JeffOzvold

We have a windows forms remoting client application that, in most cases, will be run in an environment where the logged-in user (CurrentPrincipal) is indeed the one we want to send to our remoting server, which is hosted in IIS. However, in some instances, the logged-in user is a low-privileged account that isn't user-specific. In those instances, which we can identify, we want to prompt for credentials, then create the proxy object via that connection.

I have developed a scheme whereby I am able to pass username/password and have it authenticate me properly to the remote server. However, I was passing a hard-coded username and password, just to validate the remoting side of things. The problem comes in getting the password safely.

I really want to rely on standard Windows methods as much as possible, including a standard login box that looks familiar. It's not immediately apparent to me how to accomplish this in Windows Forms. I've seen references to a C++ method that does it, but it doesn't really explain what you do with the data you get back.

We have an Active Directory domain, and all the users we would need to prompt for are already in a single domain.



Re: Windows Forms General Securely obtain credentials

nobugz

I'm not quite sure why you posted your question in this forum. The Windows Forms answer would be to use the TextBox.PasswordChar property. I suspect what you're really looking for is security over the wire. That greatly depends on what your remote server is capable of (I guess), look at the System.Net.NetworkCredential class. For a better answer, post at a security related newsgroup at www.microsoft.com/communities.





Re: Windows Forms General Securely obtain credentials

JeffOzvold

I asked it here because our Remoting Client is a Windows Forms application and I need to prompt for a username and password. I saw the reference to PasswordChar, but that doesn't convey, "this will secure TextBox input" to me. Security over the wire is a separate issue. Thanks for the pointer.