Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Validate Windows Identity Token

Tags:

c#

identity

token

windows-authentication

I am trying develop a simple web service to authenticate users of a desktop application using the windows identity framework, at present I am passing the token generated by WindowsIdentity.GetCurrent().Token via a post variable (it is encrypted and ssl'd, Windows authentication is not an option given the layout of our domain's and the configuration of the server). I am passing the token back fine and converting it back to an IntPtr.

I am at a lost as to how to validate the token to ensure that it was generated by a particular Active Directory (or any for that matter). I have tried to create a new WindowsIdentity instance given the token however that just results in an Exception (message: Invalid token for impersonation - it cannot be duplicated).

If anyone can provide any help or even hints I would greatly appreciated, thanks in advance.

like image 754
mitchellsg Avatar asked Jun 28 '12 04:06

mitchellsg

People also ask

How do you validate the access token issued by Microsoft Azure AD?

There are two steps to verify the token. First, verify the signature of the token to ensure the token was issued by Azure Active Directory. Second, verify the claims in the token based on the business logic. For example, we need to verify the iss and aud claim if you were developing a single tenant app.

What is a Microsoft authentication token?

The Microsoft identity platform authenticates users and provides security tokens, such as access tokens, refresh tokens, and ID tokens. Security tokens allow a client application to access protected resources on a resource server.

What does token validation mean?

Token validation allows you to create URLs that expire. Tokens are generated within your web application and appended to URLs in a query string. Requests are authenticated at Fastly's edge instead of your origin server.

1 Answers

public bool DoesUserExist(string userName)
{
    using (var domainContext = new PrincipalContext(ContextType.Domain, "DOMAIN"))
    {
        using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, userName))
        {
            return foundUser != null;
        }
    }
}

To achieve checking for if a user exists. This comes from the System.DirectoryServices.AccountManagement namespace and assembly.

Just pass in your username which you can get from WindowsIdentity.GetCurrent() and this will return a true/false if a user if in your usergroup. (replace DOMAIN with your needed group name.)

like image 90
esre Avatar answered Sep 22 '22 08:09

esre
Sign in to Comment

Related questions

Delete Empty Rows with Excel Interop
ServiceStack.Text json deserialization creates wrong object instead of throwing on invalid json input string
Can't get the network credentials to work
-0.1.ToString("0") is "-0" in .NET Core and "0" in .NET Framework [duplicate]
How to enumerate threads in .NET using the Name property?
ODP.net Oracle Decimal Number precision problem when filling a dataset. Exception: Arithmetic operation resulted in an overflow
.NET JIT Code Cache leaking?
Seemingly infinite stack trace in EF 4.0 and poor query performance under load
Autocomplete [contains instead of starting with] in winform TextBox

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!