FileCopy to a shared folder

[Guest]

When I try the following:

System.IO.File.Copy("C:\\test_read\\test.txt",
"\\\\192.168.0.5\\test_write\\test.txt", false)

I get an UnauthorizedAccessException.

I cannot however, seem to find out how to authorize the file copy (ie.
process the user/pass).

I'm sure there must be a way I can do this without resorting to writing a
server application that saves a transmitted file over tcp/ip to a local
folder...

Anyone?

 

[John Wood]

Try doing a "net use" on that UNC to see whether you have access to it
first.. also check write access. This is probably an issue with your NT user
permissions.

 

[Guest]

Sorry I should have elaborated first. The shared folder is located on a
Win2k3 server equipped with SQL server of which I am the administrator of.

Part of my solution for my client is for an application to upload documents
to the server as well as member information and other related data to the SQL
server. Without resorting to a server application, knowing that my clients
are not confident with more advanced technology (ie FTP), I figured use of a
secure shared folder to which my application will copy the documents to would
be the simplest solution in terms of both the client skill level and
development time.

However, appliaction programming in C#/.NET is new to me, and after
perusings System.IO and System.Security.Permissions I still can't seem to
find a way to request authentication from the server.

 

[Nick Malik [Microsoft]]

if you need to use credentials other than that of the person currently
logged in to the workstation, then you need to look at the
WindowsIdentity.Impersonate method
http://msdn.microsoft.com/library/e...ecurityprincipalwindowsidentityclasstopic.asp

HTH

--
--- Nick Malik [Microsoft]
MCSD, CFPS, Certified Scrummaster
http://blogs.msdn.com/nickmalik

Disclaimer: Opinions expressed in this forum are my own, and not
representative of my employer.
I do not answer questions on behalf of my employer. I'm just a
programmer helping programmers.
--

 

[Guest]

Thanks Nick, though I can see an issue with LogonUser in that it cannot
handle logins to remote computers, which is what I need.

It's the same situation as if you were on 192.168.0.45 and wanted to use the
uploads share of 192.168.0.2. Windows will prompt you for a password
(provided the policies are set as such) and if your authentication succeeds,
you'll be allowed to access it.

I need whatever function it is that sends this remote authentication request.

 

[Willy Denoyette [MVP]]

Thanks Nick, though I can see an issue with LogonUser in that it cannot
handle logins to remote computers, which is what I need.

It's the same situation as if you were on 192.168.0.45 and wanted to use
the
uploads share of 192.168.0.2. Windows will prompt you for a password
(provided the policies are set as such) and if your authentication
succeeds,
you'll be allowed to access it.

I need whatever function it is that sends this remote authentication
request.

"Nick Malik [Microsoft]" wrote:

No you don't need to "handle logins" to remote computers, what you need is a
"user token" that is valid to access a remote resource, and that is exactly
what LogonUser provides you.
Call LogonUser specifying explicit (cleartext) credentials of a remote (or
domain) account, if LogonUser succeeds you will get a token back that can be
used to impersonate the account when accessing the remote folder.
When running on XP or higher you can even get a token to access the network
only without touching the current token.

Willy.

 

[Guest]

Thanks Willy. I decided to continue pursuing this course.

However I'm still getting error 1326 (Logon failure: unknown user name or
bad password) even though I can go straight to start->run and type
\\ip.address or domain.name\share and be granted access after entering
"Administrator" and the password, so I know the share is working and I have
access to it.

Why then would LogonUser not recognise the password? Would it have something
to do with Active Directory? My workstation is not a part of the domain I'm
trying to access, and for all intents and purposes, the final system wont
necessarily be a domain controller or part of a domain, it's just a machine
on a network that I know the user/pass of.

So here is my LogonUser("Administrator", "192.168.0.5", "password", 8, 0,
out token);

I get a 1326 from that. Any ideas?

 

[Guest]

Interesting... I just used LOGON32_LOGON_NEW_CREDENTIALS (9) instead of
LOGON32_LOGON_NETWORK_CLEARTEXT (8) and go a security policy error "Unable to
impersonate user".

All I have to do now is find out how to allow impersonation in the domain
controller security policy :/

 

[Willy Denoyette [MVP]]

Thanks Willy. I decided to continue pursuing this course.

However I'm still getting error 1326 (Logon failure: unknown user name or
bad password) even though I can go straight to start->run and type
\\ip.address or domain.name\share and be granted access after entering
"Administrator" and the password, so I know the share is working and I
have
access to it.

Why then would LogonUser not recognise the password? Would it have
something
to do with Active Directory? My workstation is not a part of the domain
I'm
trying to access, and for all intents and purposes, the final system wont
necessarily be a domain controller or part of a domain, it's just a
machine
on a network that I know the user/pass of.

