Re: How does a VB.Net program access a share?
From: Claudio Majewski (claudio@san.rr.com)
Date: 10/25/02
- Next message: Charles: "Project Creation Errors"
- Previous message: donnib: "Image database, thumbnail and so on !!!!"
- In reply to: Harold A. Mackey: "How does a VB.Net program access a share?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Claudio Majewski" <claudio@san.rr.com> Date: Thu, 24 Oct 2002 15:34:24 -0700
Have you tried impersonation?
The following example demonstrates how to impersonate a user and then revert
to the original identity.
[Visual Basic]
Imports System
Imports System.Runtime.InteropServices
Imports System.Security.Principal
Imports System.Security.Permissions
<Assembly:SecurityPermissionAttribute(SecurityAction.RequestMinimum,
UnmanagedCode := true)>
Public Class Impersonation
<DllImport("C:\\WINNT\\System32\\advapi32.dll")> _
Public Shared Function LogonUser(lpszUsername As String, lpszDomain As
String, lpszPassword As String, _
dwLogonType As Integer, dwLogonProvider As Integer, ByRef
phToken As Integer) As Boolean
End Function
<DllImport("C:\\WINNT\\System32\\Kernel32.dll")> _
Public Shared Function GetLastError() As Integer
End Function
Public Shared Sub Main(args() As String)
'The Windows NT user token.
Dim token1 As Integer
'Get the user token for the specified user, machine, and password
using the unmanaged LogonUser method.
'The parameters for LogonUser are the user name, computer name,
password,
'Logon type (LOGON32_LOGON_NETWORK_CLEARTEXT), Logon provider
(LOGON32_PROVIDER_DEFAULT),
'and user token.
Dim loggedOn As Boolean = LogonUser("bob", "AARDVARK", "coffee", 3, 0,
token1)
Console.WriteLine("LogonUser called")
'Call GetLastError to try to determine why logon failed if it did not
succeed.
Dim ret As Integer = GetLastError()
Console.WriteLine("LogonUser Success? " + loggedOn)
Console.WriteLine("NT Token Value: " + token1)
If ret <> 0 Then
Console.WriteLine("Error code (126 == ""Specified module could not
be found""): " + ret)
End If
'Starting impersonation here:
Console.WriteLine("Before impersonation:")
Dim mWI1 As WindowsIdentity = WindowsIdentity.GetCurrent()
Console.WriteLine(mWI1.Name)
Console.WriteLine(mWI1.Token)
Dim token2 As IntPtr = new IntPtr(token1)
Console.WriteLine("New identity created:")
Dim mWI2 As WindowsIdentity = new WindowsIdentity(token2)
Console.WriteLine(mWI2.Name)
Console.WriteLine(mWI2.Token)
'Impersonate the user.
Dim mWIC As WindowsImpersonationContext = mWI2.Impersonate()
Console.WriteLine("After impersonation:")
Dim mWI3 As WindowsIdentity = WindowsIdentity.GetCurrent()
Console.WriteLine(mWI3.Name)
Console.WriteLine(mWI3.Token)
'Revert to previous identity.
mWIC.Undo()
Console.WriteLine("After impersonation is reverted:")
Dim mWI4 As WindowsIdentity = WindowsIdentity.GetCurrent()
Console.WriteLine(mWI4.Name)
Console.WriteLine(mWI4.Token)
End Sub
End Class
"Harold A. Mackey" <mackeyha2@hotmail.com> wrote in message
news:uZ0EQU2eCHA.1992@tkmsftngp11...
> Gurus
> I have a share on a domain controller that a vb.net program accesses to
> place files there. I run this program on a machine that is not logged in
as
> a member of that domain. My name and password are identical on both
domains
> but the domains do not trust each other. (One is a BackOffice server)
> I have full permissions on the share and am a member of the administrators
> group. The administrators group has rwx access. If I remove the
> administrator permissions on this share my vb.net program will not work.
> This seems inconsistent.
> What is the proper method, in terms of security, of allowing a program to
> access shares on a server?
>
> Thanks
> Harold Mackey
>
>
- Next message: Charles: "Project Creation Errors"
- Previous message: donnib: "Image database, thumbnail and so on !!!!"
- In reply to: Harold A. Mackey: "How does a VB.Net program access a share?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
