Accessing shared folder with credential info without windows access

doğan  picture doğan · Feb 13, 2017 · Viewed 8.1k times · Source

I have project that copy files to shared network path. when my application authenticate for this path, users also can access this folder with file explorer. How can I prevent that users can access this path with file explorer without username and password prompt? I am using NetworkCredential class to authenticate.

This is my code :

class Program
{
    static void Main(string[] args) {

        string path = @"";
        string username = "";
        string password = "";


        try {
            using (NetworkConnection nc = new NetworkConnection(path, new NetworkCredential(username, password))) {
                Console.WriteLine("Connected successfully...");

                //copy files here ........
            }
        } catch (Exception ex) {
            Console.WriteLine(ex.Message);
        }

        Console.Read();
    }
}

public class NetworkConnection : IDisposable
{
    string _networkName;

    public NetworkConnection(string networkName,
        NetworkCredential credentials) {
        _networkName = networkName;

        var netResource = new NetResource() {
            Scope = ResourceScope.GlobalNetwork,
            ResourceType = ResourceType.Disk,
            DisplayType = ResourceDisplaytype.Share,
            RemoteName = networkName
        };

        var userName = string.IsNullOrEmpty(credentials.Domain)
            ? credentials.UserName
            : string.Format(@"{0}\{1}", credentials.Domain, credentials.UserName);

        var result = WNetAddConnection2(
            netResource,
            credentials.Password,
            userName,
            0);

        if (result != 0) {
            throw new Exception( "Error connecting to remote share");
        }
    }

    ~NetworkConnection() {
        Dispose(false);
    }

    public void Dispose() {
        Dispose(true);
        GC.SuppressFinalize(this);
    }

    protected virtual void Dispose(bool disposing) {
        WNetCancelConnection2(_networkName, 0, true);
    }

    [DllImport("mpr.dll")]
    private static extern int WNetAddConnection2(NetResource netResource,
        string password, string username, int flags);

    [DllImport("mpr.dll")]
    private static extern int WNetCancelConnection2(string name, int flags,
        bool force);
}

[StructLayout(LayoutKind.Sequential)]
public class NetResource
{
    public ResourceScope Scope;
    public ResourceType ResourceType;
    public ResourceDisplaytype DisplayType;
    public int Usage;
    public string LocalName;
    public string RemoteName;
    public string Comment;
    public string Provider;
}

public enum ResourceScope : int
{
    Connected = 1,
    GlobalNetwork,
    Remembered,
    Recent,
    Context
};

public enum ResourceType : int
{
    Any = 0,
    Disk = 1,
    Print = 2,
    Reserved = 8,
}

public enum ResourceDisplaytype : int
{
    Generic = 0x0,
    Domain = 0x01,
    Server = 0x02,
    Share = 0x03,
    File = 0x04,
    Group = 0x05,
    Network = 0x06,
    Root = 0x07,
    Shareadmin = 0x08,
    Directory = 0x09,
    Tree = 0x0a,
    Ndscontainer = 0x0b
}

Answer

Yoruba picture Yoruba · Feb 27, 2017

You can set connection options with the last argument of the WNetAddConnection2 function. This example prompt the user for login.

 var result = WNetAddConnection2(
            netResource,
            credentials.Password,
            userName,
            0x00000008 | 0x00000010);

0x00000008 = If this flag is set, the operating system may interact with the user for authentication purposes.

0x00000010 = This flag instructs the system not to use any default settings for user names or passwords without offering the user the opportunity to supply an alternative. This flag is ignored unless CONNECT_INTERACTIVE is also set.

This flag can also be use if the application runs with a different user.

0x00000004 =The network resource connection should not be remembered. If this flag is set, the operating system will not attempt to restore the connection when the user logs on again.

Or a combination with those flags

0x00002000 = If this flag is set, and the operating system prompts for a credential, the credential is reset by the credential manager. This flag is ignored unless you set the CONNECT_COMMANDLINE flag.

0x00000800 = If this flag is set, the operating system prompts the user for authentication using the command line instead of a graphical user interface (GUI). This flag is ignored unless CONNECT_INTERACTIVE is also set.