By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,611 Members | 1,642 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,611 IT Pros & Developers. It's quick & easy.

C# application seen as a Windows user....

P: n/a
Hello,

I am wondering if it is possible to create a networked application with C#
that is seen as a windows user. For example, if Bob logged onto windows and
then started the application, any access to the network made through the
application would be seen as 'C# application user' and not 'Bob'.

What I want to accomplish is to create an encrypted folder on a server where
files within the folder can be accessed through the application, but cannot
be browsed to and modified. It seems a bit of a hassle importing certificates
for each new user of the system.

Any thoughts?

Thanks in advance.

Pete
Nov 17 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
Pete,

The problem with this is that anyone who runs the application would have
access to the share. It's not a good way to protect the share.

What you should do is just have the share accessible to members of a
group, and then add/remove members from the group as you guys see fit.
That's the whole reason groups are there.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:E3**********************************@microsof t.com...
Hello,

I am wondering if it is possible to create a networked application with C#
that is seen as a windows user. For example, if Bob logged onto windows
and
then started the application, any access to the network made through the
application would be seen as 'C# application user' and not 'Bob'.

What I want to accomplish is to create an encrypted folder on a server
where
files within the folder can be accessed through the application, but
cannot
be browsed to and modified. It seems a bit of a hassle importing
certificates
for each new user of the system.

Any thoughts?

Thanks in advance.

Pete

Nov 17 '05 #2

P: n/a
Thanks for the reply. The problem I have is that this application can be
used on different networks. So it requires a general solution that would
work in any case. I won't know anything about the rights/groups/users on the
network on which it is installed.

If the folder is encrypted and only the 'application user' can see it
transparently, it will allow the application to control the access to
reading/writing on the file.

Any thoughts?

Thanks again for the reply.

Pete

"Nicholas Paldino [.NET/C# MVP]" wrote:
Pete,

The problem with this is that anyone who runs the application would have
access to the share. It's not a good way to protect the share.

What you should do is just have the share accessible to members of a
group, and then add/remove members from the group as you guys see fit.
That's the whole reason groups are there.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:E3**********************************@microsof t.com...
Hello,

I am wondering if it is possible to create a networked application with C#
that is seen as a windows user. For example, if Bob logged onto windows
and
then started the application, any access to the network made through the
application would be seen as 'C# application user' and not 'Bob'.

What I want to accomplish is to create an encrypted folder on a server
where
files within the folder can be accessed through the application, but
cannot
be browsed to and modified. It seems a bit of a hassle importing
certificates
for each new user of the system.

Any thoughts?

Thanks in advance.

Pete


Nov 17 '05 #3

P: n/a
Have you looked at IsolatedStorage class? Perhaps you can use that?

Nov 17 '05 #4

P: n/a
Even if it has to work on different networks, if you had it run under a
well-known user, you couldn't tell a network admin on an arbitrary network
that he HAS to create a username with the user YOU want, with the password
YOU want. If you made this part configurable, you would have to encrypt the
credentials somewhere, and get the key from a secure store. Neither of
these is feasable in managed code, since resources (such as strings) are
easily obtained from the assemblies through tools like Reflector.

And even if you did solve all of this, it STILL requires interaction
from the network admin to set it up, which is what they would have to do
anyways in setting up the appropriate groups. Additionally, your design
suffers from the fact that ANYONE in the network can basically run this app
and access the directory through it, circumventing the whole point of having
the security in the first place.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:EE**********************************@microsof t.com...
Thanks for the reply. The problem I have is that this application can be
used on different networks. So it requires a general solution that would
work in any case. I won't know anything about the rights/groups/users on
the
network on which it is installed.

If the folder is encrypted and only the 'application user' can see it
transparently, it will allow the application to control the access to
reading/writing on the file.

Any thoughts?

Thanks again for the reply.

Pete

"Nicholas Paldino [.NET/C# MVP]" wrote:
Pete,

The problem with this is that anyone who runs the application would
have
access to the share. It's not a good way to protect the share.

