C# Service - authenticating to a network fileshare?

[Adam Clauss]

I have a C# service (running as Network Service account) that needs to
access a fileshare:
\\machinename\some\path

This file share requires me to login with certain credentials. How can I
specify these from the context of my application?

Thanks!

 

[Willy Denoyette [MVP]]

I have a C# service (running as Network Service account) that needs to
access a fileshare:
\\machinename\some\path

This file share requires me to login with certain credentials. How can I
specify these from the context of my application?

Thanks!

You have several options depending on the context.
If you are running on a member server in a AD domain, you can simply add the
"computer" name of the server running te service to the ACL of the shared
directory on the resource server.
Another option requires some PInvoke interop, you have to create a new logon
session token (by calling LogonUser()) in the service and use the obtained
token to impersonate the caller when accessing the remote resource.
Yet another option is to establish a "use record" from within the service by
calling Win32's API "NetUseAdd", following is a sample that illustrates this
last option.

[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
struct _USE_INFO_2
{
internal string ui2_local;
internal string ui2_remote;
internal IntPtr ui2_password; // don't pass a string or StringBuilder
here!!
internal uint ui2_status;
internal uint ui2_asg_type;
internal uint ui2_refcount;
internal uint ui2_usecount;
internal string ui2_username;
internal string ui2_domainname;
}
class WinNet
{
[DllImport("netapi32", CharSet=CharSet.Auto, SetLastError=true),
SuppressUnmanagedCodeSecurityAttribute]
static extern int NetUseAdd(
string UncServerName, // not used
int Level, // use info struct level 1 or 2
IntPtr Buf, // Buffer
ref int ParmError
);
const uint USE_WILDCARD = 0xFFFFFFFF;

// Establish a use record
public static void UseRecord(string resource, string user, string
password, string domain)
{
int ret = 0;
int paramError = 0;
_USE_INFO_2 use2 = new _USE_INFO_2();
IntPtr pBuf = IntPtr.Zero;
use2.ui2_password = IntPtr.Zero;
try
{
pBuf = Marshal.AllocHGlobal(Marshal.SizeOf(use2));
use2.ui2_local = null;
use2.ui2_asg_type = USE_WILDCARD;
use2.ui2_remote = resource;
use2.ui2_password = Marshal.StringToHGlobalAuto(password);
use2.ui2_username = user;
use2.ui2_domainname = domain;
Marshal.StructureToPtr(use2, pBuf, true);
ret = NetUseAdd(null, 2, pBuf, ref paramError);
if(ret != 0)
{
throw new Exception(new
Win32Exception(Marshal.GetLastWin32Error()).Message);
}
}
finally
{
Marshal.FreeHGlobal(use2.ui2_password);
Marshal.FreeHGlobal(pBuf);
}
}
}

//usage...
WinNet.UseRecord("\\\\servername\\share", "useraccount", "hispasswd",
"domainname");

Note that it's recommended to delete the session, by calling NetUseDel(),
when you are done with it.


Willy.

 

[Inez Korczynski]

I have a C# service (running as Network Service account) that needs to
access a fileshare:
\\machinename\some\path

This file share requires me to login with certain credentials. How can I
specify these from the context of my application?

Thanks!

Hey, did you find and solve for that? I am looking for that too.

 

[Adam Clauss]

Check out the other reply to my message.

 

[Adam Clauss]

Thanks!

--
Adam Clauss

I have a C# service (running as Network Service account) that needs to
access a fileshare:
\\machinename\some\path

This file share requires me to login with certain credentials. How can I
specify these from the context of my application?

Thanks!

You have several options depending on the context.
If you are running on a member server in a AD domain, you can simply add
the "computer" name of the server running te service to the ACL of the
shared directory on the resource server.
Another option requires some PInvoke interop, you have to create a new
logon session token (by calling LogonUser()) in the service and use the
obtained token to impersonate the caller when accessing the remote
resource.
Yet another option is to establish a "use record" from within the service
by calling Win32's API "NetUseAdd", following is a sample that illustrates
this last option.

[StructLayout(LayoutKind.Sequential,CharSet=CharSet.Auto)]
struct _USE_INFO_2
{
internal string ui2_local;
internal string ui2_remote;
internal IntPtr ui2_password; // don't pass a string or StringBuilder
here!!
internal uint ui2_status;
internal uint ui2_asg_type;
internal uint ui2_refcount;
internal uint ui2_usecount;
internal string ui2_username;
internal string ui2_domainname;
}
class WinNet
{
[DllImport("netapi32", CharSet=CharSet.Auto, SetLastError=true),
SuppressUnmanagedCodeSecurityAttribute]
static extern int NetUseAdd(
string UncServerName, // not used
int Level, // use info struct level 1 or 2
IntPtr Buf, // Buffer
ref int ParmError
);
const uint USE_WILDCARD = 0xFFFFFFFF;

// Establish a use record
public static void UseRecord(string resource, string user, string
password, string domain)
{
int ret = 0;
int paramError = 0;
_USE_INFO_2 use2 = new _USE_INFO_2();
IntPtr pBuf = IntPtr.Zero;
use2.ui2_password = IntPtr.Zero;
try
{
pBuf = Marshal.AllocHGlobal(Marshal.SizeOf(use2));
use2.ui2_local = null;
use2.ui2_asg_type = USE_WILDCARD;
use2.ui2_remote = resource;
use2.ui2_password = Marshal.StringToHGlobalAuto(password);
use2.ui2_username = user;
use2.ui2_domainname = domain;
Marshal.StructureToPtr(use2, pBuf, true);
ret = NetUseAdd(null, 2, pBuf, ref paramError);
if(ret != 0)
{
throw new Exception(new
Win32Exception(Marshal.GetLastWin32Error()).Message);
}
}
finally
{
Marshal.FreeHGlobal(use2.ui2_password);
Marshal.FreeHGlobal(pBuf);
}
}
}

//usage...
WinNet.UseRecord("\\\\servername\\share", "useraccount", "hispasswd",
"domainname");

Note that it's recommended to delete the session, by calling NetUseDel(),
when you are done with it.


Willy.