Re: Authenticate connection as remote user
- From: "Eugene Gershnik" <gershnik@xxxxxxxxxxx>
- Date: Wed, 27 Jul 2005 12:34:07 -0700
GKar Racer wrote:
>> Eugene Gershnik wrote:
>> GKar Racer wrote:
>>> Thanks for your reply, but that's not quite it.
>>>
>>> I'll try to put it another way. Let's say the user Bob is logged
>>> into
>>> the client machine (MachineC). His username is MachineC\Bob. This
>>> user does not exist on the server (MachineS). MachineC\Bob has no
>>> rights whatsoever on MachineS. Bob maps a drive to a network share
>>> on
>>> MachineS. In order to do this he has to log on remotely to MachineS.
>>> He logs on as MachineS\BobSmith. Permissions for files on MachineS
>>> are set appropriately for MachineS\BobSmith. Everything works as
>>> expected.
>>
>> And NetUseGetInfo on MachineC applied to the share in question will
>> give you MachineS\BobSmith along with password (hopefully - I
>> haven't used this API in a long time). You can grab the name and
>> password and save them.
>
>
> It doesn't. First of all I wouldn't expect it to give the password.
> Wouldn't that be a security breach?
Not necessarily but NT seems to avoid doing it in every case.
> There is a password field in the
> structure, but it is returned null.
Ok, this kills the idea.
> I'm guessing here, but I expect
> that the password field has more to do with "generic shares" from
> win98, etc. More importantly, though, it is not returning the correct
> user. It seems to return MachineC\Bob in all cases.
I just made a quick test and it appears that the the API is broken (at least
on XP SP2). The only (lame) workaround I can see is to use NetConnectionEnum
on server. You can call it remotely and in my test it did return the correct
username. However to call it you need to be Administrator, Server or Print
Operator, or Power User on the server.
However, this is quite useless. Since you cannot get the password there is
no way you will be able to authenticate to remote server without popping up
a credentials dialog.
Another thing you can try is to employ CredXXX API to try to find if a user
has stored credentials for the particular server. In case he doesn't you
will still need to pop up a dialog. CredUI functions will help with this
too.
> I have no problem with using SSPI. In fact, I expect this will be
> required for this project. I found an SSPI sample at www.mvps.org. It
> was written some time ago, but it's probably still fairly close.
This http://www.theserverside.net/discussions/thread.tss?thread_id=25148 may
also help as well as Keith's book about Windows security.
> I
> tried their server and client test programs. If the user "Bob" is on
> both machines with the same password (even though different domains)
> it
> logs in to the server app successfully, but if the users are different
> than it fails.
Yes, this is a special "feature" of Windows authentication. See
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q102716
for details
--
Eugene
http://www.gershnik.com
.
- Follow-Ups:
- Re: Authenticate connection as remote user
- From: Eugene Gershnik
- Re: Authenticate connection as remote user
- References:
- Authenticate connection as remote user
- From: GKar Racer
- Re: Authenticate connection as remote user
- From: Eugene Gershnik
- Re: Authenticate connection as remote user
- From: GKar Racer
- Re: Authenticate connection as remote user
- From: Eugene Gershnik
- Re: Authenticate connection as remote user
- From: GKar Racer
- Authenticate connection as remote user
- Prev by Date: BluetoothFindFirstDevice versus BluetoothFindFirstRadio
- Next by Date: Re: Authenticate connection as remote user
- Previous by thread: Re: Authenticate connection as remote user
- Next by thread: Re: Authenticate connection as remote user
- Index(es):
Relevant Pages
|
