阻止允许禁止用户访问共享文件夹的WNetAddConnection2类
我开发了C#windows应用程序。 操作系统是Windows 7
要求:使用带有凭据的代码使用WNetAddConnection2类访问网络共享文件夹“测试”。
限制:某些用户可以访问此共享文件夹“Test”,但对于其他用户,则设置“拒绝”共享权限。
在代码WNetAddConnection2validation错误的用户名/密码,它会给我错误。
例如
来自局域网的“用户A”尝试使用run command访问共享文件夹“测试”,他无法访问“访问被拒绝”,因为他没有权限。
但问题是WNetAddConnection2类允许’用户A’成功建立网络连接。 感染“WNetAddConnection2允许来自域的所有用户”。 类正在validation访问权限。
代码是
private void btnValidate_Click(object sender, EventArgs e) { bool valid = false; try { NetworkCredential NC = new NetworkCredential(txtUserName.Text.Trim(), txtPassword.Text.Trim()); } catch (Exception ex) { MessageBox.Show(ex.Message.ToString()); } } public class NetworkConnection : IDisposable { string _networkName; uint dwFlags; public NetworkConnection(string networkName, NetworkCredential credentials) { _networkName = networkName; var netResource = new NetResource() { Scope = ResourceScope.GlobalNetwork, ResourceType = ResourceType.Disk, DisplayType = ResourceDisplaytype.Share, RemoteName = networkName }; var userName = string.IsNullOrEmpty(credentials.Domain) ? credentials.UserName : string.Format(@"{0}\{1}", credentials.Domain, credentials.UserName); var result = WNetAddConnection2(netResource,"","",0x00000008 | 0x00000010); if (result != 0) { string strErrMsg = ""; if (result == 67) { strErrMsg = "The network name cannot be found."; } if (result == 86) { strErrMsg = "Invalid UserName or Password for ProBiz server"; } else if (result == 1219) { strErrMsg = "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed.Close application to Disconnect all previous connections to the server or shared resource and try again."; } throw new Win32Exception(result, "Error connecting to "+networkName+" remote share.Error Code:"+result.ToString()+"."+strErrMsg); } else { MessageBox.Show("Test connection is successful for "+ networkName); } } ~NetworkConnection() { Dispose(false); } public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { WNetCancelConnection2(_networkName, 1, true ); var command = "NET USE /delete *"; ExecuteCommand(command, 5000); } public static int ExecuteCommand(string command, int timeout) { var processInfo = new ProcessStartInfo("cmd.exe", "/C " + command) { CreateNoWindow = true, UseShellExecute = false, WorkingDirectory = "C:\\", }; var process = Process.Start(processInfo); process.WaitForExit(timeout); var exitCode = process.ExitCode; process.Close(); return exitCode; } [DllImport("mpr.dll")] private static extern int WNetAddConnection2(NetResource netResource, string password, string username, int flags); [DllImport("mpr.dll")] private static extern int WNetCancelConnection2(string name, int flags, bool force); } [StructLayout(LayoutKind.Sequential)] public class NetResource { public ResourceScope Scope; public ResourceType ResourceType; public ResourceDisplaytype DisplayType; public int Usage; public string LocalName; public string RemoteName; public string Comment; public string Provider; } public enum ResourceScope : int { Connected = 1, GlobalNetwork, Remembered, Recent, Context }; public enum ResourceType : int { Any = 0, Disk = 1, Print = 2, Reserved = 8, } public enum ResourceDisplaytype : int { Generic = 0x0, Domain = 0x01, Server = 0x02, Share = 0x03, File = 0x04, Group = 0x05, Network = 0x06, Root = 0x07, Shareadmin = 0x08, Directory = 0x09, Tree = 0x0a, Ndscontainer = 0x0b }
按照设计,连接到共享需要访问共享 – 它不需要访问共享的根目录。
通过“运行”框打开共享可打开共享的根目录,因此它至少需要对目录以及共享的读取权限。 相比之下,WNetAddConnection2()API仅需要访问共享。
它必须以这种方式工作,因为有时需要让某人只能访问某些子目录,而不能访问根目录。 如果连接到共享需要访问根目录,则无法进行此操作。
连接到共享后,您可以通过尝试枚举文件来测试对根目录的访问。 如果您获得访问被拒绝的exception,则该用户无权访问。
我曾经在IIS 7.5中部署我的C#项目时遇到了同样的问题,但是当我删除代码的注销过程时,这真是太棒了。 。 。
我的意思是删除函数LogoutFromShare(ip,folder)服务器目录。
我使用这个LoginToOtherPC(ip, usr, pwd, folder) 。