an interface for the user authentication More...
Public Member Functions | |
| bool | SetPassword (string AUserID, string APassword) |
| Set Password More... | |
| bool | LockSysadmin () |
| Lock the user SYSADMIN More... | |
| bool | AddUser (string AUserID, string APassword="") |
| Adds a new user More... | |
| bool | PerformUserAuthentication (string AUserName, string APassword, string AClientComputerName, string AClientIPAddress, out Boolean ASystemEnabled, TDBTransaction ATransaction) |
| Authenticates a user. More... | |
| void | SimulatePasswordAuthenticationForNonExistingUser () |
| Call this Method when a log-in is attempted for a non-existing user (!) so that the time that is spent on 'authenticating' them is as long as is spent on authenticating existing users. This is done so that an attacker that tries to perform user authentication with 'username guessing' cannot easily tell that the user doesn't exist by checking the time in which the server returns an error (this is an attack vector called 'timing attack')! More... | |
Detailed Description
an interface for the user authentication
Member Function Documentation
◆ AddUser()
| bool Ict.Common.Remoting.Server.IUserManager.AddUser | ( | string | AUserID, |
| string | APassword = "" |
||
| ) |
Adds a new user
Implemented in Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager.
◆ LockSysadmin()
| bool Ict.Common.Remoting.Server.IUserManager.LockSysadmin | ( | ) |
Lock the user SYSADMIN
Implemented in Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager.
◆ PerformUserAuthentication()
| bool Ict.Common.Remoting.Server.IUserManager.PerformUserAuthentication | ( | string | AUserName, |
| string | APassword, | ||
| string | AClientComputerName, | ||
| string | AClientIPAddress, | ||
| out Boolean | ASystemEnabled, | ||
| TDBTransaction | ATransaction | ||
| ) |
Authenticates a user.
Implemented in Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager.
◆ SetPassword()
| bool Ict.Common.Remoting.Server.IUserManager.SetPassword | ( | string | AUserID, |
| string | APassword | ||
| ) |
Set Password
Implemented in Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager.
◆ SimulatePasswordAuthenticationForNonExistingUser()
| void Ict.Common.Remoting.Server.IUserManager.SimulatePasswordAuthenticationForNonExistingUser | ( | ) |
Call this Method when a log-in is attempted for a non-existing user (!) so that the time that is spent on 'authenticating' them is as long as is spent on authenticating existing users. This is done so that an attacker that tries to perform user authentication with 'username guessing' cannot easily tell that the user doesn't exist by checking the time in which the server returns an error (this is an attack vector called 'timing attack')!
Implemented in Ict.Petra.Server.MSysMan.Maintenance.UserManagement.TUserManager.
The documentation for this interface was generated from the following file:
- csharp/ICT/Common/Remoting/Server/Interfaces.cs
