How to provide user name and password when connecting to a network share

Question

When connecting to a network share for which the current user  in my case  a network enabled service user  has no rights  name and password have to be provided   I know how to do this with Win32 functions  the WNet  family from mpr dll   but would like to do it with  Net  2 0  functionality   What options are available   Maybe some more information helps    The use case is a windows service  not an Asp Net application  The service is running under an account which has no rights on the share  The user account needed for the share is not known on the client side  Client and server are not members of the same domain

User · Answer

For VB lovers the VB NET equivalent of Luke Quinane s code  thanks Luke    Imports System Imports System Net Imports System Runtime InteropServices Imports System ComponentModel  Public Class NetworkConnection     Implements IDisposable      Private  networkName As String      Public Sub New networkName As String  credentials As NetworkCredential           networkName   networkName          Dim netResource   New NetResource   With                 Scope   ResourceScope GlobalNetwork                ResourceType   ResourceType Disk                DisplayType   ResourceDisplaytype Share                RemoteName   networkName                    Dim userName   If String IsNullOrEmpty credentials Domain   credentials UserName  String Format   0   1    credentials Domain  credentials UserName            Dim result   WNetAddConnection2 NetResource  credentials Password  userName  0           If result  lt  gt  0 Then             Throw New Win32Exception result   Error connecting to remote share           End If     End Sub      Protected Overrides Sub Finalize           Try             Dispose  False          Finally             MyBase Finalize           End Try     End Sub      Public Sub Dispose   Implements IDisposable Dispose         Dispose  True          GC SuppressFinalize  Me      End Sub      Protected Overridable Sub Dispose disposing As Boolean          WNetCancelConnection2  networkName  0  True      End Sub       lt DllImport  mpr dll   gt        Private Shared Function WNetAddConnection2 netResource As NetResource  password As String  username As String  flags As Integer  As Integer     End Function       lt DllImport  mpr dll   gt        Private Shared Function WNetCancelConnection2 name As String  flags As Integer  force As Boolean  As Integer     End Function  End Class   lt StructLayout LayoutKind Sequential  gt    Public Class NetResource     Public Scope As ResourceScope     Public ResourceType As ResourceType     Public DisplayType As ResourceDisplaytype     Public Usage As Integer     Public LocalName As String     Public RemoteName As String     Public Comment As String     Public Provider As String End Class  Public Enum ResourceScope As Integer     Connected   1     GlobalNetwork     Remembered     Recent     Context End Enum  Public Enum ResourceType As Integer     Any   0     Disk   1     Print   2     Reserved   8 End Enum  Public Enum ResourceDisplaytype As Integer     Generic    amp H0     Domain    amp H1     Server    amp H2     Share    amp H3     File    amp H4     Group    amp H5     Network    amp H6     Root    amp H7     Shareadmin    amp H8     Directory    amp H9     Tree    amp HA     Ndscontainer    amp HB End Enum

