leafleafleafMan illustration
Updated on December 8, 2022

Docly

How to authenticate an user ?

Estimated reading: 3 minutes

You need to get a VGSecurityRuntime

How to authenticate an user ?

Authenticate a VisualGuard user

To authenticate a Visual-Guard user, you need username and password

//authenticate visualGuard user
var authenticationState = runtime.Authenticate("jsmith", "pwd", VGAuthenticationMode.VisualGuard);

Authenticate a Database user

//authenticate database user
var authenticationState = runtime.Authenticate("sa", "pwd", VGAuthenticationMode.Database);

Authenticate current window account

//authenticate current window account
var authenticationState = runtime.Authenticate(@"", "", VGAuthenticationMode.Windows);

Authenticate window account by credentials

The username needs <Domain>\<username> of your domain

//authenticate window account by credential
var authenticationState = runtime.Authenticate(@"novalys\jsmith", "pwd", VGAuthenticationMode.WindowsByCredential);

How to manage the authenticate status ?

var authenticationStatus = authenticationState.Status;
if ((authenticationStatus & VGAuthenticationStatus.Failure) == VGAuthenticationStatus.Failure)
{
#region Status is Failure along with other status

if ((authenticationStatus & VGAuthenticationStatus.UserAccountNotYetAvailable) == VGAuthenticationStatus.UserAccountNotYetAvailable)
{
    //Status is failure as user account is not yet available
}
else if ((authenticationStatus & VGAuthenticationStatus.UserAccountDisabled) == VGAuthenticationStatus.UserAccountDisabled)
{
    //status is failure as user account is disabled
}
else if ((authenticationStatus & VGAuthenticationStatus.UserAccountExpired) == VGAuthenticationStatus.UserAccountExpired)
{
    //status is failure as user account is expired
}
else if ((authenticationStatus & VGAuthenticationStatus.UserNotAuthorized) == VGAuthenticationStatus.UserNotAuthorized)
{
    //status is failure as user account is not authorized for access
}
else if ((authenticationStatus & VGAuthenticationStatus.ProcessCanceled) == VGAuthenticationStatus.ProcessCanceled)
{
    //Status - failure authentication Process is Canceled
}
else if ((authenticationStatus & VGAuthenticationStatus.UserAccountLocked) == VGAuthenticationStatus.UserAccountLocked)
{
    //status is failure as user account is locked out
}
else if ((authenticationStatus & VGAuthenticationStatus.PasswordIsLocked) == VGAuthenticationStatus.PasswordIsLocked)
{
    //status is failure as user account is locked out
}
else if ((authenticationStatus & VGAuthenticationStatus.NotApproved) == VGAuthenticationStatus.NotApproved)
{
    //status is failure as user account is not approved
}
else if ((authenticationStatus & VGAuthenticationStatus.UserNotFoundInCustomStorage) == VGAuthenticationStatus.UserNotFoundInCustomStorage)
{
    //status is failure as user account not found in custom storage
}
else if ((authenticationStatus & VGAuthenticationStatus.MustChangePasswordAtNextLogon) == VGAuthenticationStatus.MustChangePasswordAtNextLogon)
{
    #region Case - When Password is expired or password doesn't pass validation, and grace logins are completed
    string message;
    if ((authenticationStatus & VGAuthenticationStatus.PasswordExpired) == VGAuthenticationStatus.PasswordExpired)
    {
        //status is failure. User must change his/her password as password is expired
    }
    else if ((authenticationStatus & VGAuthenticationStatus.PasswordDoesNotPassValidation) == VGAuthenticationStatus.PasswordDoesNotPassValidation)
    {
        //status is failure. User must change his/her password as password does not pass validations as per password policy
    }
    else
    {
        //status is failure. User must change his/her password.
    }
    #endregion
}
else
{
    //write your code here to show authentication is failed
    //User is not authenticated, status is failure due to Invalid username or password


    if ((authenticationStatus & VGAuthenticationStatus.LastBadLogin) == VGAuthenticationStatus.LastBadLogin)
    {
        //Last bad login, next bad login will lock this user account
    }
    else if ((authenticationStatus & VGAuthenticationStatus.PasswordWillBeLocked) == VGAuthenticationStatus.PasswordWillBeLocked)
    {
        //user account is locked
    }
}
#endregion
}
else
{
#region If Status is Success, but along With other status also(password expired or password not pass validation).

if (authenticationStatus != VGAuthenticationStatus.Success)
{
    if ((authenticationStatus & VGAuthenticationStatus.PasswordExpired) == VGAuthenticationStatus.PasswordExpired)
    {
        //status is success but password is expired.
    }
    else if ((authenticationStatus & VGAuthenticationStatus.PasswordDoesNotPassValidation) == VGAuthenticationStatus.PasswordDoesNotPassValidation)
    {
        //status is success but password does not pass validations of password policy. 
    }
}
else
{
    //status is success -> Successful login -
    //write your code to procceed after successful authentication
}

#endregion
}

Leave a Comment

Share this Doc
CONTENTS

Powered By Visual-Guard