D
D
Dartware2017-03-27 15:11:44
.NET
Dartware, 2017-03-27 15:11:44

How to organize authorization and authentication in a WPF application?

I focus on WPF, because they usually throw articles on security in ASP.NET, but they seem to have their own kitchen. There is a database, in it, roughly speaking, there are 2 tables, Users and a table with data, in the table with data there is a UserID column and a foreign key. The client part is a WPF application, there is a login form and an account creation form. Interested in where and in what form to store user data on the client, how and with what to encrypt, how and by what protocol to transfer this data, the direct process of checking user data, etc. First of all, we are interested in the authorization process through the login and password, which are created by the users themselves.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
T
Tom Nolane, 2017-03-27
@tomnolane

I had a similar problem How to limit the use of my desktop application (.exe) only to those who are registered on my site (what does it look like approximately?)?
The meaning is: everything that you write in c# || vb can be viewed (one way or another). Those. if authentication goes inside the application, then a more or less competent specialist will see through CIL what is being compared with what. Obusfaction - will remove idlers and students. So far (for myself personally) I have decided this: whoever uses my application must enter a login and password, after which (using any encryption principle) it is sent to my site, where it is compared with the login / password from the database. If gud, then by callback I pass directly the file that is "working" (exe, dll). More precisely, a link to download it. The application connects it through reflection. Before closing, the file (exe, dll) is deleted. More competently is to use API. Those. you have created an application in WPF - in which there is no information - only buttons, methods, classes, properties, etc. Your application (after authentication) backtracks in JSON or XML format with data that is directly inserted into your WPF. And this is probably the most correct option - to do everything through the API. All checks / additions / deletions in the database - only through the php of your site. In the program itself - no passwords and other things.
from words to deeds: https://tomnolane.ru actually this is it
ps registration done through the website

R
Roman, 2017-03-27
@yarosroman

Well, for example, there is an application and there is a database, you can combine authorization in the application together with authorization in the database, even modifying the code will not help here. If you look towards WebAPI, then look for ASP.Net Bearer token autorization.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question