Obtain windows domain username and unique token/password to pass through service

Question

I have an app that users would run locally on their desktop, which calls into an API on my server externally.

I can obtain the user's Windows domain and name through the WindowsIdentity API. But I'd like to store a unique identifier/token on our side which I can compare subsequent logins with to ensure it's the same domain user and not an impersonator.

I cannot ask the user for credentials, as the login process is for beginner users and they need to be automatically logged in when opening the app. I'm looking through the WindowsIdentity API looking for some unique ID, but not sure how it would last through password changes on the user's domain.

Edit: Perhaps a claim off the WindowsIdentity.GetCurrent.Claims collection might contain something useful.

A bit of a shot in the dark, but could you try domain and name + IP addresses/MAC addresses to confirm its the same user? — Aroic, Feb 12 '20 at 20:55

score 1 · Accepted Answer · answered Feb 21 '20 at 14:12

1

The following claim is enough to unique identify a user in an AD environment:

http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid

Obtain this from:

WindowsIdentity.GetCurrent.Claims

answered Feb 21 '20 at 14:12

mariocatch

8,305
8
50
71

Obtain windows domain username and unique token/password to pass through service

1 Answers1