User · Answer

Also ported to F  to use with FAKE  module NetworkShare  open System open System ComponentModel open System IO open System Net open System Runtime InteropServices  type ResourceScope     Connected   1   GlobalNetwork   2   Remembered   3   Recent   4 type ResourceType     Any   0   Disk   1   Print   2   Reserved   8 type ResourceDisplayType     Generic   0x0   Domain   0x01   Server   0x02   Share   0x03   File   0x04   Group   0x05   Network   0x06   Root   0x07   Shareadmin   0x08   Directory   0x09   Tree   0x0a   Ndscontainer   0x0b    Uses of this construct may result in the generation of unverifiable  NET IL code   nowarn  9    lt StructLayout LayoutKind Sequential  gt   type NetResource     struct     val mutable Scope   ResourceScope     val mutable ResourceType   ResourceType     val mutable DisplayType   ResourceDisplayType     val mutable Usage   int     val mutable LocalName   string     val mutable RemoteName   string     val mutable Comment   string     val mutable Provider   string     new name               lets preset needed fields       NetResource Scope   ResourceScope GlobalNetwork       ResourceType   ResourceType Disk       DisplayType   ResourceDisplayType Share       Usage   0       LocalName   null       RemoteName   name       Comment   null       Provider   null         end  type WNetConnection networkName   string  credential   NetworkCredential        lt Literal gt     static let Mpr    mpr dll      lt DllImport Mpr  EntryPoint    WNetAddConnection2   gt     static extern int connect NetResource netResource  string password  string username  int flags      lt DllImport Mpr  EntryPoint    WNetCancelConnection2   gt     static extern int disconnect string name  int flags  bool force     let mutable disposed   false     do     let userName   if String IsNullOrWhiteSpace credential Domain                    then credential UserName                    else credential Domain          credential UserName     let resource   new NetResource networkName       let result   connect resource  credential Password  userName  0       if result  lt  gt  0 then       let msg    Error connecting to remote share     networkName       new Win32Exception result  msg          gt  raise    let cleanup disposing bool        if not disposed then       disposed  lt - true       if disposing then       TODO dispose managed resources here       disconnect networkName  0  true    gt  ignore    interface IDisposable with     member    Dispose           disconnect networkName  0  true    gt  ignore       GC SuppressFinalize        override    Finalize     cleanup false   type CopyPath       RemotePath of string   NetworkCredential     LocalPath of string  let createDisposable             new IDisposable with       member    Dispose             let copyFile overwrite destPath srcPath   unit     use  srcConn       match srcPath with       RemotePath path  credential  - gt  new WNetConnection path  credential    gt  IDisposable       LocalPath    - gt  createDisposable     use  destConn       match destPath with       RemotePath path  credential  - gt  new WNetConnection path  credential    gt  IDisposable       LocalPath    - gt  createDisposable     match srcPath  destPath with     RemotePath src      RemotePath dest         LocalPath src   RemotePath dest         RemotePath src      LocalPath dest      LocalPath src   LocalPath dest  - gt      if FileInfo src  Exists   gt  not then       failwith   Source file not found      src      let destFilePath         if DirectoryInfo dest  Exists then Path Combine dest  Path GetFileName src        else dest     File Copy src  destFilePath  overwrite   let rec copyDir copySubDirs filePattern destPath srcPath     use  srcConn       match srcPath with       RemotePath path  credential  - gt  new WNetConnection path  credential    gt  IDisposable       LocalPath    - gt  createDisposable     use  destConn       match destPath with       RemotePath path  credential  - gt  new WNetConnection path  credential    gt  IDisposable       LocalPath    - gt  createDisposable     match srcPath  destPath with     RemotePath src      RemotePath dest         LocalPath src   RemotePath dest         RemotePath src      LocalPath dest      LocalPath src   LocalPath dest  - gt      let dir   DirectoryInfo src      if dir Exists   gt  not then       failwith   Source directory not found      src       let dirs   dir GetDirectories       if Directory Exists dest    gt  not then       Directory CreateDirectory dest    gt  ignore      let files   dir GetFiles filePattern      for file in files do       let tempPath   Path Combine dest  file Name        file CopyTo tempPath  false    gt  ignore      if copySubDirs then       for subdir in dirs do         let subdirSrc             match srcPath with             RemotePath    credential  - gt  RemotePath Path Combine dest  subdir Name   credential              LocalPath    - gt  LocalPath Path Combine dest  subdir Name           let subdirDest             match destPath with             RemotePath    credential  - gt  RemotePath subdir FullName  credential              LocalPath    - gt  LocalPath subdir FullName          copyDir copySubDirs filePattern subdirDest subdirSrc

User · Answer

One option that might work is using WindowsIdentity Impersonate  and change the thread principal  to become the desired user  like so  Back to p invoke  though  I m afraid     Another cheeky  and equally far from ideal  option might be to spawn a process to do the work    ProcessStartInfo accepts a  UserName   Password and  Domain   Finally - perhaps run the service in a dedicated account that has access   removed as you have clarified that this isn t an option

User · Answer

One option that might work is using WindowsIdentity Impersonate  and change the thread principal  to become the desired user  like so  Back to p invoke  though  I m afraid     Another cheeky  and equally far from ideal  option might be to spawn a process to do the work    ProcessStartInfo accepts a  UserName   Password and  Domain   Finally - perhaps run the service in a dedicated account that has access   removed as you have clarified that this isn t an option

User · Answer

OK    I can resond    Disclaimer  I just had an 18  hour day  again    I m old and forgetfull   I can t spell   I have a short attention span so I better respond fast    -   Question   Is it possible to change the thread principal to an user with no account on the local machine    Answer   Yes  you can change a thread principal even if the credentials you are using are not defined locally or are outside the  forest    I just ran into this problem when trying to connect to an SQL server with NTLM authentication from a service  This call uses the credentials associated with the process meaning that you need either a local account or a domain account to authenticate before you can impersonate  Blah  blah     But     Calling LogonUser     with the attribute of       NEW CREDENTIALS will return a security token without trying to authenticate the credentials  Kewl   Don t have to define the account within the  forest   Once you have the token you might have to call DuplicateToken   with the option to enable impersonation resulting in a new token  Now call SetThreadToken  NULL  token     It might be  amp token     A call to ImpersonateLoggedonUser  token    might be required  but I don t think so  Look it up    Do what you need to do    Call RevertToSelf   if you called ImpersonateLoggedonUser   then SetThreadToken  NULL  NULL     I think    look it up   and then CloseHandle   on the created handles    No promises but this worked for me    This is off the top of my head  like my hair  and I can t spell

User · Answer

You should be looking at adding a like like this    lt identity impersonate  true  userName  domain user  password          gt    Into your web config   More Information

User · Answer

You should be looking at adding a like like this    lt identity impersonate  true  userName  domain user  password          gt    Into your web config   More Information

