Hi,
Does anyone know how to copy files inside network from mashine one to
mashine2
if the mashine2 requires user/pass authentication ??
I need this for Windows platform.
Anyone did that ?
Thaks.
9  10561 
"Kristijan Marin" <kr************ *@hermes-plus.si> wrote in message
news:ee******** ******@TK2MSFTN GP10.phx.gbl... Does anyone know how to copy files inside network from mashine one to
mashine2
if the mashine2 requires user/pass authentication ??
I need this for Windows platform.
Which Windows platform?
If it is one of NT/2K/XP/2K+3 that you are talking about you should be able
to use this sequence
LogonUser();
ImpersonateLogg edOnUser();
CopyFile();
RevertToSelf();
CloseHandle(); // on the token returned by LogonUser()
Prior to XP, the calling thread requires must be in the trusted computing
base which is to say it is the SE_TCB_NAME privilege which shows up in the
user manager as "Act as part of the operating system".
For that reason, this sequence is usually found in a server applications
which are implemented as services running under LocalSystem, having the
requisite privilege, and necessarily installed by an administrator.
Regards,
Will
William DePalo [MVP VC++] wrote: Does anyone know how to copy files inside network from mashine one to
mashine2
if the mashine2 requires user/pass authentication ??
If it is one of NT/2K/XP/2K+3 that you are talking about you should be able
to use this sequence
LogonUser();
ImpersonateLogg edOnUser();
CopyFile();
RevertToSelf();
CloseHandle(); // on the token returned by LogonUser()
LogonUser only logs you in to the local computer, and it can't be used
to log on to a remote computer. The user must exist locally. If the user
doesn't exist locally, than WNetAddConnecti on seems to be the only way
to go, which is not safe, because if the app crashes, the connection
remains open. I have yet to find a solution that works and is safe.
LogonUser is totally out of question, because on a typical network a
local computer only has 1 user, while a file server has numerous others.
Tom
"Tamas Demjen" <td*****@yahoo. com> wrote in message
news:ub******** ******@TK2MSFTN GP12.phx.gbl... William DePalo [MVP VC++] wrote:
Does anyone know how to copy files inside network from mashine one to
mashine2
if the mashine2 requires user/pass authentication ??
If it is one of NT/2K/XP/2K+3 that you are talking about you should be
able to use this sequence
LogonUser();
ImpersonateLogg edOnUser();
CopyFile();
RevertToSelf();
CloseHandle(); // on the token returned by LogonUser()
LogonUser only logs you in to the local computer, and it can't be used to
log on to a remote computer. The user must exist locally. If the user
doesn't exist locally, than WNetAddConnecti on seems to be the only way to
go, which is not safe, because if the app crashes, the connection remains
open. I have yet to find a solution that works and is safe. LogonUser is
totally out of question, because on a typical network a local computer
only has 1 user, while a file server has numerous others.
Tom
The purpose of LogonUser is to obtain an access token specifying the
credentials of a valid local or domain (remote) account. If you specify a
remote users credentials, the token obtained can be used to impersonate the
current thread and access the remote resource. Now, if you use non local
user credentials, accesses to local FS objects will fail (unless the remote
user is a shadow account of a local account), this can be solved by:
- specifying a domain user when calling LogonUser and granting this doamin
account access to the loacl FS resources, or,
- by specifying LOGON32_LOGON_N EW_CREDENTIALS as dwLogonType (W2K2 or
higher).
Willy.
Willy Denoyette [MVP] wrote: The purpose of LogonUser is to obtain an access token specifying the
credentials of a valid local or domain (remote) account. If you specify a
remote users credentials, the token obtained can be used to impersonate the
current thread and access the remote resource. Now, if you use non local
user credentials, accesses to local FS objects will fail (unless the remote
user is a shadow account of a local account), this can be solved by:
- specifying a domain user when calling LogonUser and granting this doamin
account access to the loacl FS resources, or,
- by specifying LOGON32_LOGON_N EW_CREDENTIALS as dwLogonType (W2K2 or
higher).
Willy.
Thanks Willy, this seems to be solving a 2-year-old problem to me. The
following works nicely:
HANDLE token;
if(LogonUser(
"Tamas", "\\\\RemoteComp uter",
"password",
LOGON32_LOGON_N EW_CREDENTIALS,
LOGON32_PROVIDE R_DEFAULT,
&token))
{
if(ImpersonateL oggedOnUser(tok en))
{
CopyFile("c:\\0 .txt", "\\\\RemoteComp uter\\Share\\0. txt",
TRUE);
RevertToSelf();
}
CloseHandle(tok en);
}
Does the LOGON32_LOGON_N EW_CREDENTIALS flag require the server to be
W2k+, or the client (local) computer only?
