471,325 Members | 1,233 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,325 software developers and data experts.

Impersonation for accessing network resources?

Hi

I have a small WinForms app that needs to copy files from a shared drive on
a network. If I connect to the mapped drive using Explorer, a password dialog
pops-up and I have to provide credentials with permission to access this
resource on the machine where it's hosted. This is once for each desktop
logon session (ie after every reboot). If I do this, my app can access the
network resource fine, but otherwise fails with permission errors.

As my app runs when Windows starts, I don't want to first connect to the
mapped drive each and every time.

I've found some C# code that allows me to impersonate a
domain/account/password context, but it won't work in the scenario I want. I
know the code works because it allows me to impersonate local accounts, just
not access the network resource. When run, the following error occurs:

"Error No: 1326 - Error: Logon failure: unknown user name or bad password."

However, I know the domain/account/password are all correct.

The code is based on Win32 API's LogonUser. Am I barking up the wrong tree?

Thanks

Ben

Dec 14 '05 #1
8 12667

"Ben Fidge" <Be******@discussions.microsoft.com> wrote in message
news:B0**********************************@microsof t.com...
Hi

I have a small WinForms app that needs to copy files from a shared drive
on
a network. If I connect to the mapped drive using Explorer, a password
dialog
pops-up and I have to provide credentials with permission to access this
resource on the machine where it's hosted. This is once for each desktop
logon session (ie after every reboot). If I do this, my app can access the
network resource fine, but otherwise fails with permission errors.

As my app runs when Windows starts, I don't want to first connect to the
mapped drive each and every time.

I've found some C# code that allows me to impersonate a
domain/account/password context, but it won't work in the scenario I want.
I
know the code works because it allows me to impersonate local accounts,
just
not access the network resource. When run, the following error occurs:

"Error No: 1326 - Error: Logon failure: unknown user name or bad
password."

However, I know the domain/account/password are all correct.

The code is based on Win32 API's LogonUser. Am I barking up the wrong
tree?

Thanks

Ben


If you call LogonUser you should specify the credentials of a valid user
that has appropriate privileges to access the remote server.
Willy.

Dec 14 '05 #2
Basically I've been using [domain]\Administrator and [password] the same as
I enter when I try to access the mapped drive from explorer. However it
works in explorer but not my app. However, if I first connect using
Explorer, I then don't need to use LogonUser. Strange!

Ben
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
news:Ob**************@tk2msftngp13.phx.gbl...

"Ben Fidge" <Be******@discussions.microsoft.com> wrote in message
news:B0**********************************@microsof t.com...
Hi

I have a small WinForms app that needs to copy files from a shared drive
on
a network. If I connect to the mapped drive using Explorer, a password
dialog
pops-up and I have to provide credentials with permission to access this
resource on the machine where it's hosted. This is once for each desktop
logon session (ie after every reboot). If I do this, my app can access
the
network resource fine, but otherwise fails with permission errors.

As my app runs when Windows starts, I don't want to first connect to the
mapped drive each and every time.

I've found some C# code that allows me to impersonate a
domain/account/password context, but it won't work in the scenario I
want. I
know the code works because it allows me to impersonate local accounts,
just
not access the network resource. When run, the following error occurs:

"Error No: 1326 - Error: Logon failure: unknown user name or bad
password."

However, I know the domain/account/password are all correct.

The code is based on Win32 API's LogonUser. Am I barking up the wrong
tree?

Thanks

Ben


If you call LogonUser you should specify the credentials of a valid user
that has appropriate privileges to access the remote server.
Willy.

Dec 15 '05 #3
Beware "domain\\Administrator" or @"domain\administrator" not
"domain\administrator".

Once you have a connected network session it remains valid for the whole
logon session, that is why you should create a session from your domain
logon (through a logon script) or from a batch file that runs when a user
logs on locally instead of impersonating in user applications.

Willy.

"Ben Fidge" <be*******@nospambtopenworld.com> wrote in message
news:%2***************@TK2MSFTNGP15.phx.gbl...
Basically I've been using [domain]\Administrator and [password] the same
as I enter when I try to access the mapped drive from explorer. However it
works in explorer but not my app. However, if I first connect using
Explorer, I then don't need to use LogonUser. Strange!

Ben
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
news:Ob**************@tk2msftngp13.phx.gbl...

"Ben Fidge" <Be******@discussions.microsoft.com> wrote in message
news:B0**********************************@microsof t.com...
Hi

I have a small WinForms app that needs to copy files from a shared drive
on
a network. If I connect to the mapped drive using Explorer, a password
dialog
pops-up and I have to provide credentials with permission to access this
resource on the machine where it's hosted. This is once for each desktop
logon session (ie after every reboot). If I do this, my app can access
the
network resource fine, but otherwise fails with permission errors.