User · Answer

The Luke Quinane solution looks good  but did work only partially in my ASP NET MVC application  Having two shares on the same server with different credentials I could use the impersonation only for the first one   The problem with WNetAddConnection2 is also that it behaves differently on different windows versions  That is why I looked for alternatives and found the LogonUser function  Here is my code which also works in ASP NET   public sealed class WrappedImpersonationContext       public enum LogonType   int               Interactive   2          Network   3          Batch   4          Service   5          Unlock   7          NetworkClearText   8          NewCredentials   9            public enum LogonProvider   int               Default   0      LOGON32 PROVIDER DEFAULT         WinNT35   1          WinNT40   2      Use the NTLM logon provider          WinNT50   3      Use the negotiate logon provider              DllImport  advapi32 dll   EntryPoint    LogonUserW   SetLastError   true  CharSet   CharSet Unicode       public static extern bool LogonUser String lpszUsername  String lpszDomain          String lpszPassword  LogonType dwLogonType  LogonProvider dwLogonProvider  ref IntPtr phToken         DllImport  kernel32 dll        public extern static bool CloseHandle IntPtr handle        private string  domain   password   username      private IntPtr  token      private WindowsImpersonationContext  context       private bool IsInContext               get   return  context    null               public WrappedImpersonationContext string domain  string username  string password                 domain   String IsNullOrEmpty domain          domain           username   username           password   password                Changes the Windows identity of this thread  Make sure to always call Leave   at the end       PermissionSetAttribute SecurityAction Demand  Name    FullTrust        public void Enter                 if  IsInContext              return            token   IntPtr Zero          bool logonSuccessfull   LogonUser  username   domain   password  LogonType NewCredentials  LogonProvider WinNT50  ref  token           if   logonSuccessfull                        throw new Win32Exception Marshal GetLastWin32Error                       WindowsIdentity identity   new WindowsIdentity  token            context   identity Impersonate             Debug WriteLine WindowsIdentity GetCurrent   Name               PermissionSetAttribute SecurityAction Demand  Name    FullTrust        public void Leave                 if   IsInContext              return            context Undo             if   token    IntPtr Zero                        CloseHandle  token                      context   null            Usage   var impersonationContext   new WrappedImpersonationContext Domain  Username  Password   impersonationContext Enter       do your stuff here  impersonationContext Leave

User · Answer

The Luke Quinane solution looks good  but did work only partially in my ASP NET MVC application  Having two shares on the same server with different credentials I could use the impersonation only for the first one   The problem with WNetAddConnection2 is also that it behaves differently on different windows versions  That is why I looked for alternatives and found the LogonUser function  Here is my code which also works in ASP NET   public sealed class WrappedImpersonationContext       public enum LogonType   int               Interactive   2          Network   3          Batch   4          Service   5          Unlock   7          NetworkClearText   8          NewCredentials   9            public enum LogonProvider   int               Default   0      LOGON32 PROVIDER DEFAULT         WinNT35   1          WinNT40   2      Use the NTLM logon provider          WinNT50   3      Use the negotiate logon provider              DllImport  advapi32 dll   EntryPoint    LogonUserW   SetLastError   true  CharSet   CharSet Unicode       public static extern bool LogonUser String lpszUsername  String lpszDomain          String lpszPassword  LogonType dwLogonType  LogonProvider dwLogonProvider  ref IntPtr phToken         DllImport  kernel32 dll        public extern static bool CloseHandle IntPtr handle        private string  domain   password   username      private IntPtr  token      private WindowsImpersonationContext  context       private bool IsInContext               get   return  context    null               public WrappedImpersonationContext string domain  string username  string password                 domain   String IsNullOrEmpty domain          domain           username   username           password   password                Changes the Windows identity of this thread  Make sure to always call Leave   at the end       PermissionSetAttribute SecurityAction Demand  Name    FullTrust        public void Enter                 if  IsInContext              return            token   IntPtr Zero          bool logonSuccessfull   LogonUser  username   domain   password  LogonType NewCredentials  LogonProvider WinNT50  ref  token           if   logonSuccessfull                        throw new Win32Exception Marshal GetLastWin32Error                       WindowsIdentity identity   new WindowsIdentity  token            context   identity Impersonate             Debug WriteLine WindowsIdentity GetCurrent   Name               PermissionSetAttribute SecurityAction Demand  Name    FullTrust        public void Leave                 if   IsInContext              return            context Undo             if   token    IntPtr Zero                        CloseHandle  token                      context   null            Usage   var impersonationContext   new WrappedImpersonationContext Domain  Username  Password   impersonationContext Enter       do your stuff here  impersonationContext Leave

