networking - Move file onto network share (via impersonation) C# -
i have been working on project in c# (.net4). project pretty allows people upload files local machine network share.
network share secured. accessible user called "proxy" created in active directory.
i did research , found class used impersonation.
using system; using system.collections.generic; using system.linq; using system.text; using system.runtime.interopservices; using system.security.principal; namespace datacom.corporatesys.utilities { public class impersonateuser { [dllimport("advapi32.dll")] public static extern int logonusera(string lpszusername, string lpszdomain, string lpszpassword, int dwlogontype, int dwlogonprovider, ref intptr phtoken); [dllimport("advapi32.dll", charset = charset.auto, setlasterror = true)] public static extern int duplicatetoken(intptr htoken, int impersonationlevel, ref intptr hnewtoken); [dllimport("advapi32.dll", charset = charset.auto, setlasterror = true)] public static extern bool reverttoself(); [dllimport("kernel32.dll", charset = charset.auto)] public static extern bool closehandle(intptr handle); windowsimpersonationcontext impersonationcontext; public const int logon32_logon_interactive = 2; public const int logon32_provider_default = 0; private string p; private string p_2; private string p_3; private string username { set; get; } private string domain { set; get; } private string password { set; get; } /// <summary> /// impersonates user. /// </summary> /// <param name="username">name of user.</param> /// <param name="domain">the domain.</param> /// <param name="password">the password.</param> public impersonateuser(string username, string domain, string password) { username = username; domain = domain; password = password; } /// <summary> /// impersonates valid user. /// </summary> /// <returns></returns> public bool impersonatevaliduser() { windowsidentity tempwindowsidentity; intptr token = intptr.zero; intptr tokenduplicate = intptr.zero; if (reverttoself()) { if (logonusera(username, domain, password, logon32_logon_interactive, logon32_provider_default, ref token) != 0) { if (duplicatetoken(token, 2, ref tokenduplicate) != 0) { tempwindowsidentity = new windowsidentity(tokenduplicate); impersonationcontext = tempwindowsidentity.impersonate(); if (impersonationcontext != null) { closehandle(token); closehandle(tokenduplicate); return true; } } } } if (token != intptr.zero) closehandle(token); if (tokenduplicate != intptr.zero) closehandle(tokenduplicate); return false; } /// <summary> /// undoes impersonation. /// </summary> public void undoimpersonation() { impersonationcontext.undo(); } } }
note: memory think found example on msdn.
this how try move file local path network
if (imp.impersonatevaliduser()) { system.io.file.copy(local_file, server_file, true); imp.undoimpersonation(); } else { throw new exception("unable impersonate uploading file."); }
and works! never have issues impersonation - exception never gets thrown. works fine , uploads files server. however, when started testing bit more found if proxy user not logged in server (normally open rds login , quit - without logging out).
i different exception - network path not found exception , occurs when have restarted server , "proxy" not logged in.
my first thought there wrong impersonation class, impersonates fine when work (ie. files have ownership of proxy user). thought maybe "proxy" needs logged in os can use permissions access \server\uploads
i'm extremely lost now, not sure how solve it. please note: have no control on server. server win2k8 desktop experience installed (otherwise cant access network locations).
thanks!
grant proxy account access right "log on batch job" , use `logon32_logon_batch
instead of interactive logon.
Comments
Post a Comment