What you should do is just have the share accessible to members of a
group, and then add/remove members from the group as you guys see fit.
That's the whole reason groups are there.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:E3**********************************@microsof t.com...
> Hello,
>
> I am wondering if it is possible to create a networked application with
> C#
> that is seen as a windows user. For example, if Bob logged onto
> windows
> and
> then started the application, any access to the network made through
> the
> application would be seen as 'C# application user' and not 'Bob'.
>
> What I want to accomplish is to create an encrypted folder on a server
> where
> files within the folder can be accessed through the application, but
> cannot
> be browsed to and modified. It seems a bit of a hassle importing
> certificates
> for each new user of the system.
>
> Any thoughts?
>
> Thanks in advance.
>
> Pete


Nov 17 '05 #5

P: n/a
Chris,

Thanks for the reply. It was a good thought but it looks to me as though
this class is still windows user dependent. If I am wrong let me know.

Thanks again

Pete

"Chris Dunaway" wrote:
Have you looked at IsolatedStorage class? Perhaps you can use that?

Nov 17 '05 #6

P: n/a
Nicholas,

This is what I was trying to find out. I wanted to know if I could somehow
create a user on a network for the application to use and be recoginized as.
You seem to think I can't. Thanks for the input.

As for letting anyone see the documents through the application, that would
be fine. The whole point of encrypting the files would be to force the user
to interact with those files through the application. Additionally, I could
place restrictions on who could open them through the application if I
wished. I could store the file path in a database and restrict the access
there.

However, I'm still left with the same problem. I have a folder on an
arbitrary network to which I want the application to have access. I don't
want users to have the ability to browse to the files and alter them and I
don't want to bother network admins with setting permissions on that folder
for every new user. I'd like to do it all on the install.

If you have any ideas that would be great. Thanks.

Pete

"Nicholas Paldino [.NET/C# MVP]" wrote:
Even if it has to work on different networks, if you had it run under a
well-known user, you couldn't tell a network admin on an arbitrary network
that he HAS to create a username with the user YOU want, with the password
YOU want. If you made this part configurable, you would have to encrypt the
credentials somewhere, and get the key from a secure store. Neither of
these is feasable in managed code, since resources (such as strings) are
easily obtained from the assemblies through tools like Reflector.

And even if you did solve all of this, it STILL requires interaction
from the network admin to set it up, which is what they would have to do
anyways in setting up the appropriate groups. Additionally, your design
suffers from the fact that ANYONE in the network can basically run this app
and access the directory through it, circumventing the whole point of having
the security in the first place.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:EE**********************************@microsof t.com...
Thanks for the reply. The problem I have is that this application can be
used on different networks. So it requires a general solution that would
work in any case. I won't know anything about the rights/groups/users on
the
network on which it is installed.

If the folder is encrypted and only the 'application user' can see it
transparently, it will allow the application to control the access to
reading/writing on the file.

Any thoughts?

Thanks again for the reply.

Pete

"Nicholas Paldino [.NET/C# MVP]" wrote:
Pete,

The problem with this is that anyone who runs the application would
have
access to the share. It's not a good way to protect the share.

What you should do is just have the share accessible to members of a
group, and then add/remove members from the group as you guys see fit.
That's the whole reason groups are there.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:E3**********************************@microsof t.com...
> Hello,
>
> I am wondering if it is possible to create a networked application with
> C#
> that is seen as a windows user. For example, if Bob logged onto
> windows
> and
> then started the application, any access to the network made through
> the
> application would be seen as 'C# application user' and not 'Bob'.
>
> What I want to accomplish is to create an encrypted folder on a server
> where
> files within the folder can be accessed through the application, but
> cannot
> be browsed to and modified. It seems a bit of a hassle importing
> certificates
> for each new user of the system.
>
> Any thoughts?
>
> Thanks in advance.
>
> Pete


Nov 17 '05 #7

P: n/a
Pete,

See inline:
This is what I was trying to find out. I wanted to know if I could
somehow
create a user on a network for the application to use and be recoginized
as.
You seem to think I can't. Thanks for the input.
Yes, you could, but it's a regular user, and you have the problem of
securing the credentials. How are you going to keep someone with a
disassembler from getting those credentials and then accessing the share?
As for letting anyone see the documents through the application, that
would
be fine. The whole point of encrypting the files would be to force the
user
to interact with those files through the application. Additionally, I
could
place restrictions on who could open them through the application if I
wished. I could store the file path in a database and restrict the access
there.
Again, if someone uses Reflector, they could see the credentials
embedded in the app (and if you encrypt them, they can find the key as well,
or how you access the key) and then modify the files outside of the app.
However, I'm still left with the same problem. I have a folder on an
arbitrary network to which I want the application to have access. I don't
want users to have the ability to browse to the files and alter them and I
don't want to bother network admins with setting permissions on that
folder
for every new user. I'd like to do it all on the install.
You will have to customize your install big time in order to do this.
What if someone has the network id of the user you want to create? You have
to allow the user to set that, and then have your app use that as well (in
addition to securing the credentials that are entered). A domain admin
would have to do the install as well, to create the user. The problem of
securing the credentials comes into play again.

