它允许用户禁止访问共享文件夹,防止WNetAddConnection2类 [英] Prevent WNetAddConnection2 class which allows prohibited user to access shared folder
问题描述
我已经开发C#Windows应用程序。操作系统是Windows 7
要求:是访问网络共享文件夹测试使用代码使用证书 WNetAddConnection2 类
限制:为某些用户拥有该共享文件夹测试的访问,但对于其他用户, 拒绝共享权限设置。
在代码 WNetAddConnection2 验证错误的用户名/密码,它会给我的错误
例如
从LAN用户A正在尝试访问共享文件夹测试使用运行命令,他是不是能够访问访问被拒绝,因为他没有同意。
但问题是WNetAddConnection2类允许用户A成功建立的网络连接。
感染WNetAddConnection2允许所有用户域。类是验证访问权限。
代码是
私人无效btnValidate_Click(对象发件人,EventArgs五)
{
布尔有效= FALSE;
尝试
{
的NetworkCredential NC =新的NetworkCredential(txtUserName.Text.Trim(),txtPassword.Text.Trim());
}
赶上(异常前)
{
MessageBox.Show(ex.Message.ToString());
}
}
公共类NetworkConnection:IDisposable的
{
串_networkName;
UINT dwFlags中;
公共NetworkConnection(字符串NETWORKNAME,的NetworkCredential的凭证)
{
_networkName = NETWORKNAME;
变种NETRESOURCE =新NETRESOURCE()
{
SCOPE = ResourceScope.GlobalNetwork,
的ResourceType = ResourceType.Disk,
=显示类型ResourceDisplaytype.Share,
远程名= NETWORKNAME
};
变种的userName = string.IsNullOrEmpty(credentials.Domain)
? credentials.UserName
:的String.Format(@{0} \ {1},credentials.Domain,credentials.UserName);
变种结果= WNetAddConnection2(NETRESOURCE,,,0x00000008 | 0x00000010);
如果(!结果= 0)
{
串strErrMsg =;
如果(结果== 67)
{
strErrMsg =网络名称不能被发现。
}
如果(结果== 86)
{
strErrMsg =无效的用户名或密码ProBiz服务器;
}
,否则如果(结果== 1219)
{
strErrMsg =到服务器的多个连接或共享资源的由同一用户使用的多个用户名,是不allowed.Close应用程序断开与服务器的所有连接或共享资源,然后再试一次。
}
抛出新Win32Exception(因此,错误连接+ NETWORKNAME +远程share.Error代码:+ result.ToString()+ + strErrMsg。);
}
,否则
{
MessageBox.Show(测试连接成功的+ NETWORKNAME);
}
}
〜NetworkConnection()
{
的Dispose(假);
}
公共无效的Dispose()
{
的Dispose(真);
GC.SuppressFinalize(本);
}
受保护的虚拟无效的Dispose(BOOL处置)
{
WNetCancelConnection2(_networkName,1,TRUE);
VAR命令=NET USE /删除*;
ExecuteCommand(指挥,5000);
}
公共静态INT ExecuteCommand(字符串命令,INT超时)
{
变种processInfo =新的ProcessStartInfo(cmd.exe的,/ C+命令)
{
CreateNoWindow = TRUE,
UseShellExecute =假,
工作目录=C:\\,
};
VAR过程=的Process.Start(processInfo);
process.WaitForExit(超时);
VAR EXITCODE = process.ExitCode;
process.Close();
返回EXITCODE;
}
函数[DllImport(MPR.DLL)]
私人静态外部INT WNetAddConnection2(NETRESOURCE NETRESOURCE,
串密码,用户名字符串,诠释标志);
函数[DllImport(MPR.DLL)]
私人静态外部INT WNetCancelConnection2(字符串名称,诠释旗帜,
布尔力);
}
[StructLayout(LayoutKind.Sequential)]
公共类NETRESOURCE
{
公共ResourceScope范围;
公众的ResourceType的ResourceType;
公共ResourceDisplaytype显示类型;
公众诠释用途;
公共字符串的localName;
公共字符串远程名;
公共字符串评论;
公共字符串提供商;
}
公共枚举ResourceScope:INT
{
连接= 1,
GlobalNetwork,
想起,
最近,
语境
};
公共枚举的ResourceType:INT
{
任何= 0,
磁盘= 1,
打印= 2,
保留= 8,
}
公共枚举ResourceDisplaytype:INT
{
通用=为0x0,
区= 0×01,
服务器= 0×02,
股= 0×03,
档= 0×04,
组= 0×05,
网= 0×06,
根= 0×07,
Shareadmin = 0×08,
目录= 0×09,
树= 0x0A的,
Ndscontainer = 0x0B中
}
在设计上,连接到共享需要访问的的份额的 - 它的不的需要访问的根目录份额。
通过运行框中打开共享打开共享的根目录,因此至少需要读取权限目录和共享数据。该WNetAddConnection2()API,比较起来只需要访问该共享。
它有这样的工作方式,因为有时需要给只有某些子目录有人访问的,但不是根目录。如果连接到共享需要访问根目录,这将是不可能的。
连接到共享后,您可以通过试图枚举测试访问根目录的文件。如果你得到一个拒绝访问异常时,用户不能访问。
I had developed C# windows application. OS is Windows 7
Requirement: is to access Network Shared Folder ‘Test’ using code with credentials using WNetAddConnection2 class.
