Directory login within VB app?

[ccbryan]

Hi. My client has an exchange server and a data server on his domain. He also has a webserver that for security reasons is not on the domain. I have written a VB.NET desktop application to run as a scheduled task on the webserver and copy files from the dataserver to the webserver.

The network manager has advised me of a login name that will get me access to the data directory I need, but I need to figure out how to invoke that username and password from within my application in order to successfully see the directory on the data server. The scheduled task on the webserver won't accept the proper id in the 'run as' because it's not valid on the webserver.

Surely there is a function that will allow my application to assume a specified identity, or just pass the required username and password...?

Thanks...
Chandler

 

[Arg81]

I use AD to log users into all my applications.

I probably don't do it in the "cleanest" way but because elsewhere in my app I need to see if a user is a member of an AD group I do it this way:

I use a "Global Variables" module called modGlobal

In here I have the function

Friend vUserName as string
Friend vDomain as string

Public Function ValidateActiveDirectoryGroup(ByVal domainName As String, ByVal userName As String, ByVal groupName As String) As Boolean
        Dim isValidated As Boolean = False

        Try

            Dim ldapPath As String = "LDAP://dc=YOURDOMAIN, dc=WHATEVER"
            Dim dirSearcher As New DirectorySearcher()

            dirSearcher.Filter = "(sAMAccountName=" & userName & ")"
            dirSearcher.PropertiesToLoad.AddRange(New String() {"memberOf", "displayName"})

            Dim result As SearchResult = dirSearcher.FindOne()

            If Not result Is Nothing Then

                If groupName.Length = 0 Then
                    isValidated = True
                Else
                    Dim groupCount As Integer = result.Properties("memberOf").Count
                    Dim isInGroup As Boolean = False

                    For index As Integer = 0 To groupCount - 1
                        Dim groupDN As String = result.Properties("memberOf").Item(index)

                        Dim equalsIndex As Integer = groupDN.IndexOf("=")
                        Dim commaIndex As Integer = groupDN.IndexOf(",")

                        Dim group As String = groupDN.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1).ToLower
                        If group.Equals(groupName.ToLower) Then
                            isInGroup = True
                            Exit For
                        End If
                    Next index

                    isValidated = isInGroup
                End If
            End If
        Catch ex As Exception
            MessageBox.Show(ex.Message)
        End Try
        Return isValidated
End Function

Within my forms I then use the code to validate whether the logged on user is a member of a group

Private Function AuthenticateAdmin() As Boolean
        Dim isAuthenticatedAdmin As Boolean = ValidateActiveDirectoryGroup(vDomain, vUsername, "ApplicationAdmin")
        Return isAuthenticatedAdmin
End Function

If AuthenticateAdmin() = True Then
Dim frm As New frmAdmin
frm.ShowDialog()
Else
Messagebox.show("Sorry, you do not have access")
End If

I'm sure you can manipulate the above for your needs.

 

[Adagio]

I'm in the same situation here and I'm not sure how to manipulate the above code for my needs

I have a program that needs to read/write files on a network drive. The network drive is password protected and none of the users of this program should have access to this drive. I'm sure there is a way to send over the user/pass to the network drive though the program to get access to all the files, but haven't been able to find it

Googling for a solution haven't helped me much, as all I'm getting is people who has problems accessing C:\test.txt from their program

 

[ccbryan]

Here's some more detail:

Remember, the webserver and fileserver are on different domains, though username and password are valid on both. The network admin has told me that I need to use 'username@fileserverdomainname.local' when connecting. Indeed, when I'm logged in to the webserver as username, I can connect the fileserver by going to Run and entering \\10.0.0.9\packinglists. I am prompted for login info and if I give it username@fileserverdomainname.local and password, then I see the packinglists directory just fine. If I then run my DocCopy app from VS2005 it connects and works fine.

However, I want the VB app to run as a scheduled task. The webserver task scheduler will not let me run as username@fileserverdomain.local, evidently since it doesn't recognize that construction as a valid account. Therefore I have tried to use various impersonation routines that go like this:

  Dim returnValue As Boolean = LogonUser(userName, Domain, Password, 2, 0, tokenHandle)

            'check if logon successful

            If returnValue = False Then
                Dim ret As Integer = Marshal.GetLastWin32Error()
                Console.WriteLine("LogonUser failed with error code : {0}", ret)
                Throw New System.ComponentModel.Win32Exception(ret)
                Exit Sub

            End If

But here's my dilemma: impersonation logon fails if I give it username@fileserverdomain.local + fileserverdomain + password, getting a returnvalue of False. If I give it just username + fileserverdomain + password, logon (and presumably impersonation) succeeds, but after beginning impersonation, my application fails when it tries to access the directory like this:

...
Dim filearr As String()
 
            filearr = System.IO.Directory.GetFiles("\\10.0.0.9\packinglists\", "*.pdf")
           ...

giving "System.IO.IOException: Logon failure: Unknown username or bad password."

This is very vexing... can anyone help?