How do I connect to a remote directory without impersonation privileges?
I have a .NET service that needs to interact with files on remote machines. In the configuration, the user specifies the local or remote (UNC) paths they need to access. The user also specifies a username and 开发者_如何学JAVApassword for a user that has access to those directories. When the service runs, it connects to each of these paths and processes the files there.
I tried impersonation, but customers are leery about granting that privilege to a service (usually runs as localsystem).
I also found code (http://www.aejw.com/) that mapped the remote directories as mapped drives and accessed them that way. However, this causes some versions of Windows to complain about multiple connections.
Any suggestions would be appreciated.
You have two choices:
Either give your service access to the files it needs under it's own account.....
Or allow impersonation on your service to do this. I'm sure you can understand why it would be bad that a remote system could perform actions on things that it isn't allowed to.
I'm sure you can also understand why people wouldn't want to give the impersonation privilege carte blanche to all services.
I would have a serious look at the design of your service and what it is trying to do. If you can move the service where the files are or execute the code from the client machine then this might be better in this scenario.
I'm trying to understand your app, but if you have only one username and password, is it possible to log the service in as that user?
Have you looked at this blog? http://blogs.msdn.com/b/joncole/archive/2009/09/21/impersonation-code-in-c.aspx
With this class you should be able to execute code withing a using()
block that needs impersonation and when leaving the block your back to your normal user.
精彩评论