Hello,
I am wondering if it is possible to create a networked application with C#
that is seen as a windows user. For example, if Bob logged onto windows and
then started the application, any access to the network made through the
application would be seen as 'C# application user' and not 'Bob'.
What I want to accomplish is to create an encrypted folder on a server where
files within the folder can be accessed through the application, but cannot
be browsed to and modified. It seems a bit of a hassle importing certificates
for each new user of the system.
Any thoughts?
Thanks in advance.
Pete
8  2732 
Pete,
The problem with this is that anyone who runs the application would have
access to the share. It's not a good way to protect the share.
What you should do is just have the share accessible to members of a
group, and then add/remove members from the group as you guys see fit.
That's the whole reason groups are there.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:E3**********************************@microsof t.com... Hello,
I am wondering if it is possible to create a networked application with C#
that is seen as a windows user. For example, if Bob logged onto windows
and
then started the application, any access to the network made through the
application would be seen as 'C# application user' and not 'Bob'.
What I want to accomplish is to create an encrypted folder on a server
where
files within the folder can be accessed through the application, but
cannot
be browsed to and modified. It seems a bit of a hassle importing
certificates
for each new user of the system.
Any thoughts?
Thanks in advance.
Pete
Thanks for the reply. The problem I have is that this application can be
used on different networks. So it requires a general solution that would
work in any case. I won't know anything about the rights/groups/users on the
network on which it is installed.
If the folder is encrypted and only the 'application user' can see it
transparently, it will allow the application to control the access to
reading/writing on the file.
Any thoughts?
Thanks again for the reply.
Pete
"Nicholas Paldino [.NET/C# MVP]" wrote: Pete,
The problem with this is that anyone who runs the application would have
access to the share. It's not a good way to protect the share.
What you should do is just have the share accessible to members of a
group, and then add/remove members from the group as you guys see fit.
That's the whole reason groups are there.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:E3**********************************@microsof t.com... Hello,
I am wondering if it is possible to create a networked application with C#
that is seen as a windows user. For example, if Bob logged onto windows
and
then started the application, any access to the network made through the
application would be seen as 'C# application user' and not 'Bob'.
What I want to accomplish is to create an encrypted folder on a server
where
files within the folder can be accessed through the application, but
cannot
be browsed to and modified. It seems a bit of a hassle importing
certificates
for each new user of the system.
Any thoughts?
Thanks in advance.
Pete
Have you looked at IsolatedStorage class? Perhaps you can use that?
Even if it has to work on different networks, if you had it run under a
well-known user, you couldn't tell a network admin on an arbitrary network
that he HAS to create a username with the user YOU want, with the password
YOU want. If you made this part configurable, you would have to encrypt the
credentials somewhere, and get the key from a secure store. Neither of
these is feasable in managed code, since resources (such as strings) are
easily obtained from the assemblies through tools like Reflector.
And even if you did solve all of this, it STILL requires interaction
from the network admin to set it up, which is what they would have to do
anyways in setting up the appropriate groups. Additionally, your design
suffers from the fact that ANYONE in the network can basically run this app
and access the directory through it, circumventing the whole point of having
the security in the first place.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:EE**********************************@microsof t.com... Thanks for the reply. The problem I have is that this application can be
used on different networks. So it requires a general solution that would
work in any case. I won't know anything about the rights/groups/users on
the
network on which it is installed.
If the folder is encrypted and only the 'application user' can see it
transparently, it will allow the application to control the access to
reading/writing on the file.
Any thoughts?
Thanks again for the reply.
Pete
"Nicholas Paldino [.NET/C# MVP]" wrote:
Pete,
The problem with this is that anyone who runs the application would
have
access to the share. It's not a good way to protect the share.
What you should do is just have the share accessible to members of a
group, and then add/remove members from the group as you guys see fit.
That's the whole reason groups are there.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:E3**********************************@microsof t.com... > Hello,
>
> I am wondering if it is possible to create a networked application with
> C#
> that is seen as a windows user. For example, if Bob logged onto
> windows
> and
> then started the application, any access to the network made through
> the
> application would be seen as 'C# application user' and not 'Bob'.
>
> What I want to accomplish is to create an encrypted folder on a server
> where
> files within the folder can be accessed through the application, but
> cannot
> be browsed to and modified. It seems a bit of a hassle importing
> certificates
> for each new user of the system.
>
> Any thoughts?
>
> Thanks in advance.
>
> Pete
Chris,
Thanks for the reply. It was a good thought but it looks to me as though
this class is still windows user dependent. If I am wrong let me know.
