Password protected page

514 views Asked by At

I would like to add a password protected page to my WPF modernUI application and could use some help with it.

First of all I don't really have a clue how to handle this stuff correctly in my case.

My application is used on several machines. The protected page should be some kind of admin-page to edit a database that is used by the app. My idea is, that there is only one Admin-account. But this account can be used from any machine. The admin should be able to change his password. So there must be some kind of encrypted password file on the server which can be accessed from any machine. I don't want to store the password within the application, as this would mean that the admin has to change his password on every machine.

So my question is: What is the best/safest solution for my idea? I'm just looking for hints as I don't have a clue what to search for.

2

There are 2 answers

0
Ian On BEST ANSWER

The best Practise nowadays for distributed client applications who share a Database is indeed not to have direct access to the Database.

What you need is a WebService. A web service can be anything. It just has to be hosted somewhere. It can be an ASP.NET application, a WCF Service, or even something not .NET related like a PHP or Java application.

The communication between your application and your WebService depends on what you decide to use. Today a lot of people are using so called REST APIs which use either XML or JSON as data transfer format and use the HTTP protocol.

Its not hard to implement such an API since there are ton of Libs and Solutions out there.

You could use RestSharp for the communication at your client side. Which is straight forward and simple. You could also consume a WCF Service. Which is hosted in IIS somewhere.

However your Problem is nothing special and there are several solutions available. The decision is on your side since it depends on a lot of things such budget, available infrastructe etc.

0
mm8 On

Your question is quite broad but as far as WPF is concerned you could implement custom authentication and authorization in your application by creating classes that derive from the IIdentity and IPrincipal interfaces and overriding the application thread’s default identity. Please refer to the following blog post for more information an an example.

Custom authorization in WPF: https://blog.magnusmontin.net/2013/03/24/custom-authorization-in-wpf/

The actual credentials should be stored on some remote server that may be accessed through a web service, WCF service or some other kind of API. The details of how to actually get the credentails would be implemented in the AuthenticationService class in the sample code from the above link.