Solved

Windows Security

Posted on 1998-10-06
5
226 Views
Last Modified: 2010-04-01
I'm going to leave this rather broad, let me know if I need to be more specific...

What I'm building is an application, which allows users to copy files to an NT machine on the network.  This program will have many users, some may have access permissions to the target machine, but most will not.  Is there a way through code, to impersonate a user with adequate permissions to make the copy?  I'm not sure if network protocol is significant but our LAN is TCP/IP.  Client machines may be Win95, Win98 or WinNT, while the target machine is always going to be WinNT.

Any documentation, mention of APIs would be great.  Code snippets would be cool, but not neccessary.

-Ray
0
Comment
Question by:rayb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 1174537
The answer is quite simple:
Assuming you're writing a server application, you'll have to leave out some calls - e.g. if you're using named pipes, you'd usually call 'InpersonateNamedPipeClient()' to adjust the server process' privileges to the level of the client. (using RPC, you'd leave out the call to 'RpcImpersonateClient()'.
Additionally, the general function call would be 'ImpersonateLoggedOnUser()' with a prior call to obtain a impersonation access token.
If you're writing a client application that uses network shares, you don't have to take care of this at all - the OS will do it.

Feel free to ask followup questions, as this is quite a difficult issue...
0
 
LVL 2

Author Comment

by:rayb
ID: 1174538
I'm rejecting based on the fact, that I stumbled across these functions earlier, and the documentation states that they are only supported by NT.  If you are certain that the documentation is wrong in this regard, and the functions will work for both Win95 and Win98 as well as NT, post a follow up response and I'll code myself a prototype to verify it, but otherwise I'd rather not waste the effort.

0
 
LVL 86

Accepted Solution

by:
jkr earned 50 total points
ID: 1174539
Your target machine is NT - and as i stated, when you're writing a server app on NT, you'll need this functions. OF COURSE they're not supported on Win9x. If your application is a client, the latter applies - you don't have to take care, as the OS does.

At least you made clear that you're not writing a server application running on NT.

So see the following scenario:
Your application is running, you want to copy a file to \\server\disk1
1. The resource is already  connected, no authentication, hence.
2. No resource present, your app calls 'WNetAddConnection2()' providing an appropriate user name and password.

Of course you'll have to add an account on the server, e.g. called 'mycopyjob'
0
 
LVL 2

Author Comment

by:rayb
ID: 1174540
Ah!!!
I like this answer better.  The WNetAddConnection2 is new info to me...  I more than likely won't be able to verify until tomorrow.  But when I do, I'll be back to award points and such.

Thanks jkr.

-Ray
0
 
LVL 2

Author Comment

by:rayb
ID: 1174541
jkr,

Works like a charm!  Thanks very much.

-Ray
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Often, when implementing a feature, you won't know how certain events should be handled at the point where they occur and you'd rather defer to the user of your function or class. For example, a XML parser will extract a tag from the source code, wh…
  Included as part of the C++ Standard Template Library (STL) is a collection of generic containers. Each of these containers serves a different purpose and has different pros and cons. It is often difficult to decide which container to use and …
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question