C# : Windows Impersonation
The WindowsImpersonationContext class provides us with the ability to impersonate an user.
In the following post we're going to look at how to write to a protected shared folder
using impersonation.
You will notice that the WindowsImpersonationContext class doesn't have a constructor, nor
any static methods defined - one can however get an instance of this class via the Impersonate static
method in the WindowsIdentity class, observe:
using (WindowsImpersonationContext context = WindowsIdentity.Impersonate(token)) { // Some operation requiring impersonation }
Note, the WindowsImpersonationContext class implements the IDisposable interface which enables us to use the using clause - code out of scope (running outside) the using clause won't be executed within context of the impersonated user.
In order for our impersonation to work, we need to pass a primary token to our method, to retrieve the token, we'll need to import a method from the "Advanced Services" assembly (advapi32.dll) like this:
[DllImport("advapi32.dll", SetLastError = true)] public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
And an import to dispose of the token.
[DllImport("kernel32.dll")] public static extern bool CloseHandle(IntPtr token);
You might have noticed the LogonType and LogonProvider parameters in the LogonUser method, we need to tell the API by which means authentication must happen - to simplify this, I created two enum's:
enum LogonType { Interactive = 2, Network = 3, Batch = 4, Service = 5, Unlock = 7, NetworkClearText = 8, NewCredentials = 9 } enum LogonProvider { Default = 0, WinNT35 = 1, WinNT40 = 2, WinNT50 = 3 }
I am not going to go into too much depth about these providers, but lets have a quick look at the Interactive and NewCredentials LogonTypes.
Using the Interactive LogonType will look something like this:
IntPtr token = IntPtr.Zero; bool valid = LogonUser("username", "yourdomain.com", "password", (int)LogonType.Interactive, (int)LogonProvider.Default, ref token); if (valid) { using (WindowsImpersonationContext context = WindowsIdentity.Impersonate(token)) { CloseHandle(token); File.WriteAllBytes(@"\\yourserver\someshare\test.txt", new byte[] { }); } }
Now this is all nice and all when we're impersonating someone thats on the same domain as us, but what about impersonating outside our domain?
This is where I found the NewCredentials LogonType useful, since it authenticates cross domain:
IntPtr token = IntPtr.Zero; LogonUser("username", "yourdomain.com", "password", (int)LogonType.NewCredentials, (int)LogonProvider.WinNT50, ref token); using (WindowsImpersonationContext context = WindowsIdentity.Impersonate(token)) { CloseHandle(token); File.WriteAllBytes(@"\\yourserver\someshare\test.txt", new byte[] { }); }
I didnt include the valid bool in the preceding snippet, this is because you'll find that the LogonUser method seems to always return true when using the NewCredentials LogonType since authentication only happens when you're accessing the resource, in this case the File.WriteAllBytes method.
Posted by - Christoff Truter
Date - 2010-05-04 17:23:11
Comments - 2
Date - 2010-05-04 17:23:11
Comments - 2
C#: OCR (Optical Character Recognition)
The past few weeks we've been looking for a suitable OCR solution to
integrate into our document management system.
One option we came across involves MODI (Microsoft Office Document Imaging) -
a tool available within Microsoft Office 2003 - 2007 (not available in Microsoft Office 2010).
Simply include the MODI Type library (COM Interop) and process your image(s) like this:
using MODI; class Program { static void Main(string[] args) { DocumentClass doc = new DocumentClass(); doc.Create("test1.tiff"); doc.OCR(MiLANGUAGES.miLANG_ENGLISH, true, true); doc.SaveAs("test2.tiff", MiFILE_FORMAT.miFILE_FORMAT_TIFF, MiCOMP_LEVEL.miCOMP_LEVEL_MEDIUM); } }
Its quite a powerful OCR engine, but the engine behind MODI isn't microsoft based - it is licensed under ScanSoft inc - currently Nuance.
There is one part I do find a bit dodgy though, we found quite a few rather expensive OCR tools out there (from $600), that integrates with MODI - which obviously requires Microsoft Office.
I almost feel that those application belong in the freeware realm - since you already bought a license to the core OCR functionality (via MS Office) and most of the non-OCR (part you will be paying for) seems rather mediocre.
My personal opinion though... ;)
Posted by - Christoff Truter
Date - 2010-05-03 18:24:05
Comments - 0
Date - 2010-05-03 18:24:05
Comments - 0
First 6 7 8 9 10 11 12 13 14 15 Last / 42 Pages (83 Entries)