Winforms App local server login issue

Question

0.00/5 (No votes)

See more:

, +

Hi
I have a app that copies files to a different machine on our network. It's a simple XP machine we use for daily backups. However, you need to login to the machine before you can do anything. So the app doesn't work unless I first open a shared folder with Explorer on the backup PC and enter my logon details. Once I've logged onto the Backup PC, the app runs fine. But if I don't logon first, the app throws an exception stating that it can't access the destination folder.

Now I can't seem to find a way to add network credentials to the copy process, so I figured I need to give it to the app somehow??

I want to avoid having to setup a FTP server as I feel it's unnecessary for something that should be relatively simple.

So I need my app to "login" to the Backup PC before it tries to copy the files.

Any help would be appreciated.
Thanks

Posted 14-Oct-10 21:11pm

NeCroFire

Updated 14-Oct-10 21:12pm

v2

Add a Solution

4 solutions

Solution 2

How is your application being run? Is it under windows scheduler or something?

Say it's running under scheduler, you can define a set of credentials at this point. This will form the security context that the application will run under.

Now check your backup machine. Go to 'Manage my Computer' and check under groups \ users. The security context you're using when running your program (e.g MYDOMAIN\AUser) needs to be granted access so that it has rights to the machine.

If all that is OK, you won't need 'log on' via explorer. Windows will negotiate this for you and determine that your program has rights to the machine and allow access.

Don't forget to use full UNC rather than shared drive names which are specific to user profiles. So instead of using

F:\BackupFolder\

Use something like

\\BackupMachineName\c$\BackupFolder\

You can try setting the thread to the current windows principal, have this happen right at the start of your program

You'll need using System.Security.Principal; and using System.Threading;

WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);

Thread.CurrentPrincipal = principal;

If you're running this within a domain, you should be able to access the other machine no probs.

Can you confirm this?

Posted 15-Oct-10 2:07am

Dylan Morley

Updated 15-Oct-10 3:42am

v4

Comments

NeCroFire 15-Oct-10 11:38am

WindowsIdentity does not work. The error now get though says that it's a bad username or password.

We use one of the Backup PC's local users to login to the machine. So if there is a a User1 on the Backup PC, we will use that with it's correlating password.

Is there any way to specify a username and password for WindowsIdentity??

Dylan Morley 15-Oct-10 11:58am

OK that makes sense, the account you are running the program under probably doesn't have rights to access the backup machine.

Any reason why you have to run as a local user + password from the backup machine?

If not, just add the account you run the program as to a group on the backup machine, 'Users' or 'Power Users' should do it. So if you sign into your domain as MyDomain\AUser, just add that to the group.

This approach is better since you won't need to store credentials in config files. Access to the machine is controller by domain account \ local group.

You can simply add other users into the group & they will also be able to run the program.

If you have any password rotation policies enforced on your domain, it means this is all handled automatically.

NeCroFire 19-Oct-10 2:57am

I guess I'll do that then as I can't find a solution anywhere. We are a very small business and we have a straight forward simple LAN merely to have access to the Backup/File server (Which is actually just a normal XP pro machine). We simply don't need anything more then that. So specifying a username + pass in the app would have been the simplest solution, but I guess not.

It's quite silly actually. I mean, If you wrote a browser app like Explorer, how would you specify a username + pass when you try and access a PC on your LAN??

Dylan Morley 19-Oct-10 4:06am

See my other answer below, hth

Solution 3

It's a normal winforms app that will do a simple copy of files to the shared folder on the backup PC on a button click.

I have the same problem whether I use a mapped drive or full UNC.

If you were to write a file browser app (Something like Total Commander, or a simple replacement app for explorer), how would you have it authenticate before connecting to a shared folder on another PC?

I forgot to add to the first post that I'm working with C# and .NET 3.5 SP1

Posted 15-Oct-10 2:32am

NeCroFire

v2

Comments

Dylan Morley 15-Oct-10 9:40am

See my edit with code snippet. Add comments to the answer rather than submitting answers.

Solution 1

Please read this

http://technet.microsoft.com/hi-in/library/ee156604%28en-us%29.aspx[^]

Posted 15-Oct-10 2:06am

RDBurmon

Comments

RDBurmon 21-Oct-10 9:05am

did you read this post ?

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dylan Morley · Accepted Answer · 2010-10-18T22:06:00

Solution 4

OK sure, I was coming at this from a Domain perspective & I always try to keep security functionality within groups where possible.

Maybe have a look into Impersonation

This is using API calls, but should demonstrate the technique for performing a programmatic logon as a user.

http://www.codeproject.com/KB/cs/cpimpersonation1.aspx[^]

http://www.codeproject.com/KB/cs/zetaimpersonator[^]

This should allow you to take on the security context of another user profile (your local XP machine account) and accessing the resources.

Posted 18-Oct-10 22:06pm

Dylan Morley

Comments

NeCroFire 20-Oct-10 5:08am

That worked. Thanks. I did have to set LOGON32_LOGON_INTERACTIVE = 9 to get it to work with the server name instead of a domain name.

However, I now have a new problem. If I run LogonUser then all my FolderBrowseDialogs stop working like they should. Now I only have access to folders in the specified RootFolder of the Dialog. By default I have access to everything. One could even browse through the dialog to other PC's on the network, but not if I run LogonUser.

It would have been fine if Microsoft added a All(or something similar) option to the list of RootFolders that you could choose from in design view. But noOooOOo... now I have to alternate between the default Identity and the Backup PC's Identity to get the result I want or write my own folder browser dialog.

Is there someone at Microsoft whose sole purpose is to think of ways to annoy developers?? Who decided that if the Identity of a app is anything other than Default, the folderbrowsedialog will then only have limited function. And who is the Supervisor/Manager/Project Leader who said: "Yes, this is a good idea.". How long that meeting must have been...

Dylan Morley 20-Oct-10 5:19am

Yeah, because as soon as you run LogonUser you are now running within the security context of that user account which probably has extremely limited access within your LAN

Did you look at the 2nd link for 'Zeta Impersonator'?

http://www.codeproject.com/KB/cs/zetaimpersonator.aspx

I think this wraps everything up in a using block so it's kind of...

using (NewSecurityContext context(username, password, domain))
{
// Do something under the new security context....e.g - copy files to backup machine
}
// Exiting the using block reverts to default security context, so you have all of your account rights again.

NeCroFire 20-Oct-10 6:31am

I can't access the 'Zeta Impersonator' link. It says Directory listing denied. But I just notices the '.aspx' was missing from the end of link. That might work for what I want to do. Will give it a go.

Thanks

NeCroFire 20-Oct-10 6:53am

It worked! Just finished testing. What a mission though. Anyway, I'm just glad I got it working now.

Thanks