How do I supply credential so that I can connect to a network drive in .NET?
I’m trying to retrieve files from a network drive and need to supply user credentials to access the drive.
Connect to network drive with user name and password
I believe there is a more universal way: #296038 –
Entrammel
There is a library called SMBLibrary which is probably a better way –
Generalissimo
Very elegant solution inspired from this one. This one uses only .Net library and does not need to use any command line or Win32 API.
Code for ready reference:
NetworkCredential theNetworkCredential = new NetworkCredential(@"domain\username", "password");
CredentialCache theNetCache = new CredentialCache();
theNetCache.Add(new Uri(@"\\computer"), "Basic", theNetworkCredential);
string[] theFolders = Directory.GetDirectories(@"\\computer\share");
@VladL can you access the network share manually using windows explorer? Do you have necessary permissions for the user? –
Stereotaxis
I had to make two alterations to this to get it to work on my network. I had to use the NetworkCredential overload with a different domain parameter. I had to switch from Basic to Digest. –
Sabbatarian
I find it weird that we're 1) creating a CredentialsCache instance, and 2) not actually using that object for anything. If this was some global store (that all of our operations would automatically hit), I'd expect to be acquiring some singleton. Since we're not, I don't think we're actually using the credentials to any effect here. –
Dingo
I got a false positive. It worked because i had the share mapped. Once it was gone, i started to get denied exception. –
Vertical
You need to specify domain in some case. For example where the domain is different. Added to the answer, –
Rumania
Is there any chance that this works on Linux? –
Saleable
Just tested it : it seems to not work on Linux (System.IO.DirectoryNotFoundException) Linux does like the \\ paths. –
Saleable
though I'm late on this, thanks @DustinOprea for pointing out that this is nonsense. How this answer has so many upvotes is beyond me... does it even work for anybody without having the share already mapped somehow or Windows Credential Manager already configured? –
Intradermal
The best way to do this is to p/invoke WNetUseConnection.
[StructLayout(LayoutKind.Sequential)]
private class NETRESOURCE
{
public int dwScope = 0;
public int dwType = 0;
public int dwDisplayType = 0;
public int dwUsage = 0;
public string lpLocalName = "";
public string lpRemoteName = "";
public string lpComment = "";
public string lpProvider = "";
}
[DllImport("Mpr.dll")]
private static extern int WNetUseConnection(
IntPtr hwndOwner,
NETRESOURCE lpNetResource,
string lpPassword,
string lpUserID,
int dwFlags,
string lpAccessName,
string lpBufferSize,
string lpResult
);
It doesn't work for me. No error on connect, but when accessing the folder, program gets stuck forever –
Mead
You can use Impersonation Context; specifically the WindowsIdentity class (with a logon token) to impersonate while reading and writing files.
var windowsIdentity = new WindowsIdentity(logonToken);
using (var impersonationContext = windowsIdentity.Impersonate()) {
// Connect, read, write
}
Only works well in a Windows environment. When you start going to AS400, Solaris and Linux it becomes troublesome, especially if the shares requires a credential other than the one your are running the application under. –
Gustaf
bzlm's solution works, but he didn't really flesh it out. Get some code from msdn.microsoft.com/en-us/library/…, namely the safeTokenHandle class and dependencies. –
Megalocardia
This code working on local system but not working on IIS with anonymous pool identity, any suggestion? –
Horribly
I'm actually looking for a solution for this not working. My situation is that I'm using this type of impersonation to register a certificate with the security context of a service user, but I'm not able to actually get the file from the share. Oddly, it works if I login as the service user directly, then switch back to the user that runs the program doing the impersonation. My best guess is that this solution fails because Kerberos refuses to acknowledge the impersonation even though the local context does, but if you have a cached ticket, share access works. –
Mush
That said, my issue may just be using service logon type. The type of login used for impersonation seems to be critical. –
Mush
I really don't know the hidden process, but I use a webrequest, this way I'm able to pass the credentials, and it worked perfectly for me.
var ftpDownloadFile = WebRequest.Create("filePath");
ftpDownloadFile.Method = WebRequestMethods.Ftp.DownloadFile;
ftpDownloadFile.Credentials = new NetworkCredential("user", "pass");
using (var reader = (FtpWebResponse)ftpDownloadFile.GetResponse())
using (var responseStream = reader.GetResponseStream())
{
var writeStream = new FileStream(Path.Combine(LocalStorage), FileMode.Create);
const int length = 2048;
var buffer = new Byte[length];
if (responseStream != null)
{
var bytesRead = responseStream.Read(buffer, 0, length);
while (bytesRead > 0)
{
writeStream.Write(buffer, 0, bytesRead);
bytesRead = responseStream.Read(buffer, 0, length);
}
}
reader.Close();
writeStream.Close();
}
Use this code for Impersonation its tested in MVC.NET maybe for dot net core it required some change, If you want to dot net core let me know I will share.
