replace our own user authentication with one using Windows authentication.
I've figured out how to do a login using Interop and calling LogonUser() and to discover if the user is in a given role:
bool isValid = LogonUser(userName, domain, password, 2, 0, ref tokenHandler);
WindowsIdentity windowsIdentity = new WindowsIdentity(tokenHandler);
WindowsPrincipal windowsPrincipal = new WindowsPrincipal(windowsIdentity);
bool inRole = windowsPrincipal.IsInRole("Everyone");
Is it possible to get a list of all users, the roles they belong to and ideally be able to change their passwords from with the application (I doubt this will be possible).
Related
I am looking to pull a list of Azure resources such as VMs, AppServices, etc and possibly interact (create, delete, scale, etc.) via the Azure SDK for NodeJS. The examples seem to demonstrate/push the use of an interactive login.
The reason I don't want to use the interactive logon is so I can schedule these tasks instead of requiring interaction.
Example, I looked at the authentication module and it is focused on interactive logon as well. Is there another means to authenticate instead of interactive as the previous SDK seemed to allow to authentication via secrets and subscription ID:
//Environment Setup
_validateEnvironmentVariables();
var clientId = process.env['CLIENT_ID'];
var domain = process.env['DOMAIN'];
var secret = process.env['APPLICATION_SECRET'];
var subscriptionId = process.env['AZURE_SUBSCRIPTION_ID'];
var credentials = new msRestAzure.ApplicationTokenCredentials(clientId, domain, secret, { 'tokenCache': tokenCache });
After assistance with the SDK team, there are options for auth for node, but better to get these from the node site and use the #azure ones as those are the most up to date. Ex: https://www.npmjs.com/package/#azure/ms-rest-nodeauth
I am developing an APP with Xamarin.Forms, and I need to access the data hosted on my Dynamics 365 platform..
In the developer resources section, Microsoft offers me a URL for access: https://XXXXXX.api.crm4.dynamics.com/api/data/v9.1/ and a Client ID.
With this data, is it enough to access to the platform? According to the Microsoft documentation, I need to register the APP in Active Directory but following the steps indicated in it I have not managed to connect.
But the Client ID offered to me when registering the APP in Azure is totally different from the one offered in the platform. I have also obtained the access credentials but there is no way.
I have the following code.
Values of the constants:
Constantes.API_URL = https: //XXXXXX.api.crm4.dynamics.com/api/data/
Constantes.CLIENT_ID = By registering the application at Active Directory (Not the one that they give me in the platform)
Constantes.CLIENT_KEY = By registering the application at Active Directory.
AuthenticationParameters ap = AuthenticationParameters.CreateFromResourceUrlAsync(
new Uri(Constantes.API_URL)).Result;
String authorityUrl = ap.Authority;
String resourceUrl = ap.Resource;
//return resourceUrl;
ClientCredential creditential = new ClientCredential(Constantes.CLIENT_ID, Constantes.CLIENT_KEY);
AuthenticationContext authContext = new AuthenticationContext(authorityUrl, false);
AuthenticationResult result = null;
result = await authContext.AcquireTokenAsync(resourceUrl, creditential);
return result.AccessToken;
I need to use Windows authentication in my Xamarin UWP app. How can i access currently logged-in user details in the app. Need to retrieve user Active Directory login ID who currently logged in Windows.
I already tried below solution and it gives empty results for me.
How can I get username or id of currently logged in user in UWP App
Appreciate your help....
Here's a UWP sample that uses ADAL. ADAL.NET does not expose directly the notion of user from an authentication context. It does provide a UserInfo, as a property of the AuthenticationResult. When you get back the auth result, you can use the UserInfo property to get the Displayable ID of the signed in user.
Here's more from the ADAL wiki.
If you have not add User Account Information capability to your app in the Package.appxmanifest, you will not have permission to access user account info.