I think your best bet here is to have a process running on the server
which exposes methods to access the files, and not expose shares. Then, you
can secure access (by user/group, not your one user). This way, you don't
have to worry about arbitrary access to the files. Enterprise Services
would be perfect for this.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
If you have any ideas that would be great. Thanks.

Pete

"Nicholas Paldino [.NET/C# MVP]" wrote:
Even if it has to work on different networks, if you had it run under
a
well-known user, you couldn't tell a network admin on an arbitrary
network
that he HAS to create a username with the user YOU want, with the
password
YOU want. If you made this part configurable, you would have to encrypt
the
credentials somewhere, and get the key from a secure store. Neither of
these is feasable in managed code, since resources (such as strings) are
easily obtained from the assemblies through tools like Reflector.

And even if you did solve all of this, it STILL requires interaction
from the network admin to set it up, which is what they would have to do
anyways in setting up the appropriate groups. Additionally, your design
suffers from the fact that ANYONE in the network can basically run this
app
and access the directory through it, circumventing the whole point of
having
the security in the first place.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:EE**********************************@microsof t.com...
> Thanks for the reply. The problem I have is that this application can
> be
> used on different networks. So it requires a general solution that
> would
> work in any case. I won't know anything about the rights/groups/users
> on
> the
> network on which it is installed.
>
> If the folder is encrypted and only the 'application user' can see it
> transparently, it will allow the application to control the access to
> reading/writing on the file.
>
> Any thoughts?
>
> Thanks again for the reply.
>
> Pete
>
>
>
> "Nicholas Paldino [.NET/C# MVP]" wrote:
>
>> Pete,
>>
>> The problem with this is that anyone who runs the application
>> would
>> have
>> access to the share. It's not a good way to protect the share.
>>
>> What you should do is just have the share accessible to members of
>> a
>> group, and then add/remove members from the group as you guys see fit.
>> That's the whole reason groups are there.
>>
>> Hope this helps.
>>
>>
>> --
>> - Nicholas Paldino [.NET/C# MVP]
>> - mv*@spam.guard.caspershouse.com
>>
>> "Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
>> news:E3**********************************@microsof t.com...
>> > Hello,
>> >
>> > I am wondering if it is possible to create a networked application
>> > with
>> > C#
>> > that is seen as a windows user. For example, if Bob logged onto
>> > windows
>> > and
>> > then started the application, any access to the network made through
>> > the
>> > application would be seen as 'C# application user' and not 'Bob'.
>> >
>> > What I want to accomplish is to create an encrypted folder on a
>> > server
>> > where
>> > files within the folder can be accessed through the application, but
>> > cannot
>> > be browsed to and modified. It seems a bit of a hassle importing
>> > certificates
>> > for each new user of the system.
>> >
>> > Any thoughts?
>> >
>> > Thanks in advance.
>> >
>> > Pete
>>
>>
>>


Nov 17 '05 #8

P: n/a
Nicholas,

Thanks for the reply. You said "I think your best bet here is to have a
process running on the server which exposes methods to access the files, and
not expose shares" It sounds to me like what you're saying is that I can
create a folder on a network that is not visible to windows users but can be
accessed through the application. Is this correct? If so, do you have any
links that could show me how to "not expose shares" like you say?

I read a bit about the Enterprise Services and there is a lot of good
information. However I can't help but think there is a less complicated
solution. I could be very wrong, but wanting a folder that is only
accessible through an application doesn't sound like a large request. I can
store the file paths in the DB and grant or deny access to the file paths
through the db roles.

I appreciate all your help. Thanks again.

