How do I synchronize login credentials between Windows and application?

Toggle sidebar Toggle sidebar
SunnyD

SunnyD

Belgian Waffler
Jan 2, 2001
32,675
146
106
www.neftastic.com
Looking to basically move to a single sign on sort of method for an application I currently maintain. Right now we have nothing in the app that informs the user that their password has changed and will need to be reset within the app. The user has to manually update his login credentials every time the password changes.

I'd like to remove that requirement, however I can't remove the login credentials as they are used at random times for background processes.

(Reference: This is C++/Win32)
 
sygyzy

sygyzy

Lifer
Oct 21, 2000
14,001
4
76
Can you do it the same way Exchange reminds you of a password change through Outlook?
 
T

tfinch2

Lifer
Feb 3, 2004
22,114
1
0
Seems like a hack, but could you periodically use the credentials to perform some no-op background task. If the task fails due to invalid credentials, prompt the user to input their new password.
 
SunnyD

SunnyD

Belgian Waffler
Jan 2, 2001
32,675
146
106
www.neftastic.com
sygyzy said:
Can you do it the same way Exchange reminds you of a password change through Outlook?
Click to expand...

Here's the thing... the latest version of Outlook doesn't even do this. It syncs the password automatically. This had crossed my mind too... the latest version of Outlook got me intrigued, but I'm thinking it may be some sort of Microsoft proprietary back end thing they might have done specifically for 2010.

tfinch2 said:
Seems like a hack, but could you periodically use the credentials to perform some no-op background task. If the task fails due to invalid credentials, prompt the user to input their new password.
Click to expand...

The requested spec is to AVOID user intervention, period, after the initial setup. My initial gut says this isn't possible, but of course I'm usually tasked with making the impossible possible. Go figure.
 
IHateMyJob2004

IHateMyJob2004

Lifer
Sep 29, 2004
18,656
68
91
Confused. If this is single sign on, why is your application changing the password? Is this application the thing that signs in intially and other programs leverage? Confused .....
 
Markbnj

Markbnj

Elite Member <br>Moderator Emeritus
Moderator
Sep 16, 2005
15,682
14
81
www.markbetz.net
IHateMyJob2004 said:
Confused. If this is single sign on, why is your application changing the password? Is this application the thing that signs in intially and other programs leverage? Confused .....
Click to expand...

Feeling the same lack of comprehension. If the credentials change on the back end then it seems like the user having to update them on the front end would be expected behavior. Anything else seems... odd. Why create new credentials if you're going to auto-propagate the changes out to everyone who has the old credentials? What drives these changes? I assume it isn't the chance of compromise, since in the case of compromised credentials the last thing you'd want to do is propagate an update out to everyone who has them.
 
SunnyD

SunnyD

Belgian Waffler
Jan 2, 2001
32,675
146
106
www.neftastic.com
The OS is supplying the credentials on Winlogon - or at least that's how I assume Outlook is obtaining and updating credentials. Cached domain credentials maybe?

My application is intended to be passive in the whole scheme. Any sort of password update is driven by the OS or directory services or whatnot. All I want out of my application is once the user logs in and authenticates against directory services or whatnot, the credentials stay "magically" valid henceforth and forevermore, and refresh themselves every time the user physically logs into the machine.*

*Note: I'm pretty sure the "expected" requirement is that they want the credentials to always refresh, regardless of whether the user EVER logs into the machine. I'm 99.999% certain that's impossible. I figured I'd just ask about the what-may-be-possible first.

-------

To describe the scenario a little more in detail, here's what the latest version of Outlook seems to do.

On initial setup in Outlook, you provide the exchange server information setup and the domain username and password. Outlook then synchronizes.

Assume 10 days later the user is required to change his domain password. Once changed, upon opening Outlook, the user would be prompted for his domain credentials again as the stored credentials no longer authenticate against AD properly.

The NEW version of Outlook, however, will NOT prompt the user for login credentials on startup -- It will simply start up and sync with exchange as if no password change had happened. This leads me to believe that the latest version of Outlook is capable of using the OS cached credentials in some way as a SSO sign on, rather than a locally stored copy of the user's credentials that were manually entered by the user. This is essentially what I am looking for.
 
SunnyD

SunnyD

Belgian Waffler
Jan 2, 2001
32,675
146
106
www.neftastic.com
KLin said:
So the application is using windows authentication?

:confused:
Click to expand...

The application spawns processes as a specified user. It's actually a service. Without going in to too much detail, essentially it's a much more robust implementation of Windows Task Scheduler that was developed back before Windows Task Scheduler was worth a damn.

So yes, it uses windows authentication and impersonation.
 
Tweak155

Tweak155

Lifer
Sep 23, 2003
11,449
264
126
If the application is performing a task in windows, it should by default use the users credentials.

So if the user is specifying their credentials, this may be the problem. You can have the user specify the credentials to log in, but when you execute the task, do not use these items as parameters.

If this doesn't make any sense, your description isn't making sense to me.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom