How to login to desktop application via web application?

Asked

Viewed 1,233 times

6

I have a web application developed with ASP.NET MVC and log in by storing the data in Session.

I have another application, however desktop, that performs some tasks that cannot be done on the web, but this application needs to be authenticated with the same user and password of the web application.

There is a way to authenticate the desktop application using the active login of the web application?

  • 2

    You will need to use a webservice for this. Are you aware of this? Without more details the question can be considered as too broad, anyway it is an interesting question +1. By the way, comment when you edit the question and mention me, maybe I can help you.

  • You want to use the same data as an already logged-in user, in this case the data from Session, or you want to use the same login and password?

  • @jbueno Yes, I already know about webservices, but I use Visual Studio and doing a Webmethod in my web application controller, I was not successful. Actually I could not think of the logic of how the data will be provided to the C# desktop application knowing that probably I will have more than one user logged into the system at the same time....

  • @Randrade I want to use the same user data already logged in to prevent the user from having to log in to the desktop application as well. Basically it’s the same application, but there are things that I won’t be able to do on the web and with desktop it’s easier, such as accessing the Windows Certificate Store to use digital certificates for transactions with tax notes in the SEFAZ webservices. I have tried several things, but with the end of the applet near the limits of the web to access the resources of the user’s machine, a valid option is a dual application (web and desktop).

  • @Jeffersonpedro, my answer gives you the path of stones to your problem. If it is not enough to solve it, please give me more information about your application and I will edit my answer to better address your problem.

3 answers

1

If the validation has to be with the "authentication of the desktop application using the active login of the web application" (according to your words) the most correct is when the user authenticates in the web application that login generate an authentication "token" in the system.

I advise having a table, for example, "User token" instead of saving in "Session":

CREATE TABLE [dbo].[UsuarioToken] (
[Token]              UNIQUEIDENTIFIER NOT NULL,
[IdUsuario]          SMALLINT         NOT NULL,
[DataInicial]        DATETIME         DEFAULT (getdate()) NOT NULL,
[DataFinal]          DATETIME         NULL,
PRIMARY KEY CLUSTERED ([Token] ASC),
CONSTRAINT [FK_UsuarioToken_Usuario] FOREIGN KEY ([IdUsuario]) REFERENCES [dbo].[Usuario] ([idUsuario]));

When you "log in" to the web, you create the token with the access date (Initial Date). When you "drop" the token (Final Date) is inactive. Note that the Initial Date has as value DEFAULT the getdate(), to DataFinal no, because it will be the date and time that the user "dislodges" from the web application. It will be the DataFinal when NULL which will indicate whether the token is active or not.

With the token created, it will now depend on your business rule and whatever else is applicable and/or feasible to your situation, so what comes below is just example/idea:

In the desktop application:

  • Instead of having a form with User and Password, it would have a form to indicate the "access key", token created in the web login, which could be sent to the "client" via e-mail (e-mail this of the user registration data). If active token, ex.: ValidarToken(Guid token), does the processing if it does not return which token is invalid.

  • Yes have a login form with user and password to identify and validate, the first time, if the user (idUsuario) is registered in the web system, after that checks if token ("access key") is associated to the user who is logged in and if token is active in the web system. In short, you identify once if the user and password is valid, if valid checks if there is an active "access key" in the web application, if there stores the token in a variable on the desktop and in the next processes that require token, as it is already stored in memory, only checks whether it is still active in the web application ValidarToken(Guid token). If not, go back to the login process again.

I emphasize the security rules, because the token must be invalidated after performing all the necessary processes on the desktop.

1

If the application is to perform multiple requests for the web application, the ideal is to do a method on the authentication controller that returns a JWT(Json Web Token) and that you use this token to make the requests to the server without having to keep giving a hit in the database to each request to validate the user, you could store this token in some variable of the desktop application.

If you only need to validate this user once and receive the data as group, email, name, photo, etc., you can create a method in the controller that receives user and password, and if it is valid return a json with the data you need, otherwise return a login failure. I would do that

  • The idea is very interesting, I think it will make things a lot easier and I will still have less work than I thought with this explanation. But I have no knowledge of JWT. Would you kindly direct me to some material and preferably have some practical example for me to study and understand how things work right?

  • Do you want to perform multiple requests after logging in or just logging in and returning user data? If you just want to validate the login you don’t even need to use JWT. If you want to use JWT see this implementation: http://www.codeproject.com/Articles/369657/Simple-Authentication-using-Jwt-in-Asp-Net-Web-Api Any questions: [email protected]

  • My difficulty is understanding how to authenticate a desktop app with the current login of the web app. Basically the user will access the site and when performing some certain operations, the site will ask the user to do by the desktop app, when the app desk is started, it would do the user authentication and password based on the authentication made on the web, without the user redoing the login, when finishing the operations in the app desk the web page would only receive an update command to display the new data... You can do it that way?

  • You need to arrange a way to call the Desktop application by the WEB application, there are several ways to do this, you need to arrange a way to do this by sending data as parameter to the desktop program, so you don’t even need to create a login form on the desktop.

-1

Browser other questions tagged

You are not signed in. Login or sign up in order to post.