public static class ImpersonationAuthenticationNew
{
[DllImport("advapi32.dll", SetLastError = true)]
private static extern bool LogonUser(string usernamee, string domain, string password, LogonType dwLogonType, LogonProvider dwLogonProvider, ref IntPtr phToken);
[DllImport("kernel32.dll")]
private static extern bool CloseHandle(IntPtr hObject);
public static bool Login(string domain,string username, string password)
{
IntPtr token = IntPtr.Zero;
var IsSuccess = LogonUser(username, domain, password, LogonType.LOGON32_LOGON_NEW_CREDENTIALS, LogonProvider.LOGON32_PROVIDER_WINNT50, ref token);
if (IsSuccess)
{
using (WindowsImpersonationContext person = new WindowsIdentity(token).Impersonate())
{
var xIdentity = WindowsIdentity.GetCurrent();
#region Start ImpersonationContext Scope
try
{
// TYPE YOUR CODE HERE
return true;
}
catch (Exception ex) { throw (ex); }
finally {
person.Undo();
CloseHandle(token);
}
#endregion
}
}
return false;
}
}
#region Enums
public enum LogonType
{
/// <summary>
/// This logon type is intended for users who will be interactively using the computer, such as a user being logged on
/// by a terminal server, remote shell, or similar process.
/// This logon type has the additional expense of caching logon information for disconnected operations;
/// therefore, it is inappropriate for some client/server applications,
/// such as a mail server.
/// </summary>
LOGON32_LOGON_INTERACTIVE = 2,
/// <summary>
/// This logon type is intended for high performance servers to authenticate plaintext passwords.
/// The LogonUser function does not cache credentials for this logon type.
/// </summary>
LOGON32_LOGON_NETWORK = 3,
/// <summary>
/// This logon type is intended for batch servers, where processes may be executing on behalf of a user without
/// their direct intervention. This type is also for higher performance servers that process many plaintext
/// authentication attempts at a time, such as mail or Web servers.
/// The LogonUser function does not cache credentials for this logon type.
/// </summary>
LOGON32_LOGON_BATCH = 4,
/// <summary>
/// Indicates a service-type logon. The account provided must have the service privilege enabled.
/// </summary>
LOGON32_LOGON_SERVICE = 5,
/// <summary>
/// This logon type is for GINA DLLs that log on users who will be interactively using the computer.
/// This logon type can generate a unique audit record that shows when the workstation was unlocked.
/// </summary>
LOGON32_LOGON_UNLOCK = 7,
/// <summary>
/// This logon type preserves the name and password in the authentication package, which allows the server to make
/// connections to other network servers while impersonating the client. A server can accept plaintext credentials
/// from a client, call LogonUser, verify that the user can access the system across the network, and still
/// communicate with other servers.
/// NOTE: Windows NT: This value is not supported.
/// </summary>
LOGON32_LOGON_NETWORK_CLEARTEXT = 8,
/// <summary>
/// This logon type allows the caller to clone its current token and specify new credentials for outbound connections.
/// The new logon session has the same local identifier but uses different credentials for other network connections.
/// NOTE: This logon type is supported only by the LOGON32_PROVIDER_WINNT50 logon provider.
/// NOTE: Windows NT: This value is not supported.
/// </summary>
LOGON32_LOGON_NEW_CREDENTIALS = 9,
}
public enum LogonProvider
{
/// <summary>
/// Use the standard logon provider for the system.
/// The default security provider is negotiate, unless you pass NULL for the domain name and the user name
/// is not in UPN format. In this case, the default provider is NTLM.
/// NOTE: Windows 2000/NT: The default security provider is NTLM.
/// </summary>
LOGON32_PROVIDER_DEFAULT = 0,
LOGON32_PROVIDER_WINNT35 = 1,
LOGON32_PROVIDER_WINNT40 = 2,
LOGON32_PROVIDER_WINNT50 = 3
}
#endregion
var fileName = "Mylogs.log";
var local = Path.Combine(@"C:\TempLogs", fileName);
var remote = Path.Combine(@"\\servername\c$\Windows\Temp\", fileName);
WebClient request = new WebClient();
request.Credentials = new NetworkCredential(@"username", "password");
if (File.Exists(local))
{
File.Delete(local);
File.Copy(remote, local, true);
}
else
{
File.Copy(remote, local, true);
}
you can use system.diagnostocs.process to call out to 'net use .... with userid and password' or to a command shell that takes those.
You can, but would you want to? –
Drug
Why not if it achieves the aim of your use case then it's completely valid. Its one line of code that achieves the desired result. It's got all of the error handling built in, and is tried an tested. Seems silly to rewrite the functionality. –
Iridissa
"if it achieves the aim of your use case then it's completely valid" - that's a very sweeping statement, and your answer here is a counterexample in my opinion. Starting up a new process to do something that can be done in a single P/Invoke (no rewrite required) is using a sledgehammer to crack a nut. –
Drug
You can use WebClient class to connect to the network driver using credentials. Include the below namespace:
using System.Net;
WebClient request = new WebClient();
request.Credentials = new NetworkCredential("domain\username", "password");
string[] theFolders = Directory.GetDirectories(@"\\computer\share");
Directory.GetDirectories has nothing to do with WebClient - they just happen to be adjacent lines of code in your example –
Dignify
© 2022 - 2024 — McMap. All rights reserved.