Accessing a Shared File (UNC) From a Remote, Non-Trusted Domain With Credentials
We\'ve run into an interesting situation that needs solving, and my searches have turned up nill. I therefore appeal to the SO community for help.
The issue is this:
-
Rather than WNetUseConnection, I would recommend NetUseAdd. WNetUseConnection is a legacy function that's been superceded by WNetUseConnection2 and WNetUseConnection3, but all of those functions create a network device that's visible in Windows Explorer. NetUseAdd is the equivalent of calling net use in a DOS prompt to authenticate on a remote computer.
If you call NetUseAdd then subsequent attempts to access the directory should succeed.
讨论(0) -
While I don't know myself, I would certainly hope that #2 is incorrect...I'd like to think that Windows isn't going to AUTOMATICALLY give out my login information (least of all my password!) to any machine, let alone one that isn't part of my trust.
Regardless, have you explored the impersonation architecture? Your code is going to look similar to this:
using (System.Security.Principal.WindowsImpersonationContext context = System.Security.Principal.WindowsIdentity.Impersonate(token)) { // Do network operations here context.Undo(); }In this case, the
tokenvariable is an IntPtr. In order to get a value for this variable, you'll have to call the unmanaged LogonUser Windows API function. A quick trip to pinvoke.net gives us the following signature:[System.Runtime.InteropServices.DllImport("advapi32.dll", SetLastError = true)] public static extern bool LogonUser( string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, out IntPtr phToken );Username, domain, and password should seem fairly obvious. Have a look at the various values that can be passed to dwLogonType and dwLogonProvider to determine the one that best suits your needs.
This code hasn't been tested, as I don't have a second domain here where I can verify, but this should hopefully put you on the right track.
讨论(0) -
AFAIK, you don't need to map the UNC path to a drive letter in order to establish credentials for a server. I regularly used batch scripts like:
net use \\myserver /user:username password :: do something with \\myserver\the\file\i\want.xml net use /delete \\my.server.comHowever, any program running on the same account as your program would still be able to access everything that
username:passwordhas access to. A possible solution could be to isolate your program in its own local user account (the UNC access is local to the account that calledNET USE).Note: Using SMB accross domains is not quite a good use of the technology, IMO. If security is that important, the fact that SMB lacks encryption is a bit of a damper all by itself.
讨论(0) -
For people looking for a quick solution, you can use the
NetworkShareAccesserI wrote recently (based on this answer (thanks so much!)):Usage:
using (NetworkShareAccesser.Access(REMOTE_COMPUTER_NAME, DOMAIN, USER_NAME, PASSWORD)) { File.Copy(@"C:\Some\File\To\copy.txt", @"\\REMOTE-COMPUTER\My\Shared\Target\file.txt"); }WARNING: Please make absolutely sure, that
Disposeof theNetworkShareAccesseris called (even if you app crashes!), otherwise an open connection will remain on Windows. You can see all open connections by opening thecmdprompt and enternet use.The Code:
/// <summary> /// Provides access to a network share. /// </summary> public class NetworkShareAccesser : IDisposable { private string _remoteUncName; private string _remoteComputerName; public string RemoteComputerName { get { return this._remoteComputerName; } set { this._remoteComputerName = value; this._remoteUncName = @"\\" + this._remoteComputerName; } } public string UserName { get; set; } public string Password { get; set; } #region Consts private const int RESOURCE_CONNECTED = 0x00000001; private const int RESOURCE_GLOBALNET = 0x00000002; private const int RESOURCE_REMEMBERED = 0x00000003; private const int RESOURCETYPE_ANY = 0x00000000; private const int RESOURCETYPE_DISK = 0x00000001; private const int RESOURCETYPE_PRINT = 0x00000002; private const int RESOURCEDISPLAYTYPE_GENERIC = 0x00000000; private const int RESOURCEDISPLAYTYPE_DOMAIN = 0x00000001; private const int RESOURCEDISPLAYTYPE_SERVER = 0x00000002; private const int RESOURCEDISPLAYTYPE_SHARE = 0x00000003; private const int RESOURCEDISPLAYTYPE_FILE = 0x00000004; private const int RESOURCEDISPLAYTYPE_GROUP = 0x00000005; private const int RESOURCEUSAGE_CONNECTABLE = 0x00000001; private const int RESOURCEUSAGE_CONTAINER = 0x00000002; private const int CONNECT_INTERACTIVE = 0x00000008; private