I am try to Develop a application that can control a PC using SMS with internet. also i turn on the PC power with a cell phone. but After i turn on the PC it will ask for username & password! I store this information on a local database (Eg:MS ACCESS). how can i get that username & password then log in to PC using a VB.NET Program?
First, to read the database your application will need to be already running before the user is logged in, like a system service. Can you do all the stuff you want to do within this service without logging in actually? This would spare you the horrors of...
Gina. At least up to XP to log into your computer without entering the password on the keyboard you can store the credentials in the registry (remove password login, autologin every time) or implement a custom gina.dll that can "simulate" a user. VB.Net cannot be used to write a custom gina.dll as far as I know, you will need to use C/C++ for this.
Added: At least in theory you could simulate keypresses via usb, remote control your local machine or something other to simulate a keyboard, anything might be better than Gina ; )
Related
I've got one for you thats been bugging me for a bit.
If you run a Windows Service as Local System, how can that service display forms or prompts on the user desktop?
I tried this in one of my previous apps and couldn't get it to work; I settled on having an 'invisible' app running in the user context to handle any user interaction. But as time has passed, I've seen some apps that have nothing more than a service running as local system and yet they produce prompts and forms on the user desktop.
Thanks in advance for any info :)
I successfully developed an application through BLPAPI (Bloomberg API) on a Bloomberg Terminal machine (in Python). Unfortunately my company is thinking to switch to Bloomberg Anywhere...I will have the chance to run my application there?
With a move to Bloomberg Anywhere from open Bloomberg, you will have the same access to data that you had before. However, you will need to keep the following in mind:
Authentication will be linked to an individual person instead of a Username/Password. This means that the person who owns the Bloomberg login will need to be physically present at the machine to login using their fingerprint on the Bloomberg keyboard, a b-unit, or our newly released b-unit mobile app (for recent versions of android).
Your app will no longer be limited to running on the current machine only. You will now be able to install a Bloomberg access point and use your application on any windows machine as long as you have the person present as described above to log into the box.
Once logged in you will have data access for a few days, however if the Bloomberg anywhere user logs in to Bloomberg on a separate machine, then the machine with your python application will immediately lose access to data. To regain access, the Bloomberg anywhere user will have to re-login to the original machine.
hope this helps
Yes. Just be sure that the user logs in every so often. The API will work when a user is connected and even after they disconnect, for a while.
Yes, it should work fine, we've done some applications under BBanywhere.
The only issue I've seen which you should contemplate before going live application is ensuring that if you're moving it off the main box and it's a non-technical party using the service on a laptop or something, that the appropriate python install and dependencies are set up (ie. conda, blpapi, etc.) I've seen some people comfortable enough to run the script or app, then run on laptop or other computer under anywhere all of a sudden that doesn't work because the dependencies aren't there.
In my application, it allows users to remotely connect computers and folders within the internal network for troubleshooting, etc.
My problem is that some of these computers that they are trying to connect to haven't yet been authenticated for them, so when I plug the UNC path into a new process for explorer, it doesn't error but simply returns some random local folder (My Documents I think).
My question is... Is there a way I can make a call to the windows authentication dialog to allow the user to authenticate against the remote PC? If the user simply enters the same address into a normal explorer window, the authentication screen will appear, however, using my app it doesn't.
Is there anyway I can force this to show up for the user?
Any help appreciated, thanks.
Based on this discussion:
Prompting for network credentials in VB.NET
You can have a look at CredUIPromptForCredentials API, in vb.net, just P/Invoke it. For more information:
http://www.pinvoke.net/default.aspx/credui/CredUIConfirmCredentials.html
http://msdn.microsoft.com/en-us/library/aa375177(VS.85).aspx
I want to keep a log with the attempted log-in to a machine. The OS is Windows Embbeded Standard. Is it possible to make Windows execute an application or a script after every login attempt to enable me to save that information in my database?
EDIT:
Extract from Superuser:
"Here, you can set auditing to all types of events. I believe the one you want is "Audit logon events", Set it to Failure (or Success as well if you want).
All events will now get sent to Event Viewer. ..."
Is it possible to access the Event Viewer info via WMI?
From a security viewpoint, I would assume this would not be possible. But it is possible to write your specialized GINA library which would replace the standard login system of Windows. This was done to support fingerprint readers and smart card readers, and many other alternative login methods.
But out of curiosity, what kind of problem are you trying to solve here? Windows already has plenty of build-in functionality which can be analysed by anyone who can log in.
Follow this link to see how it's done in Windows 2003. I've checked with Windows XP on a virtual machine and it works exactly the same there. So I assume it also works in embedded XP versions.For reading the event log, this link from MSDN will be practical too. This will require .NET though, which is optional on Windows XP.
WMI might be a good place to start. You could use WMI (or another method) to query the security event log for sucessful/failed logon events, too.
http://www.computerperformance.co.uk/vbscript/wmi_event_log_administrator.htm
I'm writing a suite of applications that all require login to a server. It's come together quite nicely, but I've run into a logistic snag. The nature of the applications require that they be closed and launched again later with some frequency. It is very annoying to have to login every time one of the applications needs to launch.
I'm trying to think of a secure way of perhaps having the login information stored on the local user's machine. Is there a good way to even go about that? Permissions protected config files? The registry? How does Firefox store its passwords? Have you ever had to do something like this?
The suite is more of a protocol than anything, all the applications are written in a variety of languages (Python, C#, Java, etc) and run on a variety of operating systems (Windows, Linux, OSX, etc). I'm not really looking for code examples, but more just general approaches to this problem. Is it wise to have locally stored passwords? How can you have a session login for a suite with such disparate components? Right now I use application.rc config files stored locally to each application, but they are plain text and far from secure.
I'm going with Jeff on this one and assuming that since you mention the registry, you're referring to Windows. I'm also going to assume that you're talking about a desktop application (otherwise you could just use the builtin browser cookies to store the user's session).
Off the top of my head, I'd engineer the application so that when the user logs in to the server, the server returns a unique session id that identifies the authenticated user. I would then store than id along with an salted/encryped timestamp (which gives you the option of expiring the cached credentials).
The storage mechanism is up to you. You could store them in the HKEY_LOCAL_USERS section of the windows registry, or the Application Data folder in Windows. Both give you the option of user segmented storage.
Typically, this sort of thing is done by use of a "cookie"; a key which (securely) indicates that the user has successfully previously logged in to the server resource. This is how most web sites manage login information, and Firefox (all browsers, really) store the cookies that the browsers set on the user login. A few important things about cookies: they should be encrypted, to assure that malicious programs cannot generate one and thereby bypass the login process, they should match to server-kept resources (same reason), and they should age out, so that while you can maintain login information on a site for a while, your login information is not permanent (which is another security hole).
Personally I would use an encrypted local config file with some sort of an ID value of the machine (motherboard ID, Chip ID, HD ID etc) as part of the encryption key so that the config file cant be just copied from one machine to another. I would also include the date and time so you can expire it when you decide it gets stale.
Alternatively, you can create a host exe or launcher that does the log in and then goes to sleep and wake it up each time you want to launch a new application. The host exe would take the application as a parameter and decide whether or not to ask for login credentials (usually when the first app is started and then keep the login user and an encrypted password in memory. When the host exe has exited the login info is forgotten and when you start up again the cycle starts over.)
Tomcat 6 supports persistence/replication of sessions, so you should care about choosing the manager and configure it ;-)
More info: http://tomcat.apache.org/tomcat-6.0-doc/config/manager.html