locked
InteropServices vs. manual import of COM .dll reference RRS feed

  • Question

  • User-499946135 posted

    I've a question about InteropServices vs. manual import an external COM .dll reference.

    For example, I've added a COM reference in Visual Studio 2008 (in Windows Server 2003),
    and then create an object and class of the imported COM reference.

    1    using CERTADMINLib;
    2    CERTADMINLib.CCertAdmin myObject = new CERTADMINLib.CCertAdminClass();

    This works perfectly when I use Windows Server 2003 or Windows Server 2008 because the
    the file "certadm.dll" is stored in the C:\WINDOWS\System32 directory on these platforms as default.

    BUT, this is not possible when I browse the application from a client (i.e. Windows XP or Windows Vista),
    because the file "certadm.dll" NOT is stored in the System32 directory.

    So my question is:
    Is it possible to use the server COM reference and create an object on a Windows client without install and registry
    the .dll file on each client?

    I've heard about InteropServices and DllImportAttribute Class but I don't know if the scenario will be exacly the same
    as the example above.

    Suggestions folks??

    Regards,
    Jonas

    Thursday, January 29, 2009 5:47 PM

Answers

  • User-499946135 posted

    Hi again,

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>I've discovered that this is a permission access problem to the Certificate Authority on my Windows Server platform.<o:p></o:p>

    When I try to create an object from the Certificate Authority service, I get the result: Access Denied :(

    The problem is that I can’t impersonate my user as an administrator, the only configuration that will work is this syntax in the web.config file:
    <identity impersonate=”true” userName=”myDomain\myAdministrator” password=”myPassword” />
    The problem with this is that the user “myAdministrator” will be impersonated for the whole web application.

    I've tried to use programmatic impersonation like the example below but I still get the same "Access Denied" result :(

    <o:p></o:p><o:p>
    1    WindowsImpersonationContext impersonationContext = null;
    2    IPrincipal principalUser = this.User;
    3    WindowsIdentity principalID = (WindowsIdentity)principalUser.Identity;
    4    impersonationContext = principalID.Impersonate();
    5    
    6                CERTADMINLib.CCertAdmin myObject = new CERTADMINLib.CCertAdminClass();
    7 8 try 9 { 10 myObject.OpenConnection("myServer\\myCA"); 11 Response.Write("<b>Successfullt connected to the certificate authority service.</b>"); 12 } 13 catch (Exception err) 14 { 15 Response.Write(err); 16 } 17 finally 18 { 19 20 } 21 22 impersonationContext.Undo(); 23
     
    <o:p></o:p>
    </o:p>

     

    I've also tried to impersonate the user like the example below but I still get the same "Access Denied" result :(

     
    1    using System;
    2    using System.Collections;
    3    using System.ComponentModel;
    4    using System.Data;
    5    using System.Drawing;
    6    using System.Web;
    7    using System.Web.SessionState;
    8    using System.Web.UI;
    9    using System.Web.UI.WebControls;
    10   using System.Web.UI.HtmlControls;
    11   
    12   using System.Runtime.InteropServices;
    13   using System.Text;
    14   
    15   namespace Westwind.WebStore.Demos
    16   {
    17   /// &lt;summary&gt;
    18   /// Summary description for Test.
    19   /// </summary>
    20   public class Test : System.Web.UI.Page
    21   {
    22   
    23   	const int LOGON32_LOGON_INTERACTIVE       = 2;
    24   	const int LOGON32_LOGON_NETWORK           = 3;
    25   	const int LOGON32_LOGON_BATCH             = 4;
    26   	const int LOGON32_LOGON_SERVICE           = 5;
    27   	const int LOGON32_LOGON_UNLOCK            = 7;
    28   	const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
    29   	const int LOGON32_LOGON_NEW_CREDENTIALS   = 9;
    30   	const int LOGON32_PROVIDER_DEFAULT        = 0;
    31   
    32   	[DllImport("advapi32.dll", SetLastError=true)]
    33   	public static extern int LogonUser(
    34   		string lpszUsername, 
    35   		string lpszDomain, 
    36   		string lpszPassword, 
    37   		int dwLogonType, 
    38   		int dwLogonProvider, 
    39   		out IntPtr phToken
    40   		);
    41   	[DllImport("advapi32.dll", SetLastError=true)]
    42   	public static extern int ImpersonateLoggedOnUser(
    43   		IntPtr hToken
    44   	);
    45   
    46   	[DllImport("advapi32.dll", SetLastError=true)]
    47   	static extern int RevertToSelf();
    48   
    49   	[DllImport("kernel32.dll", SetLastError=true)]
    50   	static extern int CloseHandle(IntPtr hObject);
    51   
    52   	private void Page_Load(object sender, System.EventArgs e)
    53   	{
    54   		Response.Write( Environment.UserName + "&lt;hr>");
    55   
    56   		IntPtr lnToken;
    57   		int TResult = LogonUser("myAdministrator","myDomain.com","myPassword",					LOGON32_LOGON_NETWORK,LOGON32_PROVIDER_DEFAULT,					out lnToken);
    58   		if ( TResult > 0 )
    59   		{
    60   			ImpersonateLoggedOnUser(lnToken);
    61   			StringBuilder sb = new StringBuilder(80,80);
    62   		
    63   			uint Size = 79;
    64   			Response.Write( Environment.UserName + " - " + 					this.User.Identity.Name + "&lt;hr>");
    65   
    66   			RevertToSelf();
    67   			Response.Write("&lt;hr>" + Environment.UserName);
    68   
    69   			CloseHandle(lnToken);
    70   		}
    71   		else 
    72   		{
    73   			Response.Write("Not logged on: " + Environment.UserName);
    74   		}
    75   
    76   
    77   		return;
    78   
    79   	}}
    

     

    So, how can the impersonation through the web.config file (example above) work perfectly but not the programmatic impersonation?

    [EDIT]
    For your information: All of these examples above works perfectly if the certificate authority, domain controller and IIS are installed on the same server.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 2, 2009 9:54 AM