User · Answer

I searched lots of methods and i did it my own way  You have to open a connection between two machine via command prompt NET USE command and after finishing your work clear the connection with command prompt NET USE  myconnection   delete   You must use Command Prompt process from code behind like this    var savePath       servername foldername myfilename jpg   var filePath     C   temp myfileTosave jpg     Usage is simple   SaveACopyfileToServer filePath  savePath     Here is functions    using System IO using System Diagnostics    public static void SaveACopyfileToServer string filePath  string savePath                var directory   Path GetDirectoryName savePath  Trim            var username    loginusername           var password    loginpassword           var filenameToSave   Path GetFileName savePath            if   directory EndsWith                    filenameToSave          filenameToSave           var command    NET USE     directory      delete           ExecuteCommand command  5000            command    NET USE     directory      user     username         password          ExecuteCommand command  5000            command     copy       filePath              directory   filenameToSave                  ExecuteCommand command  5000             command    NET USE     directory      delete           ExecuteCommand command  5000           And also ExecuteCommand function is    public static int ExecuteCommand string command  int timeout                var processInfo   new ProcessStartInfo  cmd exe     C     command                                                                    CreateNoWindow   true                                     UseShellExecute   false                                     WorkingDirectory    C                                                var process   Process Start processInfo           process WaitForExit timeout           var exitCode   process ExitCode          process Close            return exitCode           This functions worked very fast and stable for me

User · Answer

One option that might work is using WindowsIdentity Impersonate  and change the thread principal  to become the desired user  like so  Back to p invoke  though  I m afraid     Another cheeky  and equally far from ideal  option might be to spawn a process to do the work    ProcessStartInfo accepts a  UserName   Password and  Domain   Finally - perhaps run the service in a dedicated account that has access   removed as you have clarified that this isn t an option

User · Answer

You can either change the thread identity  or P Invoke WNetAddConnection2  I prefer the latter  as I sometimes need to maintain multiple credentials for different locations  I wrap it into an IDisposable and call WNetCancelConnection2 to remove the creds afterwards  avoiding the multiple usernames error    using  new NetworkConnection     server read   readCredentials   using  new NetworkConnection     server2 write   writeCredentials        File Copy     server read file       server2 write file

User · Answer

I searched lots of methods and i did it my own way  You have to open a connection between two machine via command prompt NET USE command and after finishing your work clear the connection with command prompt NET USE  myconnection   delete   You must use Command Prompt process from code behind like this    var savePath       servername foldername myfilename jpg   var filePath     C   temp myfileTosave jpg     Usage is simple   SaveACopyfileToServer filePath  savePath     Here is functions    using System IO using System Diagnostics    public static void SaveACopyfileToServer string filePath  string savePath                var directory   Path GetDirectoryName savePath  Trim            var username    loginusername           var password    loginpassword           var filenameToSave   Path GetFileName savePath            if   directory EndsWith                    filenameToSave          filenameToSave           var command    NET USE     directory      delete           ExecuteCommand command  5000            command    NET USE     directory      user     username         password          ExecuteCommand command  5000            command     copy       filePath              directory   filenameToSave                  ExecuteCommand command  5000             command    NET USE     directory      delete           ExecuteCommand command  5000           And also ExecuteCommand function is    public static int ExecuteCommand string command  int timeout                var processInfo   new ProcessStartInfo  cmd exe     C     command                                                                    CreateNoWindow   true                                     UseShellExecute   false                                     WorkingDirectory    C                                                var process   Process Start processInfo           process WaitForExit timeout           var exitCode   process ExitCode          process Close            return exitCode           This functions worked very fast and stable for me

User · Answer

If you can t create an locally valid security token  it seems like you ve ruled all out every option bar Win32 API and WNetAddConnection    Tons of information on MSDN about WNet - PInvoke information and sample code that connects to a UNC path here      http   www pinvoke net default aspx mpr WNetAddConnection2 html    MSDN Reference here      http   msdn microsoft com en-us library aa385391 VS 85  aspx

User · Answer

If you can t create an locally valid security token  it seems like you ve ruled all out every option bar Win32 API and WNetAddConnection    Tons of information on MSDN about WNet - PInvoke information and sample code that connects to a UNC path here      http   www pinvoke net default aspx mpr WNetAddConnection2 html    MSDN Reference here      http   msdn microsoft com en-us library aa385391 VS 85  aspx

User · Answer

One option that might work is using WindowsIdentity Impersonate  and change the thread principal  to become the desired user  like so  Back to p invoke  though  I m afraid     Another cheeky  and equally far from ideal  option might be to spawn a process to do the work    ProcessStartInfo accepts a  UserName   Password and  Domain   Finally - perhaps run the service in a dedicated account that has access   removed as you have clarified that this isn t an option

User · Answer

You should be looking at adding a like like this    lt identity impersonate  true  userName  domain user  password          gt    Into your web config   More Information

User · Answer

You can either change the thread identity  or P Invoke WNetAddConnection2  I prefer the latter  as I sometimes need to maintain multiple credentials for different locations  I wrap it into an IDisposable and call WNetCancelConnection2 to remove the creds afterwards  avoiding the multiple usernames error    using  new NetworkConnection     server read   readCredentials   using  new NetworkConnection     server2 write   writeCredentials        File Copy     server read file       server2 write file

User · Answer

You should be looking at adding a like like this    lt identity impersonate  true  userName  domain user  password          gt    Into your web config   More Information

