Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I have a server that communicates with clients over a .NET socket. I want the se

ID: 661361 • Letter: I

Question

I have a server that communicates with clients over a .NET socket. I want the server to authenticate the connection in an SSO kind of style by checking that the current user is in a certain group.

The naive way is to send System.Environment.UserName to the server and let it determine the user permissions in this way.

However, it seems to be against best practices since any client can spoof the user name.

Is there an API I can use to send the credentials in a trusted manner to my server application, over a TCP socket?

SSL is not enough, since anyone can establish a secure connection, yet still spoof the username.

Explanation / Answer

In an Active Directory world, assuming that both client and server live in the same domain, then the authentication which occurred on the client can be shown to the server, in a way which will convince the server. This works because an authenticated user on a machine gets a "ticket" which is actually a kind of reference authenticated by the AD server; when the client shows the ticket to the server, the server can show it to its AD server, and the AD server will respond that indeed the ticket is fine. Details can be complex but you can leave all the work to the Microsoft libraries.

If the server-side is an IIS server with ASP.NET, and the client uses .NET, then this is quite simple to configure. If you want to do the work yourself, e.g. by using direct TcpListener and TcpClient, then this will entail, indeed, more work; see the links provided by @makerofthings7.

Note that you will still want to use SSL, to thwart eavesdroppers.

If client and server are not part of the same domain, then things become a bit more complex, because the client application must somehow obtain the right credentials (i.e. the user name and password) for the server's domain, while the application runs in the distinct client's domain. Alternatively, you can use certificate-based client authentication, which can be coupled with SSL; in that case, the client user must have an appropriate certificate and private key installed in his personal certificate store, and the application will use that.

Related Questions

I have a question that might be easy but I\'m having trouble seeing. Is about pr
Question #3674832
I have a question that needs your help. In each of the following interpretations
Question #3028099
I have a question that unfortunately the book is not on thecramster. This questi
Question #2918364
I have a question that unfortunately the book is not on thecramster. This questi
Question #2953244
I have a question that\'s been bothering me about electric fields, voltage, and
Question #1381059
I have a question to the last part in the green box, how do I apply the same con
Question #2158974
I have a question using Maple program to solve a modeling with differential equa
Question #3845547
I have a question using processing code. Write the class definition for StockIte
Question #3647994
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I have a server component which runs over Zeroc-ICE. When I wanted to load test
Next
I have a service running on a linux box, started with upstart, that runs as user

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.