I'm developing an App which should have a Login, so the user has to authenticate itself every time he uses the app.
The app should not require the user to have an connection to the network; the password is device/user-specific.
Is there a common way how to save the password?
Here are some links, which might be useful to you.
Best practice for saving sensitive data in Windows 8
Managing user info (Windows Store apps using C#/VB/C++ and XAML) - MSDN
Using PasswordVault to securely store passwords in WinRT
CryptoWinRT sample (This sample shows how to use the new Cryptography APIs.)
Related
I just started on a new Electron project that needs to access a database, e.g. SQLite. The database will be on a shared drive that should be accessed by the Electron app.
To do that, I need to provide the path as well as the password for the database to the Electron app. Since it's desktop application, I deliver the whole application incl. the database credentials to the user.
From my point of view, this is not a good approach from a security perpective.
So the question is, where do I store these details, especially the credentials?
The same issue applies if I use e.g. another database like MySQL. There, I also need to store the host and the credentials.
We have been developing a web application using HTML, CSS, Node JS and MongoDB. our requirement is to authenticate user while launching the application. We want to authenticate user with windows login credential.(SSO login)
How we can get it and validate it against the user collection in mongodb using NodeJS/HTML?
Please guide.
You can use the node-expose-sspi. It will give you SSO with Windows user account on NodeJS.
https://github.com/jlguenego/node-expose-sspi
Note: I am the author of this module.
I created a Compute Engine VM using the ASP.NET Cloud Launcher, and now I want to deploy to it from Visual Studio.
I've created a publish settings file using the Visual Studio extension then tried to deploy using the regular Visual Studio "Publish" command. The settings didn't contain a user name and password, so I used my Gmail/Google credentials - this is a Compute Engine instance that my account has access to, after all:
This failed with the following error:
Web deployment task failed. (Connected to the remote computer
("(redacted)") using the Web Management Service, but could not
authorize. Make sure that you are using the correct user name and
password, that the site you are connecting to exists, and that the
credentials represent a user who has permissions to access the site.
Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
If that's not the user name and password to use, what is?
The Compute Engine instance doesn't know about your Google user at all - it only knows about regular Windows accounts, and you don't have a Windows account on it. So, you need to create a Windows account on the instance, and then put that into the publish settings.
In the Google Cloud Explorer, select the instance and choose "Create or Reset Password":
You can then choose whatever username you like - I'd suggest "aspnet" for simplicity, for example. Note that this username is a normal Windows account on the machine - it's not specific to your Google user. If you're sharing this machine with others for development, you should agree on a set of account names, either securely sharing credentials for a single account, or creating a separate account per developer. You don't want to reset the password for an account a colleague is using!
This account can also be used to open a Terminal Server session with the Compute Engine instance.
Wait until the user has been created with a password, then copy the password:
You can now put that into your Publish Settings and let Visual Studio save the password - and keep a copy in a separate secure location, should you wish, of course.
Am developing a Windows Store 8.1 app using C# and xaml.
In the app, Initially user will log in into the app using Azure Active directory single sign on log in(With Internet connection)
But how to authenticate the user in Azure Active Directory when the user is not connected to the internet?
I want my app to work in offline mode too..
How can i achieve this?
When you 'log in', there should be an artifact produced. In the case of OpenIdConnect there is an id_token, OAuth produces an AccessToken. If those are captured and stored securely, then there will be evidence that the user did authenticate to AAD at one time. The artifacts of that 'log in' have expiration times.
Backing up, when a user logs in, how is that identity used? Do you managed protected resources yourself OR do you reach out for them?
you can use SQL lite and save the user's details in it by encrypting it..
The next time when he logs into the app you can simple validate his credentials against his details from the DB like you would do in any website/webapp.
Side note : We have a service which runs in the background every 4 hours to check if the user's credentials have changed, if its changed fetches the new credentials and updates it in the local sql lite db
We have a app which works offline as the data is stored locally using local storage and HTML5 offline capabilities.
We want a way to authenticate the user when the user tries to launch the app offline (from a security purpose if ipad gets stolen).
We already have the authentication mechanism when the user tries to access the app while online
Crudely, you can use the person's password as the local storage database name. No password, no database access.
One solution is to save the last successful online login into some local storage. Now when user is in offline-mode then compare with the value stored in Local Storage.
Following is the sample snippet for Local Storage in HTML 5 :
if (window.localStorage.getItem('value')) {
dummy = window.localStorage.getItem('value');
}
Hope this might solve the problem.