const int CONNECT_PROMPT = 0x00000010; private const int CONNECT_REDIRECT = 0x00000080; private const int CONNECT_UPDATE_PROFILE = 0x00000001; private const int CONNECT_COMMANDLINE = 0x00000800; private const int CONNECT_CMD_SAVECRED = 0x00001000; private const int CONNECT_LOCALDRIVE = 0x00000100; #endregion #region Errors private const int NO_ERROR = 0; private const int ERROR_ACCESS_DENIED = 5; private const int ERROR_ALREADY_ASSIGNED = 85; private const int ERROR_BAD_DEVICE = 1200; private const int ERROR_BAD_NET_NAME = 67; private const int ERROR_BAD_PROVIDER = 1204; private const int ERROR_CANCELLED = 1223; private const int ERROR_EXTENDED_ERROR = 1208; private const int ERROR_INVALID_ADDRESS = 487; private const int ERROR_INVALID_PARAMETER = 87; private const int ERROR_INVALID_PASSWORD = 1216; private const int ERROR_MORE_DATA = 234; private const int ERROR_NO_MORE_ITEMS = 259; private const int ERROR_NO_NET_OR_BAD_PATH = 1203; private const int ERROR_NO_NETWORK = 1222; private const int ERROR_BAD_PROFILE = 1206; private const int ERROR_CANNOT_OPEN_PROFILE = 1205; private const int ERROR_DEVICE_IN_USE = 2404; private const int ERROR_NOT_CONNECTED = 2250; private const int ERROR_OPEN_FILES = 2401; #endregion #region PInvoke Signatures [DllImport("Mpr.dll")] private static extern int WNetUseConnection( IntPtr hwndOwner, NETRESOURCE lpNetResource, string lpPassword, string lpUserID, int dwFlags, string lpAccessName, string lpBufferSize, string lpResult ); [DllImport("Mpr.dll")] private static extern int WNetCancelConnection2( string lpName, int dwFlags, bool fForce ); [StructLayout(LayoutKind.Sequential)] private class NETRESOURCE { public int dwScope = 0; public int dwType = 0; public int dwDisplayType = 0; public int dwUsage = 0; public string lpLocalName = ""; public string lpRemoteName = ""; public string lpComment = ""; public string lpProvider = ""; } #endregion /// <summary> /// Creates a NetworkShareAccesser for the given computer name. The user will be promted to enter credentials /// </summary> /// <param name="remoteComputerName"></param> /// <returns></returns> public static NetworkShareAccesser Access(string remoteComputerName) { return new NetworkShareAccesser(remoteComputerName); } /// <summary> /// Creates a NetworkShareAccesser for the given computer name using the given domain/computer name, username and password /// </summary> /// <param name="remoteComputerName"></param> /// <param name="domainOrComuterName"></param> /// <param name="userName"></param> /// <param name="password"></param> public static NetworkShareAccesser Access(string remoteComputerName, string domainOrComuterName, string userName, string password) { return new NetworkShareAccesser(remoteComputerName, domainOrComuterName + @"\" + userName, password); } /// <summary> /// Creates a NetworkShareAccesser for the given computer name using the given username (format: domainOrComputername\Username) and password /// </summary> /// <param name="remoteComputerName"></param> /// <param name="userName"></param> /// <param name="password"></param> public static NetworkShareAccesser Access(string remoteComputerName, string userName, string password) { return new NetworkShareAccesser(remoteComputerName, userName, password); } private NetworkShareAccesser(string remoteComputerName) { RemoteComputerName = remoteComputerName; this.ConnectToShare(this._remoteUncName, null, null, true); } private NetworkShareAccesser(string remoteComputerName, string userName, string password) { RemoteComputerName = remoteComputerName; UserName = userName; Password = password; this.ConnectToShare(this._remoteUncName, this.UserName, this.Password, false); } private void ConnectToShare(string remoteUnc, string username, string password, bool promptUser) { NETRESOURCE nr = new NETRESOURCE { dwType = RESOURCETYPE_DISK, lpRemoteName = remoteUnc }; int result; if (promptUser) { result = WNetUseConnection(IntPtr.Zero, nr, "", "", CONNECT_INTERACTIVE | CONNECT_PROMPT, null, null, null); } else { result = WNetUseConnection(IntPtr.Zero, nr, password, username, 0, null, null, null); } if (result != NO_ERROR) { throw new Win32Exception(result); } } private void DisconnectFromShare(string remoteUnc) { int result = WNetCancelConnection2(remoteUnc, CONNECT_UPDATE_PROFILE, false); if (result != NO_ERROR) { throw new Win32Exception(result); } } /// <summary> /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. /// </summary> /// <filterpriority>2</filterpriority> public void Dispose() { this.DisconnectFromShare(this._remoteUncName); } }讨论(0)
加载中...
- 热议问题