0

I'm writing a program which needs to be able to upload a single file to a SMB share folder. While the program will run with user specified credentials, the program may need to access the SMB folder with different credentials, which are built into the program. I can use WNetAddConnection2, but this allows the user access to the share while the folder is uploading. I can't just access the share with standard I/O, because I need it to be accessed with the specified credentials, not through the privileges of the user who is logged in.

Is there a simple way that can I upload a single file to an SMB share with specified credentials, without creating a semi-permanent connection through WNetAddConnection2 or net use.

nobody
  • 19,814
  • 17
  • 56
  • 77
The name's Bob. MS Bob.
  • 859
  • 9
  • 22
  • You can just leave out the local name, isn't that sufficient? – MSalters Aug 29 '14 at 08:04
  • Omitting the local name will keep the connection from showing up in Explorer, but it will still show up in the output of `net use` and any other process running as the same user in the same session will be able to use the connection. This may or may not be enough for the OP. – nobody Aug 29 '14 at 16:15
  • @AndrewMedico Yep, it's not. I can allow the user absolutely no access to the files on the share. Were the share guaranteed to be write only, this wouldn't be a problem, but as this program will be deployed in various environments, I can't make that assumption. – The name's Bob. MS Bob. Aug 29 '14 at 16:18
  • You may be able to accomplish what you need by making a service to do the uploading. It will be running in a different session than the program, so the user will not be able to use the connection at all. – nobody Aug 29 '14 at 16:21
  • @AndrewMedico So in other words, create the `WnetAddConnection2()` under a `NT AUTHORITY` token? – The name's Bob. MS Bob. Aug 29 '14 at 16:28
  • Right, probably under the `LocalService` account (explanation of the various service accounts here: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco) – nobody Aug 29 '14 at 16:30

1 Answers1

-1

WNetAddConnection2() is intended to map a local name to a remote location, like mapping a UNC path to a local drive letter. You could simply forget that mapping and access the UNC path directly, then have the uploading thread use impersonation via LogonUser() and ImpersonateLoggedOnUser() to handle the credentials.

Otherwise, you can move the upload logic into a background service that runs in its own account that is separate from the logged in user.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • 3
    Using `LogonUser` requires that the alternate credentials are a valid login for the host running this software. That *may* be the case, but is by no means guaranteed. – nobody Aug 29 '14 at 00:40
  • @AndrewMedico is right. In this case, the login will not necessarily be valid on the hosts machine. – The name's Bob. MS Bob. Aug 29 '14 at 16:08