ClickOnce and login on as a different user

A

Anders K. Olsen

Hello group

I'm developing an C# Windows Forms application that I would like to deploy
using ClickOnce.

One of the computers that the application is deployed on, is a computer that
is always loged on as a generic "controlroom" user. This is necessary for
some of the other applications running on the computer.

On my application, the user should always logon as himself or herself.
Therefore I need to present a login form to the user as the first thing.

I have been considering using RunAs, but I'm not sure that is possible along
with ClickOnce, at least nok using the GUI of RunAs.

I have looked at the Windows API LogonUser, but that seems to be requiring
unsafe code permissions and FullTrust, and I was hoping that I could avoid
giving those permissions to the application, especially when I'm deploying
it using ClickOnce.

Do you have any alternative suggestions?

Thank you for your answer.

Regards
Anders Olsen
 
S

Steve B.

Do you really need authenticate against local computer ?
If your application will use a remote server (Web service, DB or anything),
you can try to authenticate against this service to check if the user can
access to the application...

Steve
 
A

Anders K. Olsen

Steve B. said:
Do you really need authenticate against local computer ?
If your application will use a remote server (Web service, DB or
anything), you can try to authenticate against this service to check if
the user can access to the application...

Hello Steve

Thank you for your answer.

I have been thinking about this. My application will have a server, and I
could do the authentication on the server. However, I would like to run my
client application as the correct user, so I would like to impersonate this
user even though the actual windows user is the "controlroom" user.

My reason for this is that I would like to call my web service methods as
the correct windows user, and use Windows build in authentication and
authorization on both the server and the client.

I don't know that much about impersonation, so I don't know if this is even
possible. My idea was that the first thing that happends is that the user is
authenticated and then the I would set Thread.CurrentPrincipal to a
WindowsPrincipal corresponding to the correct user (not the "controlroom"
user). It was my hope that the rest of the application would then run as the
correct user. I'm not sure if this is correct, e.g. if new threads will also
run as the correct user, or if threadpool threads will also run as the
correct user.

Regards
Anders
 
R

Robbe Morris [C# MVP]

Forcing your server to be apart of the same active directory
domain (your users would be authenticated against their
windows accounts)?

Are you sure that is a good long term configuration?

What happens when the system admin folks want
to isolate your production servers from windows
account holders altogether?

--
Robbe Morris - 2004-2006 Microsoft MVP C#
Earn money answering .NET questions
http://www.eggheadcafe.com/forums/merit.asp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top