As my app runs when Windows starts, I don't want to first connect to the
mapped drive each and every time.

I've found some C# code that allows me to impersonate a
domain/account/password context, but it won't work in the scenario I
want. I
know the code works because it allows me to impersonate local accounts,
just
not access the network resource. When run, the following error occurs:

"Error No: 1326 - Error: Logon failure: unknown user name or bad
password."

However, I know the domain/account/password are all correct.

The code is based on Win32 API's LogonUser. Am I barking up the wrong
tree?

Thanks

Ben


If you call LogonUser you should specify the credentials of a valid user
that has appropriate privileges to access the remote server.
Willy.


Dec 15 '05 #4
Hi Willy,

The domain, account and password are all entered via a Form and not
hard-coded. I've tried passing all three to LogonUser as seperate
parameters, to no avail. I've also tried leaving domain param empty (not
null though) and concatenating doman and account together and passing them
in the Account param.

Really starting to frustrate me now.

Ben

"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
news:eS**************@TK2MSFTNGP11.phx.gbl...
Beware "domain\\Administrator" or @"domain\administrator" not
"domain\administrator".

Once you have a connected network session it remains valid for the whole
logon session, that is why you should create a session from your domain
logon (through a logon script) or from a batch file that runs when a user
logs on locally instead of impersonating in user applications.

Willy.

"Ben Fidge" <be*******@nospambtopenworld.com> wrote in message
news:%2***************@TK2MSFTNGP15.phx.gbl...
Basically I've been using [domain]\Administrator and [password] the same
as I enter when I try to access the mapped drive from explorer. However
it works in explorer but not my app. However, if I first connect using
Explorer, I then don't need to use LogonUser. Strange!

Ben
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
news:Ob**************@tk2msftngp13.phx.gbl...

"Ben Fidge" <Be******@discussions.microsoft.com> wrote in message
news:B0**********************************@microsof t.com...
Hi

I have a small WinForms app that needs to copy files from a shared
drive on
a network. If I connect to the mapped drive using Explorer, a password
dialog
pops-up and I have to provide credentials with permission to access
this
resource on the machine where it's hosted. This is once for each
desktop
logon session (ie after every reboot). If I do this, my app can access
the
network resource fine, but otherwise fails with permission errors.

As my app runs when Windows starts, I don't want to first connect to
the
mapped drive each and every time.

I've found some C# code that allows me to impersonate a
domain/account/password context, but it won't work in the scenario I
want. I
know the code works because it allows me to impersonate local accounts,
just
not access the network resource. When run, the following error occurs:

"Error No: 1326 - Error: Logon failure: unknown user name or bad
password."

However, I know the domain/account/password are all correct.

The code is based on Win32 API's LogonUser. Am I barking up the wrong
tree?

Thanks

Ben
If you call LogonUser you should specify the credentials of a valid user
that has appropriate privileges to access the remote server.
Willy.



Dec 15 '05 #5

"Ben Fidge" <be*******@nospambtopenworld.com> wrote in message
news:eb**************@TK2MSFTNGP10.phx.gbl...
Hi Willy,

The domain, account and password are all entered via a Form and not
hard-coded. I've tried passing all three to LogonUser as seperate
parameters, to no avail. I've also tried leaving domain param empty (not
null though) and concatenating doman and account together and passing them
in the Account param.

Really starting to frustrate me now.

Ben


I understand your frustration, but you need to make sure that
- the user account string you pass to LogonUser() has the correct syntax,
that is, it should contain the accountname "accountname" or the
"account@domainname" in UPN format
- the domain name must refer to your account domain if the user name is NOT
in UPN format, else it must be null or . for local user accounts or the
remote machine name for non local/non domain accounts.
So in your case the call could look like :

LogonUser("Administrator", "YourDomainName", "YourAdminsPwd",...);

Willy.

Dec 15 '05 #6
Hi Willy,

Does LogonUser login the specified user into the local system only, or can
it be used to specify credentials when accessing a network resource. I've
tried everything you've suggested and it's occured to me that I'm trying to
provide credentials for the administrator account of the SERVER where my
files are located. I'm owrried I might actually be trying to logon to my
local machine using credentials it knows nothing about.

Ben

"Willy Denoyette [MVP]" wrote:

"Ben Fidge" <be*******@nospambtopenworld.com> wrote in message
news:eb**************@TK2MSFTNGP10.phx.gbl...
Hi Willy,

The domain, account and password are all entered via a Form and not
hard-coded. I've tried passing all three to LogonUser as seperate
parameters, to no avail. I've also tried leaving domain param empty (not
null though) and concatenating doman and account together and passing them
in the Account param.

Really starting to frustrate me now.