User · Answer

OK    I can resond    Disclaimer  I just had an 18  hour day  again    I m old and forgetfull   I can t spell   I have a short attention span so I better respond fast    -   Question   Is it possible to change the thread principal to an user with no account on the local machine    Answer   Yes  you can change a thread principal even if the credentials you are using are not defined locally or are outside the  forest    I just ran into this problem when trying to connect to an SQL server with NTLM authentication from a service  This call uses the credentials associated with the process meaning that you need either a local account or a domain account to authenticate before you can impersonate  Blah  blah     But     Calling LogonUser     with the attribute of       NEW CREDENTIALS will return a security token without trying to authenticate the credentials  Kewl   Don t have to define the account within the  forest   Once you have the token you might have to call DuplicateToken   with the option to enable impersonation resulting in a new token  Now call SetThreadToken  NULL  token     It might be  amp token     A call to ImpersonateLoggedonUser  token    might be required  but I don t think so  Look it up    Do what you need to do    Call RevertToSelf   if you called ImpersonateLoggedonUser   then SetThreadToken  NULL  NULL     I think    look it up   and then CloseHandle   on the created handles    No promises but this worked for me    This is off the top of my head  like my hair  and I can t spell

User · Answer

I liked Mark Brackett s answer so much that I did my own quick implementation  Here it is if anyone else needs it in a hurry   public class NetworkConnection   IDisposable       string  networkName       public NetworkConnection string networkName           NetworkCredential credentials                 networkName   networkName           var netResource   new NetResource                         Scope   ResourceScope GlobalNetwork              ResourceType   ResourceType Disk              DisplayType   ResourceDisplaytype Share              RemoteName   networkName                     var userName   string IsNullOrEmpty credentials Domain                credentials UserName               string Format    0   1    credentials Domain  credentials UserName            var result   WNetAddConnection2              netResource               credentials Password              userName              0            if  result    0                        throw new Win32Exception result                            NetworkConnection                 Dispose false              public void Dispose                 Dispose true           GC SuppressFinalize this              protected virtual void Dispose bool disposing                WNetCancelConnection2  networkName  0  true               DllImport  mpr dll        private static extern int WNetAddConnection2 NetResource netResource           string password  string username  int flags         DllImport  mpr dll        private static extern int WNetCancelConnection2 string name  int flags          bool force       StructLayout LayoutKind Sequential   public class NetResource       public ResourceScope Scope      public ResourceType ResourceType      public ResourceDisplaytype DisplayType      public int Usage      public string LocalName      public string RemoteName      public string Comment      public string Provider     public enum ResourceScope   int       Connected   1      GlobalNetwork      Remembered      Recent      Context     public enum ResourceType   int       Any   0      Disk   1      Print   2      Reserved   8     public enum ResourceDisplaytype   int       Generic   0x0      Domain   0x01      Server   0x02      Share   0x03      File   0x04      Group   0x05      Network   0x06      Root   0x07      Shareadmin   0x08      Directory   0x09      Tree   0x0a      Ndscontainer   0x0b

User · Answer

Today 7 years later I m facing the same issue and I d like to share my version of the solution   It is copy  amp  paste ready  -  Here it is   Step 1  In your code  whenever you need to do something with permissions   ImpersonationHelper Impersonate domain  userName  userPassword  delegate                                                                 Your code here                                    Let s say file copy                                  if   File Exists to                                                                         File Copy from  to                                                                       Step 2  The Helper file which does a magic  using System  using System Runtime ConstrainedExecution  using System Runtime InteropServices  using System Security  using System Security Permissions  using System Security Principal      using Microsoft Win32 SafeHandles    namespace BlaBla       public sealed class SafeTokenHandle   SafeHandleZeroOrMinusOneIsInvalid               private SafeTokenHandle                 base true                                DllImport  kernel32 dll             ReliabilityContract Consistency WillNotCorruptState  Cer Success            SuppressUnmanagedCodeSecurity           return  MarshalAs UnmanagedType Bool           private static extern bool CloseHandle IntPtr handle            protected override bool ReleaseHandle                         return CloseHandle handle                        public class ImpersonationHelper                DllImport  advapi32 dll   SetLastError   true  CharSet   CharSet Unicode           private static extern bool LogonUser String lpszUsername  String lpszDomain  String lpszPassword          int dwLogonType  int dwLogonProvider  out SafeTokenHandle phToken             DllImport  kernel32 dll   CharSet   CharSet Auto           private extern static bool CloseHandle IntPtr handle             PermissionSet SecurityAction Demand  Name    FullTrust            public static void Impersonate string domainName  string userName  string userPassword  Action actionToExecute                        SafeTokenHandle safeTokenHandle              try                                const int LOGON32 PROVIDER DEFAULT   0                    This parameter causes LogonUser to create a primary token                  const int LOGON32 LOGON INTERACTIVE   2                      Call LogonUser to obtain a handle to an access token                  bool returnValue   LogonUser userName  domainName  userPassword                      LOGON32 LOGON INTERACTIVE  LOGON32 PROVIDER DEFAULT                      out safeTokenHandle                     Facade Instance Trace  LogonUser called                      if  returnValue    false                                        int ret   Marshal GetLastWin32Error                          Facade Instance Trace   LogonUser failed with error code    ret                          throw new System ComponentModel Win32Exception ret                                      using  safeTokenHandle                                          Facade Instance Trace   Value of Windows NT token   safeTokenHandle                           Facade Instance Trace   Before impersonation   WindowsIdentity GetCurrent   Name                             Use the token handle returned by LogonUser                      using  WindowsIdentity newId   new WindowsIdentity safeTokenHandle DangerousGetHandle                                                   using  WindowsImpersonationContext impersonatedUser   newId Impersonate                                                            Facade Instance Trace   After impersonation   WindowsIdentity GetCurrent   Name                                   Facade Instance Trace  Start executing an action                                 actionToExecute                                   Facade Instance Trace  Finished executing an action                                                                          Facade Instance Trace   After closing the context   WindowsIdentity GetCurrent   Name                                                  catch  Exception ex                                  Facade Instance Trace  Oh no  Impersonate method failed                       ex HandleException                      On purpose  we want to notify a caller about the issue  Pavel Kovalev 9 16 2016 2 15 23 PM                   throw

