Fog Creek Software
Discussion Board




Welcome! and rules

Joel on Software

Copying files from a network resource

I'm writing a C# .NET application that will be copying files from a remote network directory to the local disk.
The problem is that the network resource requires authentication.

How can I accomplish this? Currently, my colleague has done this by creating a mapped drive by using System.Threading.Process to run "net use <path> <password> /USER: <username" and then copy the files over, before deleting the mapped drive.
But this method has the overhead of a heavyweight process creation, and I'm trying to eliminate that.

Thanks
- Tharsan

Tharsan
Thursday, February 17, 2005

I have a similar problem, in that I am writing an ASP.NET webapp that uses the VFP OleDb driver to access tables located on a network resource. Drive mapped or not, the bottom line is that either the "MACHINE/aspnet" user context needs network read rights granted on the network share, or the web app needs to be told to impersonate a user context that has appropriate rights.

I believe the recommended approach is to do the data access (or file access in your case - actually its file access for me too really) with a new thread which runs under the appropriate user context. That way you keep both user identities doing what they do best.

Unfortunately, I have not yet determined how to do this in ASP.NET but maybe it will give you a few ideas...

Colin Nicholls
Friday, February 18, 2005

If the user doesn't normally have access to the share you are creating a security risk by even temporarily giving the user access via net use or some other method.  Not sure how critical keeping the user out of the share is.

A more secure way to do it would be for the user process to copy to an intermediate location and then have a service or batch process running on an authenticated machine periodically move from that intermediate location to the secure location.  Of course that is more processes to support (job security :-)  ).

I'm not clear if what Colin suggested (user impersonation in a separate thread) can be accomplished on the users machine securely but if it can that sounds like a good avenue also.

bw
Friday, February 18, 2005

on rereading i see that you want to go from the network resource to the client, not to.  i assume you want the client to have access to some of the content of the share but not all (otherwise you would just grant the client access) & the app is controlling access.
i think the same security concerns apply - you're going to need some kind of broker that resides on an authenticated machine and services app requests for files.

bw
Friday, February 18, 2005

thanks for the helpful comments.

the application is actually a process that runs periodically on a server to copy the images from this network drive over to its local disks.

the application is never actually run on a user's machine.

Tharsan
Monday, February 21, 2005

Tharsan, what you want to do is called "impersonation" - read Keith Brown at:

http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HomePage.html

I think specifically the LogonUser stuff is what you want to get familiar with:
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToGetATokenForAUser.html

Or, of course, buy his excellent book "The .NET Developer's Guide to Windows Security."

Duncan Smart
Monday, February 21, 2005

*  Recent Topics

*  Fog Creek Home