Pete

"Nicholas Paldino [.NET/C# MVP]" wrote:
Pete,

See inline:
This is what I was trying to find out. I wanted to know if I could
somehow
create a user on a network for the application to use and be recoginized
as.
You seem to think I can't. Thanks for the input.


Yes, you could, but it's a regular user, and you have the problem of
securing the credentials. How are you going to keep someone with a
disassembler from getting those credentials and then accessing the share?
As for letting anyone see the documents through the application, that
would
be fine. The whole point of encrypting the files would be to force the
user
to interact with those files through the application. Additionally, I
could
place restrictions on who could open them through the application if I
wished. I could store the file path in a database and restrict the access
there.


Again, if someone uses Reflector, they could see the credentials
embedded in the app (and if you encrypt them, they can find the key as well,
or how you access the key) and then modify the files outside of the app.
However, I'm still left with the same problem. I have a folder on an
arbitrary network to which I want the application to have access. I don't
want users to have the ability to browse to the files and alter them and I
don't want to bother network admins with setting permissions on that
folder
for every new user. I'd like to do it all on the install.


You will have to customize your install big time in order to do this.
What if someone has the network id of the user you want to create? You have
to allow the user to set that, and then have your app use that as well (in
addition to securing the credentials that are entered). A domain admin
would have to do the install as well, to create the user. The problem of
securing the credentials comes into play again.

I think your best bet here is to have a process running on the server
which exposes methods to access the files, and not expose shares. Then, you
can secure access (by user/group, not your one user). This way, you don't
have to worry about arbitrary access to the files. Enterprise Services
would be perfect for this.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
If you have any ideas that would be great. Thanks.

Pete

"Nicholas Paldino [.NET/C# MVP]" wrote:
Even if it has to work on different networks, if you had it run under
a
well-known user, you couldn't tell a network admin on an arbitrary
network
that he HAS to create a username with the user YOU want, with the
password
YOU want. If you made this part configurable, you would have to encrypt
the
credentials somewhere, and get the key from a secure store. Neither of
these is feasable in managed code, since resources (such as strings) are
easily obtained from the assemblies through tools like Reflector.

And even if you did solve all of this, it STILL requires interaction
from the network admin to set it up, which is what they would have to do
anyways in setting up the appropriate groups. Additionally, your design
suffers from the fact that ANYONE in the network can basically run this
app
and access the directory through it, circumventing the whole point of
having
the security in the first place.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
news:EE**********************************@microsof t.com...
> Thanks for the reply. The problem I have is that this application can
> be
> used on different networks. So it requires a general solution that
> would
> work in any case. I won't know anything about the rights/groups/users
> on
> the
> network on which it is installed.
>
> If the folder is encrypted and only the 'application user' can see it
> transparently, it will allow the application to control the access to
> reading/writing on the file.
>
> Any thoughts?
>
> Thanks again for the reply.
>
> Pete
>
>
>
> "Nicholas Paldino [.NET/C# MVP]" wrote:
>
>> Pete,
>>
>> The problem with this is that anyone who runs the application
>> would
>> have
>> access to the share. It's not a good way to protect the share.
>>
>> What you should do is just have the share accessible to members of
>> a
>> group, and then add/remove members from the group as you guys see fit.
>> That's the whole reason groups are there.
>>
>> Hope this helps.
>>
>>
>> --
>> - Nicholas Paldino [.NET/C# MVP]
>> - mv*@spam.guard.caspershouse.com
>>
>> "Pete Wittig" <Pe********@discussions.microsoft.com> wrote in message
>> news:E3**********************************@microsof t.com...
>> > Hello,
>> >
>> > I am wondering if it is possible to create a networked application
>> > with
>> > C#
>> > that is seen as a windows user. For example, if Bob logged onto
>> > windows
>> > and
>> > then started the application, any access to the network made through
>> > the
>> > application would be seen as 'C# application user' and not 'Bob'.
>> >
>> > What I want to accomplish is to create an encrypted folder on a
>> > server
>> > where
>> > files within the folder can be accessed through the application, but
>> > cannot
>> > be browsed to and modified. It seems a bit of a hassle importing
>> > certificates
>> > for each new user of the system.
>> >
>> > Any thoughts?
>> >
>> > Thanks in advance.
>> >
>> > Pete
>>
>>
>>


Nov 17 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.