Thanks again
Pete
"Chris Dunaway" wrote: Have you looked at IsolatedStorage class? Perhaps you can use that?
Nicholas,
This is what I was trying to find out. I wanted to know if I could somehow
create a user on a network for the application to use and be recoginized as.
You seem to think I can't. Thanks for the input.
As for letting anyone see the documents through the application, that would
be fine. The whole point of encrypting the files would be to force the user
to interact with those files through the application. Additionally, I could
place restrictions on who could open them through the application if I
wished. I could store the file path in a database and restrict the access
there.
However, I'm still left with the same problem. I have a folder on an
arbitrary network to which I want the application to have access. I don't
want users to have the ability to browse to the files and alter them and I
don't want to bother network admins with setting permissions on that folder
for every new user. I'd like to do it all on the install.
If you have any ideas that would be great. Thanks.
Pete
"Nicholas Paldino [.NET/C# MVP]" wrote: Even if it has to work on different networks, if you had it run under a
well-known user, you couldn't tell a network admin on an arbitrary network
that he HAS to create a username with the user YOU want, with the password
YOU want. If you made this part configurable, you would have to encrypt the
credentials somewhere, and get the key from a secure store. Neither of
these is feasable in managed code, since resources (such as strings) are
easily obtained from the assemblies through tools like Reflector.
And even if you did solve all of this, it STILL requires interaction
from the network admin to set it up, which is what they would have to do
anyways in setting up the appropriate groups. Additionally, your design
suffers from the fact that ANYONE in the network can basically run this app
and access the directory through it, circumventing the whole point of having
the security in the first place.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:EE**********************************@microsof t.com... Thanks for the reply. The problem I have is that this application can be
used on different networks. So it requires a general solution that would
work in any case. I won't know anything about the rights/groups/users on
the
network on which it is installed.
If the folder is encrypted and only the 'application user' can see it
transparently, it will allow the application to control the access to
reading/writing on the file.
Any thoughts?
Thanks again for the reply.
Pete
"Nicholas Paldino [.NET/C# MVP]" wrote:
Pete,
The problem with this is that anyone who runs the application would
have
access to the share. It's not a good way to protect the share.
What you should do is just have the share accessible to members of a
group, and then add/remove members from the group as you guys see fit.
That's the whole reason groups are there.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:E3**********************************@microsof t.com...
> Hello,
>
> I am wondering if it is possible to create a networked application with
> C#
> that is seen as a windows user. For example, if Bob logged onto
> windows
> and
> then started the application, any access to the network made through
> the
> application would be seen as 'C# application user' and not 'Bob'.
>
> What I want to accomplish is to create an encrypted folder on a server
> where
> files within the folder can be accessed through the application, but
> cannot
> be browsed to and modified. It seems a bit of a hassle importing
> certificates
> for each new user of the system.
>
> Any thoughts?
>
> Thanks in advance.
>
> Pete
Pete,
See inline: This is what I was trying to find out. I wanted to know if I could
somehow
create a user on a network for the application to use and be recoginized
as.
You seem to think I can't. Thanks for the input.
Yes, you could, but it's a regular user, and you have the problem of
securing the credentials. How are you going to keep someone with a
disassembler from getting those credentials and then accessing the share?
As for letting anyone see the documents through the application, that
would
be fine. The whole point of encrypting the files would be to force the
user
to interact with those files through the application. Additionally, I
could
place restrictions on who could open them through the application if I
wished. I could store the file path in a database and restrict the access
there.
Again, if someone uses Reflector, they could see the credentials
embedded in the app (and if you encrypt them, they can find the key as well,
or how you access the key) and then modify the files outside of the app.
However, I'm still left with the same problem. I have a folder on an
arbitrary network to which I want the application to have access. I don't
want users to have the ability to browse to the files and alter them and I
don't want to bother network admins with setting permissions on that
folder
for every new user. I'd like to do it all on the install.
You will have to customize your install big time in order to do this.
What if someone has the network id of the user you want to create? You have
to allow the user to set that, and then have your app use that as well (in
addition to securing the credentials that are entered). A domain admin
would have to do the install as well, to create the user. The problem of
securing the credentials comes into play again.
I think your best bet here is to have a process running on the server
which exposes methods to access the files, and not expose shares. Then, you
can secure access (by user/group, not your one user). This way, you don't
have to worry about arbitrary access to the files. Enterprise Services
would be perfect for this.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
If you have any ideas that would be great. Thanks.