User · Answer

You can either change the thread identity  or P Invoke WNetAddConnection2  I prefer the latter  as I sometimes need to maintain multiple credentials for different locations  I wrap it into an IDisposable and call WNetCancelConnection2 to remove the creds afterwards  avoiding the multiple usernames error    using  new NetworkConnection     server read   readCredentials   using  new NetworkConnection     server2 write   writeCredentials        File Copy     server read file       server2 write file

User · Answer

I liked Mark Brackett s answer so much that I did my own quick implementation  Here it is if anyone else needs it in a hurry   public class NetworkConnection   IDisposable       string  networkName       public NetworkConnection string networkName           NetworkCredential credentials                 networkName   networkName           var netResource   new NetResource                         Scope   ResourceScope GlobalNetwork              ResourceType   ResourceType Disk              DisplayType   ResourceDisplaytype Share              RemoteName   networkName                     var userName   string IsNullOrEmpty credentials Domain                credentials UserName               string Format    0   1    credentials Domain  credentials UserName            var result   WNetAddConnection2              netResource               credentials Password              userName              0            if  result    0                        throw new Win32Exception result                            NetworkConnection                 Dispose false              public void Dispose                 Dispose true           GC SuppressFinalize this              protected virtual void Dispose bool disposing                WNetCancelConnection2  networkName  0  true               DllImport  mpr dll        private static extern int WNetAddConnection2 NetResource netResource           string password  string username  int flags         DllImport  mpr dll        private static extern int WNetCancelConnection2 string name  int flags          bool force       StructLayout LayoutKind Sequential   public class NetResource       public ResourceScope Scope      public ResourceType ResourceType      public ResourceDisplaytype DisplayType      public int Usage      public string LocalName      public string RemoteName      public string Comment      public string Provider     public enum ResourceScope   int       Connected   1      GlobalNetwork      Remembered      Recent      Context     public enum ResourceType   int       Any   0      Disk   1      Print   2      Reserved   8     public enum ResourceDisplaytype   int       Generic   0x0      Domain   0x01      Server   0x02      Share   0x03      File   0x04      Group   0x05      Network   0x06      Root   0x07      Shareadmin   0x08      Directory   0x09      Tree   0x0a      Ndscontainer   0x0b

User · Answer

Today 7 years later I m facing the same issue and I d like to share my version of the solution   It is copy  amp  paste ready  -  Here it is   Step 1  In your code  whenever you need to do something with permissions   ImpersonationHelper Impersonate domain  userName  userPassword  delegate                                                                 Your code here                                    Let s say file copy                                  if   File Exists to                                                                         File Copy from  to                                                                       Step 2  The Helper file which does a magic  using System  using System Runtime ConstrainedExecution  using System Runtime InteropServices  using System Security  using System Security Permissions  using System Security Principal      using Microsoft Win32 SafeHandles    namespace BlaBla       public sealed class SafeTokenHandle   SafeHandleZeroOrMinusOneIsInvalid               private SafeTokenHandle                 base true                                DllImport  kernel32 dll             ReliabilityContract Consistency WillNotCorruptState  Cer Success            SuppressUnmanagedCodeSecurity           return  MarshalAs UnmanagedType Bool           private static extern bool CloseHandle IntPtr handle            protected override bool ReleaseHandle                         return CloseHandle handle                        public class ImpersonationHelper                DllImport  advapi32 dll   SetLastError   true  CharSet   CharSet Unicode           private static extern bool LogonUser String lpszUsername  String lpszDomain  String lpszPassword          int dwLogonType  int dwLogonProvider  out SafeTokenHandle phToken             DllImport  kernel32 dll   CharSet   CharSet Auto           private extern static bool CloseHandle IntPtr handle             PermissionSet SecurityAction Demand  Name    FullTrust            public static void Impersonate string domainName  string userName  string userPassword  Action actionToExecute                        SafeTokenHandle safeTokenHandle              try                                const int LOGON32 PROVIDER DEFAULT   0                    This parameter causes LogonUser to create a primary token                  const int LOGON32 LOGON INTERACTIVE   2                      Call LogonUser to obtain a handle to an access token                  bool returnValue   LogonUser userName  domainName  userPassword                      LOGON32 LOGON INTERACTIVE  LOGON32 PROVIDER DEFAULT                      out safeTokenHandle                     Facade Instance Trace  LogonUser called                      if  returnValue    false                                        int ret   Marshal GetLastWin32Error                          Facade Instance Trace   LogonUser failed with error code    ret                          throw new System ComponentModel Win32Exception ret                                      using  safeTokenHandle                                          Facade Instance Trace   Value of Windows NT token   safeTokenHandle                           Facade Instance Trace   Before impersonation   WindowsIdentity GetCurrent   Name                             Use the token handle returned by LogonUser                      using  WindowsIdentity newId   new WindowsIdentity safeTokenHandle DangerousGetHandle                                                   using  WindowsImpersonationContext impersonatedUser   newId Impersonate                                                            Facade Instance Trace   After impersonation   WindowsIdentity GetCurrent   Name                                   Facade Instance Trace  Start executing an action                                 actionToExecute                                   Facade Instance Trace  Finished executing an action                                                                          Facade Instance Trace   After closing the context   WindowsIdentity GetCurrent   Name                                                  catch  Exception ex                                  Facade Instance Trace  Oh no  Impersonate method failed                       ex HandleException                      On purpose  we want to notify a caller about the issue  Pavel Kovalev 9 16 2016 2 15 23 PM                   throw

