Login method Customization using GINA

I know it's not easy to find a master in GINA, but my question is most near to Interprocess Communication(IPC), I wrote my custom GINA in unmanaged c++, I included it a method that checks for validity of a fingerprint for the user try to login, this function will call some method in a running system windows service written in c#, the code follows:

in GINA, unmanaged c++

if(Fingerprint.Validate(userName,finerprintTemplate)
{
    //perform login
}

in windows service, C#

public class Fingerprint
{
   public static bool Validate(string userName, byte[] finerprintTemplate)
   {
      //Preform Some code to validate fingerprintTemplate with userName
      //and retuen result
   }
}

Does anyone know how to do such Communication between GINA and the windows service, or simply between c++ written service and C# written service.

Thanks

Answers


The canonical method for communicating with a service (or most IPC that potentially needs to cross a session/desktop boundary) is a named pipe. You can use mailslots as well, but you have to deal with duplication issues because mailslot messages get duped across all installed protocols, so you need some kind of tagging system... gets kinda messy.

See the docs for CreateNamedPipe and work your way out from there. I have talked between C++ and C# using pipes: the interop got a little messy (binary messages), but its do-able. There's some sample code for C# pipes (from both sides) here.

The nice thing about using a pipe for your specific service to service comms problem is you can expand the design later on to support a UI if you need it.


NISGINA is an open-source GINA plugin to authenticate against a NIS directory. If you haven't already seen this, it's the only example of an open-source GINA plugin that I'm aware of. If you haven't already, You might find it worth your while to peruse the source code for this.

Note that as of Windows Vista, GINA has been deprecated and replaced with another API called Credential Provider Architecture.


I'd strongly recommend that you use named pipes. They are fast, easy to use from the C# side, provided you are using .Net 3.5 or higher, and relatively easy from the C++ side (with lots of examples available). And most importantly very easy to secure by applying a simple security descriptor.


I'm curious if you followed the suggested "answers" and attempted the Named Pipe route? According to both this link and my own experience, GINA operates in a pre-authenticated (Session 0) context and any attempt to access a Named Pipe from your unmanaged C++ GINA dll will result in Error #5 "access is denied".

I believe Mailslots may be the only available Windows IPC mechanism that is actually available at that level, but I'm not even certain that will work (haven't tried.)


Need Your Help

Xcode's debugger is giving me <????> (question marks). What do I do?

multithreading ios xcode

This is what I see when my app crashes (for no obvious reason, sometimes on startup, sometimes much later on).

iPhone: how to work with this NSArray

iphone

in my NSArray contains below info like userName, screenName, Description etc

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.