I use psexec to run my app,
Some of the tasks my app does should have a logged on user,
so I want to check (from the app, not the server which runs the psexec)
if there is a user which currently logged on. I couldn't find any api which retrieve this. My code is in c++.
Any idea to check it?
use LsaEnumerateLogonSessions + LsaGetLogonSessionData
Found a solution to this issue
I enumerate the registry keys (using RegEnumKeyEx) under HKEY_USERS.
If there is a key different from the default ones (".DEFAULT","S-1-5-18","S-1-5-19","S-1-5-20") it means that at least on user is logged on
Related
I have created an application, which works for all the windows users (Local, AD, Azure etc). For every user, I'm storing some data inside HKEY_CurrentUer\TESTApp\ registry. Now in the custom credential provider (LOGINUI) once the user enters the credential Wants to read that user HKEY_{...}\TESTApp\ details to know more about the user.
I can successfully store user details in HKEY_CurrentUer\TESTApp\ registry and read details from HKEY_USERS\SID\TESTApp\ if he already login's in.
Now I have the following question,
Is it possible to do the same for not logged in or log out users using either username/SID?
Is there any other HKEY place where I can store the user details and can easily read using username/SID without admin permission? For now, I want to maintain the user details in the machine itself (no cloud).
At last, if the above two is not possible, can I create and read a file with key-pair values in my app workspace without any permission issue?
Since I'm new to windows app development, correct me if I'm doing wrong. THANKS in advance.
HKEY_USERS\SID will be created only after successfully logon on this machine and continue to reside after logout.
If you are talking about logon scenario for credential provider CPUS_LOGON means that your credential provider is working with highest privileges for application - as a SYSTEM user, and you can read and write practically everywhere.
I have an application that is run on multiple user systems, and using OAuth, allows the users to log in via Facebook, Twitter, etc. The entire point of the user logging in is to get settings and actions that the same user made while logged in on other computers, as identified by logging in with the same OAuth provider + provider user id. The application itself is written in C++ using Qt.
My question is this: how can I save the settings that a user made, and allow them to retrieve it in a secure way? I have a centralized server that I can store information using MySql tables, but I'm not sure the best way to have the user application prompt the server, and receive the data stored for that user.
Any ideas or places you could point me towards?
There are several ways I could think of with this, all have trade offs:
Generally I would store the data in mysql using some kind of string or object encryption/serialization method. I do not use Qt much but http://qt-project.org/wiki/Simple_encryption has some examples of very simple encryption that could be used.
Then the question becomes: What do you use as the key? I would go either with the key provided by OAuth for that user (which could be an issue if users de-authorize the app but still want access to this data) or some other user provided key (which is counter to using OAuth in the first place).
Another option is to go with Qt Users session http://qt-project.org/doc/qt-4.8/qtwebkit-guide-cache.html
This would maybe remove the need to encrypt since it should only be accessible within the users scope.
NOTE: Based on comments below it seems the issue is more about securing communication with the MySQL versus the data inside of MySQL. Waiting on user comments to revise my answer.
I'm trying to learn how to use the realtime update API. As far as I understand, if I create a subscription for my application to the object type "user", I will get an update whenever a user of my application changes one of the specified fields.
So the questuon is: Who is a user of my application? When does one become my application's user? Is it when he/she uses it the first time? Is it when he/she installs it? Do I get updates only if the changes happen while the user is logged in? Etc.
I'd like to understant the exact answer in each of the following cases:
- a Website
- a native or desktop app
- an app on facebook
- a page tab
I can't find any of this explained in the Documentation.
Thanks in advance
m.
it is when he/she installs it.
when it change something on facebook profile, your url will be pinged(you must set in app settings) take a read here http://developers.facebook.com/docs/reference/api/realtime/
Using Coldfusion 8,
how can I check whether window user is currently logged in?
I know, I can use cgi.auth_user variable (domain\username ), however is it always reliable to use?
if not, what other ways to check?
IIRC, cgi.auth_user shows the username of a user authenticated via basic authentication. I don't think it supports windows domain connections. Assuming that you are on a windows domain, that should be easy to test -- just dump the cgi scope.
I am currently trying to authenticate users in a c++ application in Windows. I need to display a dialog for username and password and verify that they are an authenticated user on the Windows machine. Are there any libraries that allow for this functionality or a good way to go about it?
Probably CredUIPromptForWindowsCredentials (see http://msdn.microsoft.com/en-us/library/aa375178.aspx) or old CredUIPromptForCredentials (see http://msdn.microsoft.com/en-us/library/aa375177.aspx) could solve your problem?
UPDATED: Another the most old way to authenticate a user is using of SSPI. It will not help with displaying a dialog but this can you implement yourself. You can find a very old code example (probably the first one published by Microsoft) here http://support.microsoft.com/kb/180548.
If you do want use LDAP API (see http://msdn.microsoft.com/en-us/library/aa366102.aspx) you can use ldap_bind_s (see http://msdn.microsoft.com/en-us/library/aa366156.aspx) to verify user authentication. See http://msdn.microsoft.com/en-us/library/aa366106.aspx as a code example (it is not exactly what you want, but you can understand how these API work)