访问网络驱动器上的文件

发布于 2024-08-26 05:55:18 字数 1509 浏览 12 评论 0原文

背景:我有一个应用程序,必须从网络驱动器 (Z:) 上的文件中读取数据

,这在我的办公室域中运行良好,但在站点上(在不同的域中)不起作用。据我所知,域用户和网络驱动器的设置方式相同,但是我无权访问客户域中的用户等。

当我无法访问网络驱动器时,我想我需要用户的令牌。这就是我模拟用户的方式:

[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

...

const string userName = "USER";
const string pass = "PASS";
const string domainName = "VALIDDOMAIN.local"  //tried with valid domain name and with null, same result
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_INTERACTIVE = 2;

IntPtr tokenHandle = new IntPtr(0);

bool returnValue = LogonUser(userName, domainName, pass,
            LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
            ref tokenHandle);

if (!returnValue)
    throw new Exception("Logon failed.");

WindowsImpersonationContext impersonatedUser = null;
try
{
    WindowsIdentity wid = new WindowsIdentity(tokenHandle);
    impersonatedUser = wid.Impersonate();

}
finally
{
    if (impersonatedUser != null) impersonatedUser.Undo();
}

现在这是有趣/奇怪的部分。在我的网络中,应用程序已经可以访问网络驱动器,如果我尝试模拟活动用户(完全相同的用户,包括相同的域),它将无法访问网络驱动器。

这让我很无助,因为现在我不知道什么有效,什么无效,更重要的是,它在现场有效吗?

我缺少什么?

编辑:我在最初提出问题时忘记写这个:我尝试输入有效的域名但它不起作用,所以之后我尝试输入 null 以获得与我相同的用户名没有此代码(因为它在我们的域中默认工作)。这没有帮助,这就是domain = null;的方式。最终出现在这个问题上。

Background: I have an application that has to read from files on a network drive (Z:)

This works great in my office domain, however it does not work on site (in a different domain). As far as I can tell the domain users and network drives are set in the same way, however I do not have access to users etc in the customers domain.

When I couldn't access the network drive I figured I needed a token for a user. This is how I impersionate the user:

[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

...

const string userName = "USER";
const string pass = "PASS";
const string domainName = "VALIDDOMAIN.local"  //tried with valid domain name and with null, same result
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_INTERACTIVE = 2;

IntPtr tokenHandle = new IntPtr(0);

bool returnValue = LogonUser(userName, domainName, pass,
            LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
            ref tokenHandle);

if (!returnValue)
    throw new Exception("Logon failed.");

WindowsImpersonationContext impersonatedUser = null;
try
{
    WindowsIdentity wid = new WindowsIdentity(tokenHandle);
    impersonatedUser = wid.Impersonate();

}
finally
{
    if (impersonatedUser != null) impersonatedUser.Undo();
}

Now here is the interesting/weird part. In my network the application can already access the network drive, and if I try to impersonate the active user (exactly the same user, including the same domain) it will not be able to access the network drive.

This leaves me helpless since now I have no idea what works and what doesn't, and more to the point, will it work on site?

What am I missing?

EDIT: I forgot to write this while originally asking the question: I have tried entering a valid domain name and it didn't work, so after that I tried entering null to get the same username as I would without this code (since it works by default in our domain). This did not help, and that's how domain = null; ended up in this question.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

云雾 2024-09-02 05:55:18

一些想法:

  • 不要使用逻辑驱动器路径从代码访问网络资源。始终使用 UNC 路径(例如 \\SERVER\Share\Filename.ext)。
  • 从本地安全策略启用登录/注销事件审核,以便当您调用模拟方法时,您可以详细跟踪失败/成功
  • 您最好在自己的域中创建一个具有相同用户名和密码的帐户作为其他域中的帐户。在您的域中进行身份验证,直通身份验证将使您能够访问其他域上的网络共享。

Some thoughts:

  • Do not use logical drive paths to access network resources from code. Always use UNC paths (e.g. \\SERVER\Share\Filename.ext).
  • Enable auditing of Logon/Logoff events from your local security policy so that when you call the Impersonate method, you can track the failure/success in great detail
  • You would be best to create an account in your own domain that has the same username and password as an account in the other domain. Authenticate off your domain and pass-through authentication will give you access to the network share on the other domain.
久而酒知 2024-09-02 05:55:18

这可能听起来很愚蠢,但您是否尝试过更改访问驱动器的方式?
也许安装某种形式的虚拟处理程序,它可以让您查看驱动器上的信息。例如 SSH?

This might sound stupid but have you attempted to change the way you are accessing the drive?
Maybe install some form of virtual handler which lets you view information on the drive. SSH for instance?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文