3

I found this question somewhere on internet now facing same problem. With little change i already have modfied question below.

Question:

I want to access a file on remote machine(10.10.20.30), but i couldnt understand how to login to that machine in my program. Is there any simple win api that takes network path, credentials and returns the handle of file? i just want to access \10.10.20.30\share folder\test.txt. Any suggestion will be helpful.

sorry for not being very clear in coding sense. Detail: I wanted to access a file that is shared in a shared folder but permission is not given to me. I am using ::CreateFile to get the handel of the file . But in this case i am reciveing error code 5 (ACCESS_DENIED). i need to use user (my client) credential (username password) to access file which is shared. I just need handle of file.Tell me if i am wrong ::CreateFile cannot be used in this case by using or modifying security attributes as MSDN says. CreateFile ignores the lpSecurityDescriptor member when opening an existing file.I also thought of using Window shell but could not reched a solution.

problem Detail *Well the requirement is like this at remote machine i do not have EveryOne permission. Let me explain through an example. Suppose there is network with certain domain having atleast 3 computer lets say 5. Now there name are C1(client),C2(destination),C3,C4,C5. Now in this case i will create a file(any type) at C2 machine and will put that in a folder say MyFolder. Now make it share and after that and remove EveryOne from it. After that add C5 as user for accessing it. Now you can see write the some code with just ::CreateFile implementation and run it on both machine C1(client) and C5(it has permission). You will see client(C1) will get error 5 which means ACCESS_DENIED but C5 will execute it and will get the file handle......Now again i am repeating my question i need to get the file handle by any means through my user name and password, And my program will get the handle from that C1 machine..*

Please advice me Thanks in advance

::CreateFile Fails with Access denied is shell programming or other solution or hint

user2809792
  • 31
  • 1
  • 2
  • Maybe you need to use [NetUseAdd](http://msdn.microsoft.com/en-us/library/windows/desktop/aa370645(v=vs.85).aspx) function first. This should work if you are able to open "\\10.10.20.30\share folder\" from within Windows Explorer. – Jabberwocky Sep 24 '13 at 10:36
  • @MichaelWalz i am not allowed to open it through explorer. see the problem detail above. – user2809792 Sep 25 '13 at 05:29
  • Did u solve this? Is there any simple win api that takes network path, credentials and returns the handle of file? – acid_srvnn Dec 08 '14 at 05:48

2 Answers2

2

If your app is not running under a user account that has sufficient permissions to access the file, then you will have to temporarily impersonate a user that does have access. Use LogonUser() to log in to the desired user account and get a token for it, then pass that token to ImpersonateLoggedOnUser() to impersonate that user, then call CreateFile() (which will use the impersonated rights) and use the file as needed, then close the file and call RevertToSelf() to stop impersonating.

Remy Lebeau
  • 454,445
  • 28
  • 366
  • 620
1

When CreateFile fails with ERROR_ACCESS_DENIED that means that the process that calls CreateFile is running under a user account that does not have sufficient rights to perform that operation.

You solve the problem by:

  1. Granting that user sufficient rights.
  2. Running the process under a different user account that has sufficient rights. Or using impersonation to call CreateFile with a different user token.
  3. Securing the file in question so that the original low rights user has the right to perform the operation.

The bottom line here is that no amount of coding will help you here. This issue is all about the security of the file system object in question. This is an administration issue rather than a programming issue.

David Heffernan
  • 572,264
  • 40
  • 974
  • 1,389
  • 1.Granting that user sufficient rights. If you are saying to do it mannually then that is not allowed in my case. If you are saying to chage the permission through code from remote machine. (i am also looking for code) 2. i have to loging through my means client credential not other user. 3. i didnt understand what it means. ....well it seems you are saying its not possible through coding. But i cannot say impossible until unless i am 100% sure.....And thanks for quick reply...:) – user2809792 Sep 24 '13 at 09:11
  • If you could bypass security with client code, that would render security broken. Your next step is to learn about the windows security model. – David Heffernan Sep 24 '13 at 10:10
  • i tried but couldnot find any link. I am not asking you to search it for me. But if you have anything in mind please share. – user2809792 Sep 24 '13 at 10:30
  • Do you have any clue about user authorization through Windows shell. – user2809792 Sep 24 '13 at 17:37
  • I don't really understand that question. The user is the user. If the user doesn't have rights to the file, access will fail no matter how you attempt to do it. – David Heffernan Sep 24 '13 at 17:43