So here is my LogonUser("Administrator", "192.168.0.5", "password", 8, 0,
out token);

I get a 1326 from that. Any ideas?

1326 - Means that "administrator" and/or "password" is not valid on
192.168.0.5. Or simply the credentials supplied are not valid.
Could you post your code (or at least the LogonUser declaration and the
calling code part).

Willy.
PS. LogonUser has nothing to do with AD.

 

[Guest]

Ok, here is the code as it stands currently.
Note that "password" has been replaced for seurity reasons.
Also note that I'm using LOGON32_LOGON_NEW_CREDENTIALS (9) now which threw a
SecurityException "Unable to impersonate user" instead of
LOGON32_LOGON_NETWORK_CLEARTEXT (8) which gave the 1326.

private void button1_Click(object sender, System.EventArgs e)
{
int token;
WindowsIdentity wid_current = WindowsIdentity.GetCurrent();

kernel.LogonUser("Administrator", "192.168.0.5", "password", 9, 0, out token);
int ret = kernel.GetLastError();
if (ret != 0) { MessageBox.Show(ret.ToString(), "Error"); return; }

// Code after this doesn't get executed yet

IntPtr admin_token = new IntPtr(token);
WindowsIdentity wid_admin = new WindowsIdentity(admin_token);
WindowsImpersonationContext wic = wid_admin.Impersonate();

System.IO.File.Copy("C:\\test_read\\test.txt",
"\\\\192.168.0.5\\trent\\test.txt", true);
wic.Undo();
}

I would love to assume that I'm getting somewhere now that I'm getting a
securityexception.

Thanks for your help so far Willy.
BLiTZWiNG.

 

[Willy Denoyette [MVP]]

Ok, I see your mistake...

Never use this:
int ret = kernel.GetLastError();

use
int ret = Marshal.GetLastWin32Error()
and ONLY call it when LogonUser fails (returns 0), else you'll pick up
whatever last error was set (as you do).

[DllImport("advapi32.dll")]
public static extern int LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword,
int dwLogonType, int dwLogonProvider, outIntPtr phToken);

if(LogonUser(....) != 0)
{
}
else // LogonUser failed, get error number
{
int ret = Marshal.GetLastWin32Error() ;
....
}

Willy.

 

[Guest]

Ahh! It's been so long since I used functions like GetLastError...

Ok, now I'm getting the 126 error, even when I specifiy the full path to
advapi32.dll, or copy the file to the local working directory.

This looks like it should be a common error going by the docs actually
putting this error in...

Ok, I see your mistake...

Never use this:
int ret = kernel.GetLastError();

use
int ret = Marshal.GetLastWin32Error()
and ONLY call it when LogonUser fails (returns 0), else you'll pick up
whatever last error was set (as you do).

[DllImport("advapi32.dll")]
public static extern int LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword,
int dwLogonType, int dwLogonProvider, outIntPtr phToken);

if(LogonUser(....) != 0)
{
}
else // LogonUser failed, get error number
{
int ret = Marshal.GetLastWin32Error() ;
....
}

Willy.

Ok, here is the code as it stands currently.
Note that "password" has been replaced for seurity reasons.
Also note that I'm using LOGON32_LOGON_NEW_CREDENTIALS (9) now which threw
a
SecurityException "Unable to impersonate user" instead of
LOGON32_LOGON_NETWORK_CLEARTEXT (8) which gave the 1326.

private void button1_Click(object sender, System.EventArgs e)
{
int token;
WindowsIdentity wid_current = WindowsIdentity.GetCurrent();

kernel.LogonUser("Administrator", "192.168.0.5", "password", 9, 0, out
token);
int ret = kernel.GetLastError();
if (ret != 0) { MessageBox.Show(ret.ToString(), "Error"); return; }

// Code after this doesn't get executed yet

IntPtr admin_token = new IntPtr(token);
WindowsIdentity wid_admin = new WindowsIdentity(admin_token);
WindowsImpersonationContext wic = wid_admin.Impersonate();

System.IO.File.Copy("C:\\test_read\\test.txt",
"\\\\192.168.0.5\\trent\\test.txt", true);
wic.Undo();
}

I would love to assume that I'm getting somewhere now that I'm getting a
securityexception.

Thanks for your help so far Willy.
BLiTZWiNG.

 

[Willy Denoyette [MVP]]

Ahh! It's been so long since I used functions like GetLastError...

Ok, now I'm getting the 126 error, even when I specifiy the full path to
advapi32.dll, or copy the file to the local working directory.

This looks like it should be a common error going by the docs actually
putting this error in...

See my reply to another thread (LogonUser issues) you started.

Willy.