I also tried this:
BOOL res = LogonUser(
"Tamas@RemoteCo mputer", NULL,
"password",
LOGON32_LOGON_N ETWORK,
LOGON32_PROVIDE R_DEFAULT,
&token);
and res was TRUE and the token was valid, but after the
ImpersonateLogg edOnUser call the remote FS was not accessible. Note that
RemoteComputer is not a true domain, it's just another computer in a
workgroup. I guess if I knew how to add access to the FS, that would
work too. <sigh> I'd spent days without success before.
Anyway, LOGON32_LOGON_N EW_CREDENTIALS does the trick, but only on W2k+.
Tom
Tamas,
Inline.
Willy.
"Tamas Demjen" <td*****@yahoo. com> wrote in message
news:us******** ********@tk2msf tngp13.phx.gbl. .. Willy Denoyette [MVP] wrote: The purpose of LogonUser is to obtain an access token specifying the
credentials of a valid local or domain (remote) account. If you specify a
remote users credentials, the token obtained can be used to impersonate
the current thread and access the remote resource. Now, if you use non
local user credentials, accesses to local FS objects will fail (unless
the remote user is a shadow account of a local account), this can be
solved by:
- specifying a domain user when calling LogonUser and granting this
doamin account access to the loacl FS resources, or,
- by specifying LOGON32_LOGON_N EW_CREDENTIALS as dwLogonType (W2K2 or
higher).
Willy.
Thanks Willy, this seems to be solving a 2-year-old problem to me. The
following works nicely:
HANDLE token;
if(LogonUser(
"Tamas", "\\\\RemoteComp uter",
"password",
LOGON32_LOGON_N EW_CREDENTIALS,
LOGON32_PROVIDE R_DEFAULT,
&token))
{
if(ImpersonateL oggedOnUser(tok en))
{
CopyFile("c:\\0 .txt", "\\\\RemoteComp uter\\Share\\0. txt",
TRUE);
RevertToSelf();
}
CloseHandle(tok en);
}
Does the LOGON32_LOGON_N EW_CREDENTIALS flag require the server to be W2k+,
or the client (local) computer only?
The computer calling LogonUser() needs W2K or higer (that is all, OS that
run Kerberos security providers).
I also tried this:
BOOL res = LogonUser(
"Tamas@RemoteCo mputer", NULL,
"password",
LOGON32_LOGON_N ETWORK,
LOGON32_PROVIDE R_DEFAULT,
&token);
and res was TRUE and the token was valid, but after the
ImpersonateLogg edOnUser call the remote FS was not accessible. Note that
RemoteComputer is not a true domain, it's just another computer in a
workgroup. I guess if I knew how to add access to the FS, that would work
too. <sigh> I'd spent days without success before.
This is by design, the logontype LOGON32_LOGON_N ETWORK returns an access
token that has NO network access.
Anyway, LOGON32_LOGON_N EW_CREDENTIALS does the trick, but only on W2k+.
Yep, no need to map shares to local drives anymore, or to impersonate domain
accounts to access SQL server, just create a logon session with "split
identity" and you can access the server while keeping you local access token
to access local resources.
Tom
Willy Denoyette [MVP] wrote: This is by design, the logontype LOGON32_LOGON_N ETWORK returns an access
token that has NO network access.
Thanks again. LOGON32_LOGON_N EW_CREDENTIALS is my only choice, as every
other logintype fails to authenitcate the remote-only user (returns
ERROR_LOGON_FAI LURE). It's alright, because the app in question is
always runnin on XP. The remote computer we connect to may be running
some older Windows, but we alway call LogonUser from an XP box.
Yep, no need to map shares to local drives anymore
That's exactly what I wanted, because mapping a UNC share enables a
system-wide access, which is a potential security threat. I only want an
application-wide CopyFile. It's so much safer now.
If I had to implement this with OSes older than W2k, it seems I would
have no choice but to map the share (or implement a TCP/IP based secure
server to send files).
Tom
"Tamas Demjen" <td*****@yahoo. com> wrote in message
news:ub******** ******@TK2MSFTN GP12.phx.gbl... William DePalo [MVP VC++] wrote:
Does anyone know how to copy files inside network from mashine one to
mashine2
if the mashine2 requires user/pass authentication ??
If it is one of NT/2K/XP/2K+3 that you are talking about you should be
able to use this sequence
LogonUser();
ImpersonateLogg edOnUser();
CopyFile();
RevertToSelf();
CloseHandle(); // on the token returned by LogonUser()
LogonUser only logs you in to the local computer, and it can't be used to
log on to a remote computer.
I guess that depends on what you mean by "log on to a remote computer".
I can tell you that, just as the docs specify, if on a machine in a domain,
you specify the credentials of a domain user, then you can certainly get a
token and use it to impersonate that user.
And of course, you can also use the function to get a token representing a
user local to the machine.
Regards,
Will
William DePalo [MVP VC++] wrote: I guess that depends on what you mean by "log on to a remote computer".
I can tell you that, just as the docs specify, if on a machine in a domain,
you specify the credentials of a domain user, then you can certainly get a
token and use it to impersonate that user.