Pete
"Nicholas Paldino [.NET/C# MVP]" wrote:
Even if it has to work on different networks, if you had it run under
a
well-known user, you couldn't tell a network admin on an arbitrary
network
that he HAS to create a username with the user YOU want, with the
password
YOU want. If you made this part configurable, you would have to encrypt
the
credentials somewhere, and get the key from a secure store. Neither of
these is feasable in managed code, since resources (such as strings) are
easily obtained from the assemblies through tools like Reflector.
And even if you did solve all of this, it STILL requires interaction
from the network admin to set it up, which is what they would have to do
anyways in setting up the appropriate groups. Additionally, your design
suffers from the fact that ANYONE in the network can basically run this
app
and access the directory through it, circumventing the whole point of
having
the security in the first place.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:EE**********************************@microsof t.com... > Thanks for the reply. The problem I have is that this application can
> be
> used on different networks. So it requires a general solution that
> would
> work in any case. I won't know anything about the rights/groups/users
> on
> the
> network on which it is installed.
>
> If the folder is encrypted and only the 'application user' can see it
> transparently, it will allow the application to control the access to
> reading/writing on the file.
>
> Any thoughts?
>
> Thanks again for the reply.
>
> Pete
>
>
>
> "Nicholas Paldino [.NET/C# MVP]" wrote:
>
>> Pete,
>>
>> The problem with this is that anyone who runs the application
>> would
>> have
>> access to the share. It's not a good way to protect the share.
>>
>> What you should do is just have the share accessible to members of
>> a
>> group, and then add/remove members from the group as you guys see fit.
>> That's the whole reason groups are there.
>>
>> Hope this helps.
>>
>>
>> --
>> - Nicholas Paldino [.NET/C# MVP]
>> - mv*@spam.guard.caspershouse.com
>>
>> "Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
>> news:E3**********************************@microsof t.com...
>> > Hello,
>> >
>> > I am wondering if it is possible to create a networked application
>> > with
>> > C#
>> > that is seen as a windows user. For example, if Bob logged onto
>> > windows
>> > and
>> > then started the application, any access to the network made through
>> > the
>> > application would be seen as 'C# application user' and not 'Bob'.
>> >
>> > What I want to accomplish is to create an encrypted folder on a
>> > server
>> > where
>> > files within the folder can be accessed through the application, but
>> > cannot
>> > be browsed to and modified. It seems a bit of a hassle importing
>> > certificates
>> > for each new user of the system.
>> >
>> > Any thoughts?
>> >
>> > Thanks in advance.
>> >
>> > Pete
>>
>>
>>
Nicholas,
Thanks for the reply. You said "I think your best bet here is to have a
process running on the server which exposes methods to access the files, and
not expose shares" It sounds to me like what you're saying is that I can
create a folder on a network that is not visible to windows users but can be
accessed through the application. Is this correct? If so, do you have any
links that could show me how to "not expose shares" like you say?
I read a bit about the Enterprise Services and there is a lot of good
information. However I can't help but think there is a less complicated
solution. I could be very wrong, but wanting a folder that is only
accessible through an application doesn't sound like a large request. I can
store the file paths in the DB and grant or deny access to the file paths
through the db roles.
I appreciate all your help. Thanks again.
Pete
"Nicholas Paldino [.NET/C# MVP]" wrote: Pete,
See inline:
This is what I was trying to find out. I wanted to know if I could
somehow
create a user on a network for the application to use and be recoginized
as.
You seem to think I can't. Thanks for the input.
Yes, you could, but it's a regular user, and you have the problem of
securing the credentials. How are you going to keep someone with a
disassembler from getting those credentials and then accessing the share?
As for letting anyone see the documents through the application, that
would
be fine. The whole point of encrypting the files would be to force the
user
to interact with those files through the application. Additionally, I
could
place restrictions on who could open them through the application if I
wished. I could store the file path in a database and restrict the access
there.
Again, if someone uses Reflector, they could see the credentials
embedded in the app (and if you encrypt them, they can find the key as well,
or how you access the key) and then modify the files outside of the app.
However, I'm still left with the same problem. I have a folder on an
arbitrary network to which I want the application to have access. I don't
want users to have the ability to browse to the files and alter them and I
don't want to bother network admins with setting permissions on that
folder
for every new user. I'd like to do it all on the install.
You will have to customize your install big time in order to do this.
What if someone has the network id of the user you want to create? You have
to allow the user to set that, and then have your app use that as well (in
addition to securing the credentials that are entered). A domain admin
would have to do the install as well, to create the user. The problem of
securing the credentials comes into play again.
