访问共享文件(UNC)从远程,非信任域凭据 [英] Accessing a Shared File (UNC) From a Remote, Non-Trusted Domain With Credentials
问题描述
我们已经遇到需要解决一个有趣的情况,我的搜索已经止跌回升nill。因此,我呼吁多所社区寻求帮助。
We've run into an interesting situation that needs solving, and my searches have turned up nill. I therefore appeal to the SO community for help.
问题是:我们有一个需要以编程方式访问共享文件,是不是在我们的领域,而不是通过远程文件共享/ UNC信任的外部域中。当然,我们需要提供凭据到远程计算机。
The issue is this: we have a need to programmatically access a shared file that is not in our domain, and is not within a trusted external domain via remote file sharing / UNC. Naturally, we need to supply credentials to the remote machine.
通常,一个解决了两种方式之一此问题:
Typically, one solves this problem in one of two ways:
- 地图文件共享为驱动器,并在当时提供的凭据。这是通过使用
NET USE重复的命令或Win32函数典型的做法。NET USE - 使用UNC路径访问该文件,如果远程计算机分别对域,并确保程序运行所使用的帐户被复制(包括密码)在远程计算机上作为本地用户。基本上利用的事实是,当用户试图访问一个共享的文件的Windows将自动提供当前用户的凭证。
- 请不要使用远程文件共享。使用FTP(或其他方式)的文件中,在本地工作转移就可以了,然后转车回。
有关各种杂的原因,我们的安全/网络建筑师否决了前两种方法。第二种方法显然是一个安全漏洞;如果远程计算机被感染,在本地计算机现在处于危险之中。第一种方法是不令人满意的,因为新安装的驱动器是由程序文件访问期间可在本地计算机上的其他程序的共享资源。虽然它很可能使这个暂时的,它仍然是他们认为一个洞。
For various and sundry reasons, our security / network architects have rejected the first two approaches. The second approach is obviously a security hole; if the remote computer is compromised, the local computer is now at risk. The first approach is unsatisfactory because the newly mounted drive is a shared resource available to other programs on the local computer during file access by the program. Even though it's quite possible to make this temporary, it's still a hole in their opinion.
他们是开放的第三个选择,但远程网络管理员坚持SFTP,而不是FTPS和的FtpWebRequest只支持FTPS。 SFTP的是更多的防火墙友好的选项,并有我可以用这种方法一对夫妇的图书馆,但我preFER减少我的依赖,如果我能。
They're open to the third option, but the remote network admins insist on SFTP rather than FTPS, and FtpWebRequest only supports FTPS. SFTP is the more firewall-friendly option and there are a couple libraries I could use for that approach, but I'd prefer to reduce my dependencies if I can.
我搜索MSDN使用远程文件共享的无论是管理还是一个Win32手段,但我还没有拿出任何有用。
I've searched MSDN for either a managed or a win32 means of using remote file sharing, but I have failed to come up with anything useful.
所以,我要问:是否有另一种方式?我错过了一个超级秘密的Win32函数,我想要做什么?或者,我必须追求选项3的一些变种?
And so I ask: Is there another way? Did I miss a super-secret win32 function that does what I want? Or must I pursue some variant of option 3?
推荐答案
为您解决问题的方法是使用一个名为Win32 API中的WNetUseConnection 。
使用此功能可以连接到具有authenticaiton UNC路径,而不是映射驱动器
The way to solve your problem is to use a Win32 API called WNetUseConnection.
Use this function to connect to a UNC path with authenticaiton, NOT to map a drive.
这将允许您连接到远程计算机,即使是不在同一个域,即使它有一个不同的用户名和密码。
This will allow you to connect to a remote machine, even if it is not on the same domain, and even if it has a different username and password.
一旦你使用WNetUseConnection您将能够通过UNC路径,如同您在同一个域访问该文件。最好的方法可能是通过内置于股票的管理。
例如:\\\\计算机名\\ C $ \\ Program Files文件\\文件夹\\ file.txt的
Once you have used WNetUseConnection you will be able to access the file via a UNC path as if you were on the same domain. The best way is probably through the administrative built in shares.
Example: \\computername\c$\program files\Folder\file.txt
下面是一些示例C#code使用WNetUseConnection 。
请注意,对于NETRESOURCE,你应该通过空的lpLocalName和lpProvider。该dwType应RESOURCETYPE_DISK。第l premoteName应\\\\计算机名。
Note, for the NetResource, you should pass null for the lpLocalName and lpProvider. The dwType should be RESOURCETYPE_DISK. The lpRemoteName should be \\ComputerName.
这篇关于访问共享文件(UNC)从远程,非信任域凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
