This message was discovered on microsoft.public.dotnet.framework.aspnet.security.
| Harold A. Mackey |
| GOOD ANSWER |
Gurus
I have a share on a domain controller that a vb.net program accesses to
place files there. I run this program on a machine that is not logged in as
a member of that domain. My name and password are identical on both domains
but the domains do not trust each other. (One is a BackOffice server)
I have full permissions on the share and am a member of the administrators
group. The administrators group has rwx access. If I remove the
administrator permissions on this share my vb.net program will not work.
This seems inconsistent.
What is the proper method, in terms of security, of allowing a program to
access shares on a server?
Thanks
Harold Mackey
|
|
|
| |
|
|
| |
| |
| Claudio Majewski |
| GOOD ANSWER |
Have you tried impersonation?
The following example demonstrates how to impersonate a user and then revert
to the original identity.
[Visual Basic]
Imports System
Imports System.Runtime.InteropServices
Imports System.Security.Principal
Imports System.Security.Permissions
<Assembly:SecurityPermissionAttribute(SecurityAction.RequestMinimum,
UnmanagedCode := true)>
Public Class Impersonation
<DllImport("C:\\WINNT\\System32\\advapi32.dll")> _
Public Shared Function LogonUser(lpszUsername As String, lpszDomain As
String, lpszPassword As String, _
dwLogonType As Integer, dwLogonProvider As Integer, ByRef
phToken As Integer) As Boolean
End Function
<DllImport("C:\\WINNT\\System32\\Kernel32.dll")> _
Public Shared Function GetLastError() As Integer
End Function
Public Shared Sub Main(args() As String)
'The Windows NT user token.
Dim token1 As Integer
'Get the user token for the specified user, machine, and password
using the unmanaged LogonUser method.
'The parameters for LogonUser are the user name, computer name,
password,
'Logon type (LOGON32_LOGON_NETWORK_CLEARTEXT), Logon provider
(LOGON32_PROVIDER_DEFAULT),
'and user token.
Dim loggedOn As Boolean = LogonUser("bob", "AARDVARK", "coffee", 3, 0,
token1)
Console.WriteLine("LogonUser called")
'Call GetLastError to try to determine why logon failed if it did not
succeed.
Dim ret As Integer = GetLastError()
Console.WriteLine("LogonUser Success? " + loggedOn)
Console.WriteLine("NT Token Value: " + token1)
If ret <> 0 Then
Console.WriteLine("Error code (126 == ""Specified module could not
be found""): " + ret)
End If
'Starting impersonation here:
Console.WriteLine("Before impersonation:")
Dim mWI1 As WindowsIdentity = WindowsIdentity.GetCurrent()
Console.WriteLine(mWI1.Name)
Console.WriteLine(mWI1.Token)
Dim token2 As IntPtr = new IntPtr(token1)
Console.WriteLine("New identity created:")
Dim mWI2 As WindowsIdentity = new WindowsIdentity(token2)
Console.WriteLine(mWI2.Name)
Console.WriteLine(mWI2.Token)
'Impersonate the user.
Dim mWIC As WindowsImpersonationContext = mWI2.Impersonate()
Console.WriteLine("After impersonation:")
Dim mWI3 As WindowsIdentity = WindowsIdentity.GetCurrent()
Console.WriteLine(mWI3.Name)
Console.WriteLine(mWI3.Token)
'Revert to previous identity.
mWIC.Undo()
Console.WriteLine("After impersonation is reverted:")
Dim mWI4 As WindowsIdentity = WindowsIdentity.GetCurrent()
Console.WriteLine(mWI4.Name)
Console.WriteLine(mWI4.Token)
End Sub
End Class
"Harold A. Mackey" <Click here to reveal e-mail address> wrote in message
news:uZ0EQU2eCHA.1992@tkmsftngp11...
[Original message clipped]
|
|
|
| |
|
|
| |
|
|
|
|
|