I think your best bet here is to have a process running on the server
which exposes methods to access the files, and not expose shares. Then, you
can secure access (by user/group, not your one user). This way, you don't
have to worry about arbitrary access to the files. Enterprise Services
would be perfect for this.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
If you have any ideas that would be great. Thanks.
Pete
"Nicholas Paldino [.NET/C# MVP]" wrote:
Even if it has to work on different networks, if you had it run under
a
well-known user, you couldn't tell a network admin on an arbitrary
network
that he HAS to create a username with the user YOU want, with the
password
YOU want. If you made this part configurable, you would have to encrypt
the
credentials somewhere, and get the key from a secure store. Neither of
these is feasable in managed code, since resources (such as strings) are
easily obtained from the assemblies through tools like Reflector.
And even if you did solve all of this, it STILL requires interaction
from the network admin to set it up, which is what they would have to do
anyways in setting up the appropriate groups. Additionally, your design
suffers from the fact that ANYONE in the network can basically run this
app
and access the directory through it, circumventing the whole point of
having
the security in the first place.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:EE**********************************@microsof t.com...
> Thanks for the reply. The problem I have is that this application can
> be
> used on different networks. So it requires a general solution that
> would
> work in any case. I won't know anything about the rights/groups/users
> on
> the
> network on which it is installed.
>
> If the folder is encrypted and only the 'application user' can see it
> transparently, it will allow the application to control the access to
> reading/writing on the file.
>
> Any thoughts?
>
> Thanks again for the reply.
>
> Pete
>
>
>
> "Nicholas Paldino [.NET/C# MVP]" wrote:
>
>> Pete,
>>
>> The problem with this is that anyone who runs the application
>> would
>> have
>> access to the share. It's not a good way to protect the share.
>>
>> What you should do is just have the share accessible to members of
>> a
>> group, and then add/remove members from the group as you guys see fit.
>> That's the whole reason groups are there.
>>
>> Hope this helps.
>>
>>
>> --
>> - Nicholas Paldino [.NET/C# MVP]
>> - mv*@spam.guard.caspershouse.com
>>
>> "Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
>> news:E3**********************************@microsof t.com...
>> > Hello,
>> >
>> > I am wondering if it is possible to create a networked application
>> > with
>> > C#
>> > that is seen as a windows user. For example, if Bob logged onto
>> > windows
>> > and
>> > then started the application, any access to the network made through
>> > the
>> > application would be seen as 'C# application user' and not 'Bob'.
>> >
>> > What I want to accomplish is to create an encrypted folder on a
>> > server
>> > where
>> > files within the folder can be accessed through the application, but
>> > cannot
>> > be browsed to and modified. It seems a bit of a hassle importing
>> > certificates
>> > for each new user of the system.
>> >
>> > Any thoughts?
>> >
>> > Thanks in advance.
>> >
>> > Pete
>>
>>
>>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Keith Jakobs, MCP |
last post by:
Greetings:
I had seen several posts around the Internet about this issue from a few
months back, but have been unable to find a resolution ...
I have a user who is trying to get started with...
|
by: deploying visual basic .net application |
last post by:
Hi There,
I'm trying to create a setup for a Windows application to install my
application I developed using Visual basic .net. I'm using Visual Studio .net
Professional. When I use the Set up...
|
by: 3f |
last post by:
Hello;
We have made a web application that people can download from our web site
and installed on:
Windows XP
Windows 2000 Professional
Windows 2003 Server
Windows 2000 Server
|
by: Nou Dadoun |
last post by:
I'm currently developing an application in C++/MFC (Visual Studio 6,
if that makes a difference) and I'd like to avoid the Windows style UI
widgets and dialogs if at all possible.
In fact, what...
|
by: Sushil Srivastava |
last post by:
Hi Guys,
Would you be able to help me using C# GUI (with user interface component) in
my MFC application. I have used managed extension, COM-interops, etc but
problem is this C# component has...
|
by: Wiktor Zychla |
last post by:
Hello,
after several investigations around ASP.NET, I would like to ask about
the best practices for building a secure database application.
suppose I wish to use Forms authentication in...
|
by: Michael Glaesemann |
last post by:
Hello all,
Recently I've been thinking about different methods of managing users
that log into a PostgreSQL-backed application. The users I'm thinking
of are not necessarily DBAs: they're...
|
by: Dinsdale |
last post by:
I'm looking at adding scheduling features to an application and I
wanted to ask the community about any experience with scheduling
components, either open source like from code project or from a...
|
by: oliverleach |
last post by:
Hi,
Firstly I am not a programmer. I'm a support engineer implementing
technical projects.
I have a question which hopefully someone will be able to help answer
this for me. We are using a...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