Ben


I understand your frustration, but you need to make sure that
- the user account string you pass to LogonUser() has the correct syntax,
that is, it should contain the accountname "accountname" or the
"account@domainname" in UPN format
- the domain name must refer to your account domain if the user name is NOT
in UPN format, else it must be null or . for local user accounts or the
remote machine name for non local/non domain accounts.
So in your case the call could look like :

LogonUser("Administrator", "YourDomainName", "YourAdminsPwd",...);

Willy.

Dec 16 '05 #7
Found it!!

First of all, I was assuming that LogonUser returned 0 (zero) on success,
wrongly. Secondly, I changed my code to use LOGON32_LOGON_NEW_CREDENTIALS
instead of LOGON32_LOGON_NETWORK, and it works a treat.

Thanks for your help Willy.

Ben

"Ben Fidge" wrote:
Hi Willy,

Does LogonUser login the specified user into the local system only, or can
it be used to specify credentials when accessing a network resource. I've
tried everything you've suggested and it's occured to me that I'm trying to
provide credentials for the administrator account of the SERVER where my
files are located. I'm owrried I might actually be trying to logon to my
local machine using credentials it knows nothing about.

Ben

"Willy Denoyette [MVP]" wrote:

"Ben Fidge" <be*******@nospambtopenworld.com> wrote in message
news:eb**************@TK2MSFTNGP10.phx.gbl...
Hi Willy,

The domain, account and password are all entered via a Form and not
hard-coded. I've tried passing all three to LogonUser as seperate
parameters, to no avail. I've also tried leaving domain param empty (not
null though) and concatenating doman and account together and passing them
in the Account param.

Really starting to frustrate me now.

Ben


I understand your frustration, but you need to make sure that
- the user account string you pass to LogonUser() has the correct syntax,
that is, it should contain the accountname "accountname" or the
"account@domainname" in UPN format
- the domain name must refer to your account domain if the user name is NOT
in UPN format, else it must be null or . for local user accounts or the
remote machine name for non local/non domain accounts.
So in your case the call could look like :

LogonUser("Administrator", "YourDomainName", "YourAdminsPwd",...);

Willy.

Dec 16 '05 #8
You should not use LOGON32_LOGON_NETWORK to obtain an access token to access
remote server resources when impersonating, this type of logon token has no
network access.
LOGON32_LOGON_NEW_CREDENTIALS (w2k and up) uses the supplied credentials to
access the remote server, while using your current logon token to access
local resources.

Willy.
"Ben Fidge" <Be******@discussions.microsoft.com> wrote in message
news:E6**********************************@microsof t.com...
Found it!!

First of all, I was assuming that LogonUser returned 0 (zero) on success,
wrongly. Secondly, I changed my code to use LOGON32_LOGON_NEW_CREDENTIALS
instead of LOGON32_LOGON_NETWORK, and it works a treat.

Thanks for your help Willy.

Ben

"Ben Fidge" wrote:
Hi Willy,

Does LogonUser login the specified user into the local system only, or
can
it be used to specify credentials when accessing a network resource. I've
tried everything you've suggested and it's occured to me that I'm trying
to
provide credentials for the administrator account of the SERVER where my
files are located. I'm owrried I might actually be trying to logon to my
local machine using credentials it knows nothing about.

Ben

"Willy Denoyette [MVP]" wrote:
>
> "Ben Fidge" <be*******@nospambtopenworld.com> wrote in message
> news:eb**************@TK2MSFTNGP10.phx.gbl...
> > Hi Willy,
> >
> > The domain, account and password are all entered via a Form and not
> > hard-coded. I've tried passing all three to LogonUser as seperate
> > parameters, to no avail. I've also tried leaving domain param empty
> > (not
> > null though) and concatenating doman and account together and passing
> > them
> > in the Account param.
> >
> > Really starting to frustrate me now.
> >
> > Ben
> >
>
> I understand your frustration, but you need to make sure that
> - the user account string you pass to LogonUser() has the correct
> syntax,
> that is, it should contain the accountname "accountname" or the
> "account@domainname" in UPN format
> - the domain name must refer to your account domain if the user name is
> NOT
> in UPN format, else it must be null or . for local user accounts or the
> remote machine name for non local/non domain accounts.
> So in your case the call could look like :
>
> LogonUser("Administrator", "YourDomainName", "YourAdminsPwd",...);
>
> Willy.
>
>
>
>

Dec 16 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

23 posts views Thread by Lamberti Fabrizio | last post: by
1 post views Thread by alojzy b | last post: by
1 post views Thread by mbah Sumani via .NET 247 | last post: by
1 post views Thread by Ganesh | last post: by
3 posts views Thread by utabintarbo | last post: by
4 posts views Thread by accyboy1981 | last post: by
reply views Thread by rosydwin | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.