Using C++/C# to pass server share credentials prior to operations.

Discussion:

(too old to reply)

Kevin Gay

2006-11-10 15:26:01 UTC

I'm looking for the technique used (if it exists) to pass the username and
password (if needed) to a server to authenticate with it in a domain.
Basically I want to create a console program to pass the credentials when
called. The command would look something like "crenpass /u:<username>
/p:<password>" \\server\share", this is so I can call this prior to say
running or copying files from an IT only server in a batch file for a user
that normally does not have access to a server share. Don't warn me about the
security problem of putting a username and password in a batch file, I have
ways of encrypting that data so a user couldn't ever see or figure out the
password. In our enviroment once you auth with a share you have access to
that until a reboot, also I need it to overwrite the current logged on users
cred when accessing the server. Heres an example of a batch file.

credpass /u:joe /p:joepass \\server\share
copy \\server\share\file C:\

All my searches keep poping up with system.security.Authentication and
CoSetProxyblanket, those look like they are on the right track, I just want
to put in username and pass when/if the login prompt comes up for accessing a
server share.

William DePalo [MVP VC++]

2006-11-10 15:39:55 UTC

Permalink

If you target XP and later, your console application to validate credentials
can simply call LogonUser(). It returns a token which you should not forget
to close.

Prior to XP, you can use LogonUser() if the account under which your
application runs has the SE_TCP_NAME ("act as part of the operating system")
right. If it does not you can use SSPI as outlined here:

http://support.microsoft.com/?id=180548

Post by Kevin Gay
Don't warn me about the security problem of putting a username
and password in a batch file,

Roger that.

Post by Kevin Gay
also I need it to overwrite the current logged on users
cred when accessing the server.

This is likely to be more problematic in a command file. In an application,
you'd simply impersonate a user whose credentials you know. Alternatively,
you can use CreateProcessAsUser() or CreateProcessWithLogonW(), both of
which perform a "run as" kind of operation.

Post by Kevin Gay
credpass /u:joe /p:joepass \\server\share
copy \\server\share\file C:\

Take a look at WNetAddConnection2() is what you want to do is to map a share
to local device name.

Regards,
Will

Ivan Brugiolo [MSFT]

2006-11-10 23:27:12 UTC

Permalink

Would a simple
net use \\Server\Share /u:<domain>\<user> <password>
work ?
--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Post by Kevin Gay
I'm looking for the technique used (if it exists) to pass the username and
password (if needed) to a server to authenticate with it in a domain.
Basically I want to create a console program to pass the credentials when
called. The command would look something like "crenpass /u:<username>
/p:<password>" \\server\share", this is so I can call this prior to say
running or copying files from an IT only server in a batch file for a user
that normally does not have access to a server share. Don't warn me about the
security problem of putting a username and password in a batch file, I have
ways of encrypting that data so a user couldn't ever see or figure out the
password. In our enviroment once you auth with a share you have access to
that until a reboot, also I need it to overwrite the current logged on users
cred when accessing the server. Heres an example of a batch file.
credpass /u:joe /p:joepass \\server\share
copy \\server\share\file C:\
All my searches keep poping up with system.security.Authentication and
CoSetProxyblanket, those look like they are on the right track, I just want
to put in username and pass when/if the login prompt comes up for accessing a
server share.