Chapter 71. How to Prompt for a Password

Prompting the user for credentials is a tricky business. First of all, it's best never to do this if you can avoid it because it trains the user to type his password whenever asked. How do you know that next time it won't be a Trojan horse asking? The operating system itself takes this pretty seriously. On a server, you have to press control+alt+delete before the operating system will ask for credentials. Have you ever wondered why this is? This key sequence can't be trapped by user-mode code; it can only be trapped by privileged code (kernel-mode code), which is part of the operating system. This is what's called a “secure attention sequence”: you're literally getting the attention of the real operating ...

Get The .NET Developer's Guide to Windows Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.