I'm currently developing a web app using C# and aspnet-core which automatically authenticates its users using Windows Identity.
Now I have to securely save login credentials (username-password-pair) to several third-party services for the currently authenticated user. To make this secure I already found articles that I could use a symmetric key (secret) created by a Key-Derivation-Function based on the password of the user.
But when the user is automatically authenticated using Windows Identity I never know the users password (as far as I know) to use for key derivation. Am I missing something or can't I use the Windows Identity for that task? Or is there a possibility to get a reproducable password hash of the windows user for key derivation?
The ideal scenario is one without promting the user for the windows credentials.
