|
Posted by Al Dunbar on September 5, 2007, 12:08 am
Please log in for more thread options
>> Roger, thanks again.
>
> not a problem at all Christian
>
>> I have tried all three solutions mentiones in ths thread, but it is like
>> no one can manage the situation the way I want. So what many of you said,
>> now I thinking that the app I made to encode data should handle the
>> authentication stuff
>>
>
> Unless you can hand authentication to the OS and take finer grain
> authorization on in your app (if the AuthN's context allows or not).
>
>> I really want to thanks all help I got from all of you. I wish I can help
>> anyone the way you helped me in the future
>>
>> Regards
I know I'm late jumping in here, but it seems to me there was a nearly
identical thread here last year. My contribution in that thread was to say
that preventing concurrent logons would have absolutely no effect whatsoever
on preventing authorized users from sharing their logon credentials with
those individuals not authorized. If an authorized user had friends who were
not authorized, he could just let them use his account when he was not using
it.
The ONLY way to know for sure that individual accounts are not being shared
is to have a strong policy against the practice, to apply sanctions when
violations occur, and to provide incentives for honesty, the main one being
showing trust in the user community. The weakest link (and also the
strongest) in any security or access mechanism is the user community.
/Al
>>
>
> Cheers
>
>>
>>>> Roger, making my app to control acces should be te last option. Because
>>>> a matter of time, I need to find out a solution aready builded, already
>>>> tested, and rady-to-use.
>>>>
>>>
>>> I do not know of what that ready-to-use solution would be.
>>> You app is controlling its listener and allowing/disallowing the
>>> connections. If using clients are not using one of the operating
>>> system's logins but rather just connecting to port your app uses,
>>> which is what it is coming to sound like, then it seems it is only
>>> your app that could exert the control.
>>>
>>> Roger
>>>
>>>
>>>>
>>>>>> Roger, you're right. I'm not preventing, I have a clue if I log trys
>>>>>> of multiple logins
>>>>>> The content is used 7*24*365. So a logged user will keep logged all
>>>>>> the time. Any attempt to log in with an already logged credential is
>>>>>> a violation (or error).
>>>>>>
>>>>>> You're also right about cconnect, I'm rebuilding my DC after trying,
>>>>>> but I think I made a mistake and I'm going to try again
>>>>>>
>>>>>> Another point is this, I need to prevent access to a mms (or http)
>>>>>> connection, not a shared resource in a netowrk
>>>>>>
>>>>>
>>>>> All three methods indicated, cconnect, limitlogon, and the share-based
>>>>> of the KB provided, intend to prevent a second local login.
>>>>> It sounds to me that you really want a mod in the app so that it does
>>>>> not
>>>>> allow a second connection to it using the same creds.
>>>>>
>>>>>
>>>>>>
>>>>>>> Hi Christian,
>>>>>>>
>>>>>>> I guess I do not understand how limiting to one session is in fact
>>>>>>> preventing unauthorized access.
>>>>>>> Assuming it somehow does help, then how does it make sure that
>>>>>>> the correct person is the one allowed the one available session?
>>>>>>>
>>>>>>> Anyway, cconnect and limitlogin are fairly heavy to implement.
>>>>>>> Take a look at the following for the select few accounts needed:
>>>>>>> http://support.microsoft.com/kb/260364
>>>>>>>
>>>>>>> Roger
>>>>>>>
>>>>>>>> I'm building a product that is accessed with a username and
>>>>>>>> password, and for preventing unauthorized access to it, I need to
>>>>>>>> prevent multiple simultaneous logons with the same username and
>>>>>>>> password
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Sorry about my English. Let me know if the answer is clear
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Christian
>>>>>>>>
>>>>>>>>> Why do you need to do this? What security risk do you need to
>>>>>>>>> mitigate?
>>>>>>>>>
>>>>>>>>> Steve Riley
>>>>>>>>> steve.riley@microsoft.com
>>>>>>>>> http://blogs.technet.com/steriley
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Hi, I have Windows 2003 domain working. I need to allow only one
>>>>>>>>>> network logon per user.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> The example is:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> User: username
>>>>>>>>>>
>>>>>>>>>> Status: Logged
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> If user username try to login from a different machine, and he is
>>>>>>>>>> logged in another, the login attempt must be denied
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> How can I accomplish this?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thanks in advance
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
| 
XML Sitemap