Accessing another domain file system in C#

  • Thread starter Thread starter Daniel
  • Start date Start date
D

Daniel

If i log into my computer as domain A and user X and password Y but then I
need to give C# application access to domain B as user F and password G. Is
this possible? or do i have to log into the computer as domain B, user F and
password G in order for the application to have permissions to domain B? I
would like to stay logged in as domain A but just give my C# application
access to domain B. In my application I need file system access that users
of domain B have but from domain A. Is this possible to do programaticaly if
I have the user name and password to a domain B account?
 
Hi Daniel:

If the username and passwords on both domains match (X = F and Y = G),
you should be able to pull this off without doing anything special.

If not, you can temporarily impersonate the account on the second
domain with the WindowsIdentity class - the Impersonate method. On XP
and 2003 this is easy. On Win 2000 it is unfortunately difficult
because you need to hold a privilege reserved for the all powerful
SYSTEM account. A good rule of thumb is to avoid running under the
SYSTEM account.

Take care of the other password - don't leave it where someone can
find it. Keep it encrypted - use DPAPI if at all possible.

Hope this helps,
 
Thanks, the Impersonate worked and I can write files while impersonating.
However, CreateDirectory doesnt seem to work. I dont think this is related
to the security because CreateDirectory doesnt seem to work even if I am
logged in to a domain that has access to a network drive. For example, if i
call CreateDirectory(\\\\devDriveA\\foo\\bar\\a\\b\\c) and
\\devDriveA\foo\bar already exists then sub directories a\b\c do not get
created. When i use CreateDirectory on my own file system, e.g.
CreateDirectory("c:\\a\\b\\c"); it works fine. Is there something that i
must do to get CreateDirectory to work on network drives?
 
Hi Daniel:

That does seem odd, I just tested:

Directory.CreateDirectory(@"\\sql2005b2\wutemp\a\b");

in my environment and it created both a then b in the remote wutemp
directory. (Using \\\\sql2005b2\\wutemp\\a\\b works also).

Do you see any type of exception being thrown?
 
Thx Scott, u r d master.

Scott Allen said:
Hi Daniel:

If the username and passwords on both domains match (X = F and Y = G),
you should be able to pull this off without doing anything special.

If not, you can temporarily impersonate the account on the second
domain with the WindowsIdentity class - the Impersonate method. On XP
and 2003 this is easy. On Win 2000 it is unfortunately difficult
because you need to hold a privilege reserved for the all powerful
SYSTEM account. A good rule of thumb is to avoid running under the
SYSTEM account.

Take care of the other password - don't leave it where someone can
find it. Keep it encrypted - use DPAPI if at all possible.

Hope this helps,
Click to expand...
 
Back
Top