And of course, you can also use the function to get a token representing a
user local to the machine.
My conclusion is that LOGON32_LOGON_N EW_CREDENTIALS seems to be the only
way to go when the local machine is not in a domain, or when it is in a
different domain than the remote machine. It works now (I posted the
sample code earlier).
LOGON32_LOGON_N EW_CREDENTIALS is not required to impersonate users on
the local machine, or on a remote machine in the same domain as the
local one.
It seems to me that LogonUser was originally designed to support
impersonation of local and domain users, and later (in W2k) MS has
introduced the LOGON32_LOGON_N EW_CREDENTIALS logontype to support
foreign domains and machines not in a domain.
Tom
"Tamas Demjen" <td*****@yahoo. com> wrote in message
news:u0******** ******@tk2msftn gp13.phx.gbl... LOGON32_LOGON_N EW_CREDENTIALS is not required to impersonate users on the
local machine, or on a remote machine in the same domain as the local one.
It seems to me that LogonUser was originally designed to support
impersonation of local and domain users, and later (in W2k) MS has
introduced the LOGON32_LOGON_N EW_CREDENTIALS logontype to support foreign
domains and machines not in a domain.
Perhaps. But the docs seem clear:
<quote>
Windows 2000/XP: This logon type allows the caller to clone its current
token and specify new credentials for outbound connections. The new logon
session has the same local identify, but uses different credentials for
other network connections.
This logon type is supported only by the LOGON32_PROVIDE R_WINNT50 logon
provider
</quote>
Unlike the other options, this one allows for a "split personality" with one
set of credentials for local use and another for remote.
Regards,
Will This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Markus Weber |
last post by:
Hallo!
I have created an VB-ActiveX-Componente that copy files on network.
This works on one my development computer when I install application
on other IIS servers (files to copy on same server with same rights) I
get error message "Invalid filename or number". So what can cause this
problems?
Thnaks in advance!
|
by: Christopher Jedlicka |
last post by:
I am trying to write a script that will access files on another
computer on the network but in a seperate domain. In order to access
the files, I need to first authenticate to the other domain as a
different user.
When I access files on another domain via explorer, it prompts for a
username/password. Is there some way I can pass this same information
through scripting to access a computer in the other domain?
I attempted to do this...
|
by: Tess |
last post by:
Hi,
Long time reader, first time poster... Any help is appreciated.
I have a few questions regarding Winform controls embedded within an
html page. For more info please see the appendix. Now, for the
questions.
1. A button on my control executes the
System.IO.Directory.GetDirectories funtion (the scanned directory
resides on the hosting web server). What credentials is this
|
by: Frank Millman |
last post by:
Hi all
I am writing a multi-user accounting/business system. Data is stored in
a database (PostgreSQL on Linux, SQL Server on Windows). I have written
a Python program to run on the client, which uses wxPython as a gui,
and connects to the database via TCP/IP.
The client program contains all the authentication and business logic.
It has dawned on me that anyone can bypass this by modifying the
program. As it is written in Python, with...
|
by: John K. |
last post by:
Hi
I was wondering if it's possible to use the WebRequest class to access a file on windows shared folder with authentication? If yes, what would the syntax be? I've tried to look this up in the references available but to no avail
Also, is it safer (better practise) in an LAN environment to use HTTP requests to access shared files (via ASP.NET) rather than UNC file shares
TIA
Regards
John
| | |
by: Andre |
last post by:
Hi,
I have ASP.NET application running on standalone (not part of the domain)
Windows 2003. I use forms authentication for my application. The problem I
have is that I need to create and read files on Windows domain network shared
drives and also on shared via Samba Unix drives, which is equivalent to
writing/reading to the workgroup computer. Please point, if possible, to
detailed step by step description of what needs to be done. Thank...
|
by: UJ |
last post by:
My client has a product that downloads files from it's web server. It then
will display these on a local machine. Problem is that this is on the
customer's network which means, depending on the customer, they may have
secured the network down like crazy. To the point that may have no open
ports, can't send data across to our server, ...
My network engineer has essentially said we need to have the following
criteria:
1. We can't hard...
|
by: cylix2000 |
last post by:
I have write a asp that need to copy network file from file server to
web server.
I try it in webserver is everything alright.
When I try in other machine, error on the filepath is not found.
I search for the old thread, and I found it is not the same problem.
My IIS authentication method setting is "Digest authentication for
Windows domain servers",
and "Integrated Windows authentication",
and I access the page using "Domain admin"...
|
by: =?Utf-8?B?U2Vhbk1hYw==?= |
last post by:
How do I programmatically copy files across a network (from a local
workstation to another local workstation on the network) using visual basic
2005?
In other words, when in explorer and you enter a unc path to a network
workstation, you are prompted with a dialog box asking for the user name and
password that has access rights to that computer. After validating, you can
access the files on the remote pc just like you can on your own pc,...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