User · Answer

You can either change the thread identity  or P Invoke WNetAddConnection2  I prefer the latter  as I sometimes need to maintain multiple credentials for different locations  I wrap it into an IDisposable and call WNetCancelConnection2 to remove the creds afterwards  avoiding the multiple usernames error    using  new NetworkConnection     server read   readCredentials   using  new NetworkConnection     server2 write   writeCredentials        File Copy     server read file       server2 write file

User · Answer

If you can t create an locally valid security token  it seems like you ve ruled all out every option bar Win32 API and WNetAddConnection    Tons of information on MSDN about WNet - PInvoke information and sample code that connects to a UNC path here      http   www pinvoke net default aspx mpr WNetAddConnection2 html    MSDN Reference here      http   msdn microsoft com en-us library aa385391 VS 85  aspx

User · Answer

Also ported to F  to use with FAKE  module NetworkShare  open System open System ComponentModel open System IO open System Net open System Runtime InteropServices  type ResourceScope     Connected   1   GlobalNetwork   2   Remembered   3   Recent   4 type ResourceType     Any   0   Disk   1   Print   2   Reserved   8 type ResourceDisplayType     Generic   0x0   Domain   0x01   Server   0x02   Share   0x03   File   0x04   Group   0x05   Network   0x06   Root   0x07   Shareadmin   0x08   Directory   0x09   Tree   0x0a   Ndscontainer   0x0b    Uses of this construct may result in the generation of unverifiable  NET IL code   nowarn  9    lt StructLayout LayoutKind Sequential  gt   type NetResource     struct     val mutable Scope   ResourceScope     val mutable ResourceType   ResourceType     val mutable DisplayType   ResourceDisplayType     val mutable Usage   int     val mutable LocalName   string     val mutable RemoteName   string     val mutable Comment   string     val mutable Provider   string     new name               lets preset needed fields       NetResource Scope   ResourceScope GlobalNetwork       ResourceType   ResourceType Disk       DisplayType   ResourceDisplayType Share       Usage   0       LocalName   null       RemoteName   name       Comment   null       Provider   null         end  type WNetConnection networkName   string  credential   NetworkCredential        lt Literal gt     static let Mpr    mpr dll      lt DllImport Mpr  EntryPoint    WNetAddConnection2   gt     static extern int connect NetResource netResource  string password  string username  int flags      lt DllImport Mpr  EntryPoint    WNetCancelConnection2   gt     static extern int disconnect string name  int flags  bool force     let mutable disposed   false     do     let userName   if String IsNullOrWhiteSpace credential Domain                    then credential UserName                    else credential Domain          credential UserName     let resource   new NetResource networkName       let result   connect resource  credential Password  userName  0       if result  lt  gt  0 then       let msg    Error connecting to remote share     networkName       new Win32Exception result  msg          gt  raise    let cleanup disposing bool        if not disposed then       disposed  lt - true       if disposing then       TODO dispose managed resources here       disconnect networkName  0  true    gt  ignore    interface IDisposable with     member    Dispose           disconnect networkName  0  true    gt  ignore       GC SuppressFinalize        override    Finalize     cleanup false   type CopyPath       RemotePath of string   NetworkCredential     LocalPath of string  let createDisposable             new IDisposable with       member    Dispose             let copyFile overwrite destPath srcPath   unit     use  srcConn       match srcPath with       RemotePath path  credential  - gt  new WNetConnection path  credential    gt  IDisposable       LocalPath    - gt  createDisposable     use  destConn       match destPath with       RemotePath path  credential  - gt  new WNetConnection path  credential    gt  IDisposable       LocalPath    - gt  createDisposable     match srcPath  destPath with     RemotePath src      RemotePath dest         LocalPath src   RemotePath dest         RemotePath src      LocalPath dest      LocalPath src   LocalPath dest  - gt      if FileInfo src  Exists   gt  not then       failwith   Source file not found      src      let destFilePath         if DirectoryInfo dest  Exists then Path Combine dest  Path GetFileName src        else dest     File Copy src  destFilePath  overwrite   let rec copyDir copySubDirs filePattern destPath srcPath     use  srcConn       match srcPath with       RemotePath path  credential  - gt  new WNetConnection path  credential    gt  IDisposable       LocalPath    - gt  createDisposable     use  destConn       match destPath with       RemotePath path  credential  - gt  new WNetConnection path  credential    gt  IDisposable       LocalPath    - gt  createDisposable     match srcPath  destPath with     RemotePath src      RemotePath dest         LocalPath src   RemotePath dest         RemotePath src      LocalPath dest      LocalPath src   LocalPath dest  - gt      let dir   DirectoryInfo src      if dir Exists   gt  not then       failwith   Source directory not found      src       let dirs   dir GetDirectories       if Directory Exists dest    gt  not then       Directory CreateDirectory dest    gt  ignore      let files   dir GetFiles filePattern      for file in files do       let tempPath   Path Combine dest  file Name        file CopyTo tempPath  false    gt  ignore      if copySubDirs then       for subdir in dirs do         let subdirSrc             match srcPath with             RemotePath    credential  - gt  RemotePath Path Combine dest  subdir Name   credential              LocalPath    - gt  LocalPath Path Combine dest  subdir Name           let subdirDest             match destPath with             RemotePath    credential  - gt  RemotePath subdir FullName  credential              LocalPath    - gt  LocalPath subdir FullName          copyDir copySubDirs filePattern subdirDest subdirSrc

