1

I have client and server application on C#. The client and server contact each other through a network socket.

I need pass some data from the client to the server. I used binary serialization for it, but I need to check that the users who starts the client part have permission to do that on the server part.

Only sending the user name is not enough, because it could be compromised.

Maybe it should be able to do with serialization of WindowsIdentity.GetCurrent(), but I couldn't do it.

How do I send credentials from the client to the server and check it on the server side? Is it possible?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
user3824508
  • 23
  • 4
  • 3
    You're trying to reinvent the wheel - check out WCF & WCF authentication and authorization concepts - https://msdn.microsoft.com/en-us/library/ff405740.aspx – Ondrej Svejdar Nov 24 '15 at 12:24
  • 1
    Windows network objects like stream, pipes ect already support authentication and authorization based on the user's account. Web services and web servers also support multiple authentication methods, one of which is Windows authentication. Why are you trying to work with plain sockets? – Panagiotis Kanavos Nov 24 '15 at 13:11
  • 3
    Check [NegotiateStream](https://msdn.microsoft.com/en-us/library/system.net.security.negotiatestream(v=vs.110).aspx), it provides authentication using Kerberos or NTLM using Windows credentials. – Panagiotis Kanavos Nov 24 '15 at 13:19

0 Answers0