For other reasons, if you authinticated using hotmail, you need KnownUserProperties.FirstName and KnownUserProperties.LastName to get your account name.
private async void GetUser()
{
IReadOnlyList<User> users = await User.FindAllAsync();
var current = users.Where(p => p.AuthenticationStatus == UserAuthenticationStatus.LocallyAuthenticated &&
p.Type == UserType.LocalUser).FirstOrDefault();
// user may have username
var data = await current.GetPropertyAsync(KnownUserProperties.AccountName);
string displayName = (string)data;
// authinticated using hotmail
if (String.IsNullOrEmpty(displayName))
{
string a = (string)await current.GetPropertyAsync(KnownUserProperties.FirstName);
string b = (string)await current.GetPropertyAsync(KnownUserProperties.LastName);
displayName = string.Format("{0} {1}", a, b);
}
}
Please note the above code only works in UWP native project, and it can't be used directly in the pcl, you need to create GetUser method via DependencyService.
Update
If you have authorized with ADAL, you could use AcquireTokenSilentAsync method get info from token cache silently, for more refer this.
This is fairly simple. You should do it at the platform specific level, using Windows.System.User, To retrieve the current user's information. Here is a post which describes detaily how to accomplish this.
I want to develop the functionality of remember the user's credentials for the next time login of the user in windows phone 7 application (like "remember me " functionality on the websites) Please tell me how to do this in windows phone 7.
Thanks
You can store the credentials in the Phone's Isolated storage. Your application's isolated storage cannot be accessed by any other application. The simplest way would be something like:
public void SaveCredentials()
{
var settings = IsolatedStorageSettings.ApplicationSettings;
settings.Add("username", "user123");
settings.Add("password", Encrypt("password123");
}
You can then retrieve it as :
string username = settings["username"].ToString();
string password = Decrypt(settings["password"].ToString());
You can write a Encryption / Decryption method depending on you security requirements. There are a number of ways that have different level of security and complexity. To help you get started one such way could be found HERE.
There are a few updates on the above answer.
To save:
private void SaveCredentials()
{
IsolatedStorageSettings.ApplicationSettings.Add("username", username);
IsolatedStorageSettings.ApplicationSettings.Add("password", password.ToString());
}
To retrieve:
string username = IsolatedStorageSettings.ApplicationSettings["username"];
string password = IsolatedStorageSettings.ApplicationSettings["password"];
Has anyone used delegates with exchnage web services? I would like one user to be able to control other users' calendars in Exchange. I'm finding this problem to be a little tricky, and I'd like to see how others have been able to get it to work properly.
I'm just getting started here, but i managed to get access to Resource calendars via a delegate account.
I used the recommendations from this article about delegate account and resource accounts. (Resource accounts are tricky because they are disabled in the AD, and you have to use a delegate account to get access to them)
After setting up the delegate account on the server, I set up the ExchangeServerBinding using the credentials of the delegate account:
ExchangeServiceBinding binding = new ExchangeServiceBinding();
binding.Url = #"https://dc1.litwareinc.com/ews/exchange.asmx";
// Setup binding with username and password of the delegate account
binding.Credentials =
new NetworkCredential(delegateuserName, delegatepassword, "litwareinc.com");
(I'm using Microsofts prepared virtual server image for testing)
Then when accessing the mailbox, I set up a FindItemType request and use the smtp address of the account i want to access:
// Prepare request
var findItemRequest = new FindItemType();
// Setup the mailbox using the smtp address of the account wanted
var mailbox = new EmailAddressType {EmailAddress = mailboxId};
findItemRequest.ParentFolderIds =
new[] {new DistinguishedFolderIdType {Mailbox = mailbox}};
((DistinguishedFolderIdType) findItemRequest.ParentFolderIds[0]).Id =
DistinguishedFolderIdNameType.calendar;
findItemRequest.Traversal = ItemQueryTraversalType.Shallow;
// Add ItemResponseShapeType and Calendarview to request here ...
// The create a FindItemResponseType using the binding and the request
var response = binding.FindItem(findItemRequest);
So in short:
Setup an account with delegate access on the Exchange server, this can be done via owa or with a Exchange Shell script
Use the account with delegate access on the ExchangeServiceBinding object
Access target account using a FindItemType with the target account smtp-addres as EmailAddressType
Regards
Jesper Hauge