Restriction: is some users has access of this shared folder ‘Test’, but for other user,‘deny’ sharing permission is set.
in code WNetAddConnection2 validates wrong username/password, It will give me error.
For example
‘User A’ from LAN is trying to access Shared folder ‘Test’ using run command, He is not able to access ‘Access is denied’ because he has not permission.
but issue is WNetAddConnection2 class allows ‘User A’ to establish network connection successfully. Infect "WNetAddConnection2 allows all users from domain". Class is validating access rights.
Code is
private void btnValidate_Click(object sender, EventArgs e)
{
bool valid = false;
try
{
NetworkCredential NC = new NetworkCredential(txtUserName.Text.Trim(), txtPassword.Text.Trim());
}
catch (Exception ex)
{
MessageBox.Show(ex.Message.ToString());
}
}
public class NetworkConnection : IDisposable
{
string _networkName;
uint dwFlags;
public NetworkConnection(string networkName, NetworkCredential credentials)
{
_networkName = networkName;
var netResource = new NetResource()
{
Scope = ResourceScope.GlobalNetwork,
ResourceType = ResourceType.Disk,
DisplayType = ResourceDisplaytype.Share,
RemoteName = networkName
};
var userName = string.IsNullOrEmpty(credentials.Domain)
? credentials.UserName
: string.Format(@"{0}\{1}", credentials.Domain, credentials.UserName);
var result = WNetAddConnection2(netResource,"","",0x00000008 | 0x00000010);
if (result != 0)
{
string strErrMsg = "";
if (result == 67)
{
strErrMsg = "The network name cannot be found.";
}
if (result == 86)
{
strErrMsg = "Invalid UserName or Password for ProBiz server";
}
else if (result == 1219)
{
strErrMsg = "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed.Close application to Disconnect all previous connections to the server or shared resource and try again.";
}
throw new Win32Exception(result, "Error connecting to "+networkName+" remote share.Error Code:"+result.ToString()+"."+strErrMsg);
}
else
{
MessageBox.Show("Test connection is successful for "+ networkName);
}
}
~NetworkConnection()
{
Dispose(false);
}
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
{
WNetCancelConnection2(_networkName, 1, true );
var command = "NET USE /delete *";
ExecuteCommand(command, 5000);
}
public static int ExecuteCommand(string command, int timeout)
{
var processInfo = new ProcessStartInfo("cmd.exe", "/C " + command)
{
CreateNoWindow = true,
UseShellExecute = false,
WorkingDirectory = "C:\\",
};
var process = Process.Start(processInfo);
process.WaitForExit(timeout);
var exitCode = process.ExitCode;
process.Close();
return exitCode;
}
[DllImport("mpr.dll")]
private static extern int WNetAddConnection2(NetResource netResource,
string password, string username, int flags);
[DllImport("mpr.dll")]
private static extern int WNetCancelConnection2(string name, int flags,
bool force);
}
[StructLayout(LayoutKind.Sequential)]
public class NetResource
{
public ResourceScope Scope;
public ResourceType ResourceType;
public ResourceDisplaytype DisplayType;
public int Usage;
public string LocalName;
public string RemoteName;
public string Comment;
public string Provider;
}
public enum ResourceScope : int
{
Connected = 1,
GlobalNetwork,
Remembered,
Recent,
Context
};
public enum ResourceType : int
{
Any = 0,
Disk = 1,
Print = 2,
Reserved = 8,
}
public enum ResourceDisplaytype : int
{
Generic = 0x0,
Domain = 0x01,
Server = 0x02,
Share = 0x03,
File = 0x04,
Group = 0x05,
Network = 0x06,
Root = 0x07,
Shareadmin = 0x08,
Directory = 0x09,
Tree = 0x0a,
Ndscontainer = 0x0b
}
By design, connecting to a share requires access to the share - it does not require access to the root directory of the share.
Opening the share via the Run box opens the root directory of the share, so it requires at least read access to the directory as well as to the share. The WNetAddConnection2() API, by comparison only requires access to the share.
It has to work this way, because it is sometimes desirable to give someone access to only certain subdirectories, but not the root directory. If connecting to the share required access to the root directory this would not be possible.
After connecting to the share, you can test access to the root directory by attempting to enumerate the files. If you get an access denied exception, the user does not have access.
这篇关于它允许用户禁止访问共享文件夹,防止WNetAddConnection2类的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
