ansaurus

Question

In ASP.NET, how do I detect a password in a Word 2003 or 2007 file?

Answer 1

A:

Are you saying that you'd like to open/examine Word documents without using any Office interop at all? Good luck!

Possibly your only place to start would be to manually parse the docx yourself (the spec is published here). Really though, I'd suggest you bite the bullet and use the Office interop libraries, 'cause that's a much lighter weight requirement than parsing the document yourself. There's nothing that intrinsically prevents you doing that on a server application.

Dan Puzey 2010-07-01 13:47:49

re: prevention... Well, there are the licensing restrictions on Office Apps and its not always easy to convince a server administrator to install MS Office on a server, especially when MS-Office interop running in ASP.NET often leads to 100s of exel.exe and word.exe processes on the server.

MatthewMartin 2010-07-01 14:43:32

That's just another problem to solve, not a complete blocker. If you have sufficient business need then your admins will have to cede to that (and you have to deal with the ramifications); if not, then you need to find a different solution.

Dan Puzey 2010-07-01 15:09:55

um. no! Office running on the server is an unsupported configuration and something best left to dodgy hacker admins. If your trying to solve that problem, your solving the wrong problem.

Anonymous Type 2010-10-12 00:25:43

Answer 2

+5 A:

I think it is going to depend on the version of Microsoft Word. Older versions of Word (before 2007) will require some COM interop, because they are not saved in an open format. Nothing you can do to get around that, and I feel your frustrations with installing anything Office on a web server. Additionally, I believe the only way to detect password protection on these is to attempt to open/unprotect the file and catch a certain exception (you may have to further evaluate an error code within the exception as well). Not pretty!

However, for newer versions of word (2007+) saved in the open DOCX format (Standard ECMA-376), you can examine the XML and check for the existence of the DocumentProtection element with the w:enforcement attribute set to "on"...

<w:DocumentProtection
   w:edit="read-only"
   w:enforcement="on"
   w:unprotectPassword="1FC6CBEB"/>

Note: The password seen here is encrypted (obviously); I saved this particular document with a password of "test".

Josh Stodola 2010-07-01 13:54:37

I wish I could split the bounty! (I checked the FAQ to see if I could). This is indeed half of the answer. Otaku had the other half, thanks!

MatthewMartin 2010-07-06 00:39:48

@Matthew I am not here for points; glad to hear you found a solution!

Josh Stodola 2010-07-06 19:33:42

Answer 3

+5 A:

Unfortunately it's not available directly from .NET or DSOFile.dll, but you could create a wrapper in .NET to read the PIDSI_DOC_SECURITY property of any Office file to find out if it is password-protected or not without opening the document. There are a number of C++ samples out there that could be ported with a definition of iPropertyStorage.

A wrapped example is on TechTarget, but the wrapper seems to be unavailable.

Otaku 2010-07-01 22:37:42

ansaurus

tags:

views:

answers:

In ASP.NET, how do I detect a password in a Word 2003 or 2007 file?

related questions