Good day all,
I currently have a VB Webservice that opens, edits and saves an MS Word 2003 document via impersonation (my code is below, for those searching for impersonation techniques).
Everything works fine, what I would like to know is if there is a better way of manipulating an MS Word 2003 document without using impersonation? Due to security reasons, I am hoping to find a better way of approaching this.
I would highly appreciate it if you could help me out on this (if it is even possible!)
Thanks a lot
Rossouw de Bruin
Code:
I currently have a VB Webservice that opens, edits and saves an MS Word 2003 document via impersonation (my code is below, for those searching for impersonation techniques).
Everything works fine, what I would like to know is if there is a better way of manipulating an MS Word 2003 document without using impersonation? Due to security reasons, I am hoping to find a better way of approaching this.
I would highly appreciate it if you could help me out on this (if it is even possible!)
Thanks a lot
Rossouw de Bruin
Code:
Code:
' Values used by the LogonUser function's logonType parameter
Public Enum LogonType
LOGON32_LOGON_INTERACTIVE = 2
LOGON32_LOGON_NETWORK = 3
LOGON32_LOGON_BATCH = 4
LOGON32_LOGON_SERVICE = 5
LOGON32_LOGON_UNLOCK = 7
LOGON32_LOGON_NETWORK_CLEARTEXT = 8
LOGON32_LOGON_NEW_CREDENTIALS = 9
End Enum
' Values used by the LogonUser function's logonProvider parameter
Public Enum LogonProvider
LOGON32_PROVIDER_DEFAULT = 0
LOGON32_PROVIDER_WINNT35 = 1
LOGON32_PROVIDER_WINNT40 = 2
LOGON32_PROVIDER_WINNT50 = 3
End Enum
Declare Function LogonUser Lib "advapi32.dll" Alias _
"LogonUserA" ( ByVal username As String, _
ByVal domain As String, _
ByVal password As String, _
ByVal logonType As LogonType, _
ByVal logonProvider As LogonProvider, _
ByRef token As IntPtr _
) As Integer
Public Sub LetterTemplate()
Dim username As String = "username"
Dim domain As String = "domain"
Dim password As String = "password"
' A handle to the user who will be impersonated
Dim token As IntPtr
' Log the user into Windows.
Dim bLogonSuccessful As Boolean = Convert.ToBoolean( _
LogonUser( _
username, domain, password, _
LogonType.LOGON32_LOGON_NETWORK, _
LogonProvider.LOGON32_PROVIDER_DEFAULT, token))
If Not bLogonSuccessful Then
"Return something"
End If
' Create a WindowsIdentity object that represents the logged-in user.
Dim ident As New System.Security.Principal.WindowsIdentity(token)
' Impersonate the user.
Dim ctx As System.Security.Principal.WindowsImpersonationContext = ident.Impersonate()
'...... some other code
'Release the impersonation
ctx.Undo()
End Sub