tags:

views:

877

answers:

4
Q: 

Login method Customization using GINA

Hi All,

I know it's not easy to find a master in GINA, but my question is most near to Interprocess Communication(IPC), I wrote my custom GINA in unmanaged c++, I included it a method that checks for validity of a fingerprint for the user try to login, this function will call some method in a running system windows service written in c#, the code follows:

in GINA, unmanaged c++

if(Fingerprint.Validate(userName,finerprintTemplate)
{
    //perform login
}

in windows service, C#

public class Fingerprint
{
   public static bool Validate(string userName, byte[] finerprintTemplate)
   {
      //Preform Some code to validate fingerprintTemplate with userName
      //and retuen result
   }
}

Does anyone know how to do such Communication between GINA and the windows service, or simply between c++ written service and C# written service.

Thanks

+1  A: 

I'd strongly recommend that you use named pipes. They are fast, easy to use from the C# side, provided you are using .Net 3.5 or higher, and relatively easy from the C++ side (with lots of examples available). And most importantly very easy to secure by applying a simple security descriptor.

Stephen Martin  2009-02-07 15:29:06
+2  A: 

NISGINA is an open-source GINA plugin to authenticate against a NIS directory. If you haven't already seen this, it's the only example of an open-source GINA plugin that I'm aware of. If you haven't already, You might find it worth your while to peruse the source code for this.

Note that as of Windows Vista, GINA has been deprecated and replaced with another API called Credential Provider Architecture.

ConcernedOfTunbridgeWells  2009-02-07 15:37:39
+4  A: 

The canonical method for communicating with a service (or most IPC that potentially needs to cross a session/desktop boundary) is a named pipe. You can use mailslots as well, but you have to deal with duplication issues because mailslot messages get duped across all installed protocols, so you need some kind of tagging system... gets kinda messy.

See the docs for CreateNamedPipe and work your way out from there. I have talked between C++ and C# using pipes: the interop got a little messy (binary messages), but its do-able. There's some sample code for C# pipes (from both sides) here.

The nice thing about using a pipe for your specific service to service comms problem is you can expand the design later on to support a UI if you need it.

Bob Moore  2009-02-07 15:41:20
The only caveat I'd add about the use of mailslots is that they are not securable, for inter-service communication this is frequently a deal breaker.
Stephen Martin  2009-02-07 16:00:50
That's true enough. Not that I think he should use them anyway, I'm just a rabid completist when it comes to answering questions :-)
Bob Moore  2009-02-07 22:01:14
A: 

I'm curious if you followed the suggested "answers" and attempted the Named Pipe route? According to both this link and my own experience, GINA operates in a pre-authenticated (Session 0) context and any attempt to access a Named Pipe from your unmanaged C++ GINA dll will result in Error #5 "access is denied".

I believe Mailslots may be the only available Windows IPC mechanism that is actually available at that level, but I'm not even certain that will work (haven't tried.)

hemp  2009-07-21 01:08:20
Oh yes, there's also no guarantee that your service will have started yet at the time the GINA dll fires. Windows services continue to start while logon is in process - the non-deterministic start sequence helps the machine feel "faster" to end users.
hemp  2009-07-21 01:11:02
Your GINA runs under the SYSTEM account. This account can be given access to the named pipe just like any other account. The point about the service not having been started yet when your GINA is activated is a good one but relatively easy to get around by having your GINA wait on the service (or manually start it) as necessary.
Stephen Martin  2009-07-21 12:23:40

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?