Craig McMurtry's WebLog

Application Security, Part 21

Alright: at this point we have the foundation of our user authentication strategy set up.  Let see how our application actually authenticates its users.  We’ll begin at the entry point of the application, the static Main method of the primary form.  

 

              /// <summary>

              /// The main entry point for the application.

              /// </summary>

              [STAThread]

              static void Main(string[] asArguments)

              {

                     Hashtable rArguments = null;

                    

                     try

                     {

                           rArguments = CUtility.rParseCommandLineArguments(asArguments,frmMain.c_sArgumentSeparator_Prefix,frmMain.c_sArgumentSeparator_Suffix);

 

                           string sCulture = (string)rArguments[frmMain.c_sArgumentKey_Culture];

                           if((sCulture != null)&&(sCulture != string.Empty))

                           {

                                  try

                                  {

                                         System.Globalization.CultureInfo rCulture = new System.Globalization.CultureInfo(sCulture);

                                         System.Threading.Thread.CurrentThread.CurrentCulture = rCulture;

                                         System.Threading.Thread.CurrentThread.CurrentUICulture = rCulture;

                                  }

                                  catch(Exception)

                                  {

                                  }

                           }

 

                           string sUserName = (string)rArguments[frmMain.c_sArgumentKey_UserName];

                           string sPassword = (string)rArguments[frmMain.c_sArgumentKey_Password];

 

                           System.Collections.Hashtable rConfigurationSection = (System.Collections.Hashtable)System.Configuration.ConfigurationSettings.GetConfig(frmMain.c_sConfigurationSection_Authorization);

 

                           byte byLimit_LoginAttempts = byte.Parse((string)rConfigurationSection[frmMain.c_sKey_Limit_LoginAttempt]);

                          

                           AuthenticationService.TaskVisionII_Authentication rAuthenticationService = new AuthenticationService.TaskVisionII_Authentication();

                           rAuthenticationService.Url = (string)rConfigurationSection[frmMain.c_sKey_Location_Service];

                           ICredentials rCredentials = null;

                          

                          

                           AuthenticationService.CUser rUser = null;

                           frmLogin rLogin = null;

                           byte cAttempts = 0;

                           while(cAttempts < byLimit_LoginAttempts)

                           {

                                  try

                                  {

                                         if((sUserName != null)&&(sPassword != null))

                                         {

                                                rCredentials = new System.Net.NetworkCredential(sUserName,sPassword);

                                         }

                                         else

                                         {

                                                rCredentials = System.Net.CredentialCache.DefaultCredentials;

                                         }

                                         rAuthenticationService.Credentials = rCredentials;

                                         rUser = rAuthenticationService.rAuthenticate();

                                         break;

                                  }

                                  catch(WebException rException)

                                  {

                                         if(rLogin == null)

                                         {

                                                rLogin = new frmLogin();

                                         }

                                        

                                         rLogin.Show();

                                         while(rLogin.Visible)

                                         {

                                                Application.DoEvents();

                                         }

 

                                         if(rLogin.DialogResult != DialogResult.OK)

                                         {

                                                break;

                                         }

 

                                         sUserName = rLogin.UserName;

                                         sPassword = rLogin.Password;

 

                                  }

                                  cAttempts++;

                           }

                          

                           if(rUser == null)

                           {

                                  throw new Exception();

                           }

                           Thread.CurrentPrincipal = new CUser(rUser.sName,rUser.sLanguage_Preferred,rUser.afPermissions,rCredentials,rUser.asRoles);

                          

                          

                     }

                     catch(Exception rException)

                     {

                           return;

                     }

 

                     fRestart = true;

                     while(fRestart)

                     {

                           fRestart = false;

 

                           try

                           {

                                  frmMain.SetCulture();

                           }

                           catch(Exception)

                           {

                           }

                          

                           Application.Run(new frmMain(rArguments));

 

                          

                     }

                    

                    

                    

              }

 

 

The code permits a number of login attempts that is specified in the application’s configuration file.  Typically, on the first attempt, the application will not have prompted the user for a name and password, but rather tries to authenticate them using the credentials by which they logged into the operating system.  Those credentials are passed to the authentication Web Service.  If the user is authenticated, then an object is returned containing the data for that user, including his or her preferred language.  If the credentials are not acceptable, though, an exception will be thrown.  The code for the exception handler prompts the user for alternative credentials and then passes those alternative credentials to the authentication Web Service. 

Published Tuesday, March 16, 2004 9:46 AM by CraigMcMurtry

Comments

 

Serge said:

Craig,

Thank you for this example!
Can you publush the rAuthenticationService.rAuthenticate()
code also? Thanks!

Greetings, Serge.
March 23, 2004 7:23 AM
 

Dev Notes said:

March 23, 2004 3:11 PM
 

Dev Notes said:

March 23, 2004 3:12 PM
New Comments to this post are disabled

This Blog

Syndication

© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Microsoft
Page view tracker