Announcing Thinfinity VirtualUI v2 beta

Thinfinity VirtualUI helps developers to effortlessly take to the web Windows applications developed with .Net, Delphi, Visual C++ and the like.

Thinfinity VirtualUI v2.0
We are very excited to announce today the beta build of Thinfinity VirtualUI v2. This version includes several new major features that take VirtualUI to a new level of virtualization and integration.

The main new features in this release are:

  • New authentication scheme:
    • Support for RADIUS.
    • OAuth/2 (Google, Facebook, etc).
    • API for custom authentication.
    • Support for Single Sign-on.
  • Registry and File System Virtualization.
  • Session Recording and Playback.

Continue reading

Coming soon: Select the best authentication method for your apps

We are constantly working to improve Thinfinity VirtualUI to offer you more features and integration capabilities for your applications.

Have you ever thought about the benefits of adding Google, Facebook, Twitter or any other external authentication method o your apps?

Today we want to share with you a quick insight into one of our latest projects: the addition of many more login options to clear the way for user authentication.

 
Continue reading

Using One-Time URL for single sign-on scenarios or one-time invitations

Thinfinity VirtualUI offers a special access method called “One-Time URL”. This mechanism was designed to create a temporary, unique url to provide one-time access to a specific application. This temporary url is disposed as soon as it is used or after a specified period of time has elapsed.

These are the main scenarios where the One-Time URL access method is most useful:

 

  • Single Sign-on scenarios.
  • External authentication methods.
  • One-time invitations to run a program  (i.e. application demos/presentations).

  Continue reading

Implementing Single Sign-On authentication: How to use CAS with Thinfinity® Remote Desktop

security-padlockApplication integration in a web environment could require several instances of authentication, which sometimes can lead to annoying gaffes and mix-ups. Fortunately, the Single Sign On method will help us achieve the unified authentication of these users in a very simple and straightforward way. Let’s see how to implement it in Thinfinity® Remote Desktop.

 

What is CAS?

Central Authentication Service (“CAS”) is an authentication protocol, originally written at Yale University, created to provide a trusted Single Sign On (SSO) method for a web application to validate a user. Its purpose is to permit a user to access multiple applications while providing their credentials (such as user name, password, etc.) just a single time. Once the user is authenticated by an SSO, he/she doesn’t need to render his/her security credentials again.

 

The CASAuth demo

The CASAuth demo, which gets distributed in the product installation, is a simple example you can use to test your CAS authentication environment with Thinfinity® Remote Desktop. You can easily locate it from a shortcut in the Start menu, inside Thinfinity/Remote Desktop Server/Thinfinity Remote Desktop Server Demos. There are some simple but important things you should note along the way, so make sure to follow each step carefully. Let’s start!

In login.aspx.cs you have to replace the CASHOST with the URL of your CAS server. In a testing environment, for example, this might be:

 private const string CASHOST = "https://localhost:8081/cas-server-webapp-4.0.0/";

Make sure you are using a valid certificate so ASP.NET doesn’t reject it. If you don’t have a valid certificate, you can replace the certificate validation function with the following code:

 bool MyServerCertificateValidationCallback(object sender,
      X509Certificate certificate, X509Chain chain,
      System.Net.Security.SslPolicyErrors sslPolicyErrors)
 {
      return true;
 } 

and then assign this function to the ServicePointManager.ServerCertificateValidationCallback:

 ServicePointManager.ServerCertificateValidationCallback = MyServerCertificateValidationCallback;

If everything went as planned, these changes would ensure your CAS server is reached and, in case you are not already logged in, you would be redirected to this server to validate the user.

We now need to make some changes in the Default.aspx.cs page. At this point you have to replace the value of APIKey variable with the appropriate one from your environment. This variable is in the server ini configuration file. (Note: for information on how to find it please refer to: http://www.cybelesoft.com/helps/thinfinity/remote-desktop/server/apikey.html).

Also, you will notice that the dhc.Init method is being called. You have to replace the value passed to this function with the URL needed to reach your Thinfinity Remote Desktop server. Be careful! You need to make this change in the Default.aspx page too:


replacing http://localhost:8443 with the actual URL of your Thinfinity Remote Desktop Server.

Finally, there is a very important setting in this example that needs to be addressed. In Thinfinity Remote Desktop users can get access by using some methods related with the Single Sign On (SSO) feature. Currently, two SSO methods are implemented: Google’s OAuth authentication and Radius authentication. An alternative option is to authenticate directly through Active Directory or using the Windows user authentication.

One of the last lines in Default.aspx.cs states

encQuery = HttpUtility.UrlEncode(dhc.EncodeStr("_userid=" + Userid + "&_apikey=" + APIKey + "&_ssologin=1"));

On that line you have a very important setting: _ssologin. The use cases for this parameter are:

_ssologin=1 The authentication acts as a Google’s Oauth authentication and the Oauth mapping will be used to correctly identify the user.
_ssologin=2 The authentication acts as a Radius authentication and the Radius mapping will be used to correctly identify the user.
Not present If you remove the _ssologin from the string encoding process, the Active Directory or Windows authentication will be used.

(More info at http://www.cybelesoft.com/helps/thinfinity/remote-desktop/server/single-sign-on.html)

With all these settings correctly established, you will be able to use CAS as the authentication method for your Thinfinity Remote Desktop-enabled solution.