How to implement SSO (Single Sign On) for a WinForms app and SQL Server

Question

We have a WinForms application that uses SQL server to store its data. To authenticate the application users, we are using SQL Server to do the authentication. The user must have a username/password that exists on the database server to be able to log in.

So far so good.

Now one of our customers wants us to implement single sign on. They want to be able to start our app without entering any username/password, they want to use Windows to authenticate the user.

Do you have any advice about how we could implement this?

Answer 1

I'd say using active directory and SSPI (aka trusted connections). This would normally make use of kerberos authentication.

If you have a notion of a user in your database such as a Users table you can add another column or have a separate table to store that user's domain login name (eg, [email protected]). You more commonly see somedomain\johnsmith, but the @ method is the newer, prefered representation.

Answer 2

See this article WinForms App Single Sign On in 2 Lines of Code.

Many developers are unaware of two information rich objects available to them for role-based validation and that can also be leveraged to verify authenticated access, essentially single sign on (SSO), to their application because the user has already logged onto the desktop. These are the WindowPrincipal and WindowsIdentity objects. The purpose of this screencast is to demystify how to leverage the rich information these objects provide – starting with just 2 lines of code.