How to authenticate a user?

Estimated reading: 3 minutes 261 views

Introduction

In Visual-Guard, user authentication is a crucial step that verifies the identity of a user trying to gain access to an application. The Visual-Guard .NET API provides various methods to authenticate a user, including VisualGuard authentication, Database authentication, Windows authentication, and Windows authentication by credentials.

Authentication

VisualGuard Authentication: This method authenticates a user using a username and password stored in Visual-Guard.

//Authenticate visualGuard user
var authenticationState = runtime.Authenticate("jsmith", "pwd", VGAuthenticationMode.VisualGuard);

Database Authentication: This method authenticates a user using a username and password stored in a database.

var authenticationState = runtime.Authenticate("sa", "pwd", VGAuthenticationMode.Database);

Windows Authentication: This method authenticates the current Windows account.

var authenticationState = runtime.Authenticate("", "", VGAuthenticationMode.Windows);

Windows Authentication by Credentials: This method authenticates a Windows account using domain credentials.

The username needs <Domain>\<username> of your domain

var authenticationState = runtime.Authenticate(@"novalys\jsmith", "pwd", VGAuthenticationMode.WindowsByCredential);

After the authentication attempt, the authenticationState.Status property can be used to check the status of the authentication process. The status can indicate success, failure, or other conditions such as an expired account or a locked account.


How to manage the authentication status?

var authenticationStatus = authenticationState.Status;
if (authenticationStatus.HasFlag(VGAuthenticationStatus.Failure))
{
#region Status is Failure along with other status

if (authenticationStatus.HasFlag(VGAuthenticationStatus.UserAccountNotYetAvailable))
{
    //Status is failure as user account is not yet available
}
else if (authenticationStatus.HasFlag(VGAuthenticationStatus.UserAccountDisabled))
{
    //status is failure as user account is disabled
}
else if (authenticationStatus.HasFlag(VGAuthenticationStatus.UserAccountExpired))
{
    //status is failure as user account is expired
}
else if (authenticationStatus.HasFlag(VGAuthenticationStatus.UserNotAuthorized))
{
    //status is failure as user account is not authorized for access
}
else if (authenticationStatus.HasFlag(VGAuthenticationStatus.ProcessCanceled))
{
    //Status - failure authentication Process is Canceled
}
else if (authenticationStatus.HasFlag(VGAuthenticationStatus.UserAccountLocked))
{
    //status is failure as user account is locked out
}
else if (authenticationStatus.HasFlag(VGAuthenticationStatus.PasswordIsLocked))
{
    //status is failure as user account is locked out
}
else if (authenticationStatus.HasFlag(VGAuthenticationStatus.NotApproved))
{
    //status is failure as user account is not approved
}
else if (authenticationStatus.HasFlag(VGAuthenticationStatus.UserNotFoundInCustomStorage))
{
    //status is failure as user account not found in custom storage
}
else if (authenticationStatus.HasFlag(VGAuthenticationStatus.MustChangePasswordAtNextLogon))
{
    #region Case - When Password is expired or password doesn't pass validation, and grace logins are completed
    string message;
    if (authenticationStatus.HasFlag(VGAuthenticationStatus.PasswordExpired))
    {
        //status is failure. User must change his/her password as password is expired
    }
    else if (authenticationStatus.HasFlag(VGAuthenticationStatus.PasswordDoesNotPassValidation))
    {
        //status is failure. User must change his/her password as password does not pass validations as per password policy
    }
    else
    {
        //status is failure. User must change his/her password.
    }
    #endregion
}
else
{
    //write your code here to show authentication is failed
    //User is not authenticated, status is failure due to Invalid username or password


    if (authenticationStatus.HasFlag(VGAuthenticationStatus.LastBadLogin))
    {
        //Last bad login, next bad login will lock this user account
    }
    else if (authenticationStatus.HasFlag(VGAuthenticationStatus.PasswordWillBeLocked))
    {
        //user account is locked
    }
}
#endregion
}
else
{
#region If Status is Success, but along With other status also(password expired or password not pass validation).

if (!authenticationStatus.HasFlag(VGAuthenticationStatus.Success))
{
    if (authenticationStatus.HasFlag(VGAuthenticationStatus.PasswordExpired))
    {
        //status is success but password is expired.
    }
    else if (authenticationStatus.HasFlag(VGAuthenticationStatus.PasswordDoesNotPassValidation))
    {
        //status is success but password does not pass validations of password policy. 
    }
}
else
{
    //status is success -> Successful login -
    //write your code to procceed after successful authentication
}

#endregion
}