User · Answer

For VB lovers the VB NET equivalent of Luke Quinane s code  thanks Luke    Imports System Imports System Net Imports System Runtime InteropServices Imports System ComponentModel  Public Class NetworkConnection     Implements IDisposable      Private  networkName As String      Public Sub New networkName As String  credentials As NetworkCredential           networkName   networkName          Dim netResource   New NetResource   With                 Scope   ResourceScope GlobalNetwork                ResourceType   ResourceType Disk                DisplayType   ResourceDisplaytype Share                RemoteName   networkName                    Dim userName   If String IsNullOrEmpty credentials Domain   credentials UserName  String Format   0   1    credentials Domain  credentials UserName            Dim result   WNetAddConnection2 NetResource  credentials Password  userName  0           If result  lt  gt  0 Then             Throw New Win32Exception result   Error connecting to remote share           End If     End Sub      Protected Overrides Sub Finalize           Try             Dispose  False          Finally             MyBase Finalize           End Try     End Sub      Public Sub Dispose   Implements IDisposable Dispose         Dispose  True          GC SuppressFinalize  Me      End Sub      Protected Overridable Sub Dispose disposing As Boolean          WNetCancelConnection2  networkName  0  True      End Sub       lt DllImport  mpr dll   gt        Private Shared Function WNetAddConnection2 netResource As NetResource  password As String  username As String  flags As Integer  As Integer     End Function       lt DllImport  mpr dll   gt        Private Shared Function WNetCancelConnection2 name As String  flags As Integer  force As Boolean  As Integer     End Function  End Class   lt StructLayout LayoutKind Sequential  gt    Public Class NetResource     Public Scope As ResourceScope     Public ResourceType As ResourceType     Public DisplayType As ResourceDisplaytype     Public Usage As Integer     Public LocalName As String     Public RemoteName As String     Public Comment As String     Public Provider As String End Class  Public Enum ResourceScope As Integer     Connected   1     GlobalNetwork     Remembered     Recent     Context End Enum  Public Enum ResourceType As Integer     Any   0     Disk   1     Print   2     Reserved   8 End Enum  Public Enum ResourceDisplaytype As Integer     Generic    amp H0     Domain    amp H1     Server    amp H2     Share    amp H3     File    amp H4     Group    amp H5     Network    amp H6     Root    amp H7     Shareadmin    amp H8     Directory    amp H9     Tree    amp HA     Ndscontainer    amp HB End Enum

User · Answer

If you can t create an locally valid security token  it seems like you ve ruled all out every option bar Win32 API and WNetAddConnection    Tons of information on MSDN about WNet - PInvoke information and sample code that connects to a UNC path here      http   www pinvoke net default aspx mpr WNetAddConnection2 html    MSDN Reference here      http   msdn microsoft com en-us library aa385391 VS 85  aspx

[c#] How to provide user name and password when connecting to a network share

Examples related to c#

Examples related to .net

Examples related to winapi

Examples related to networking

Examples related to passwords