.NET Core - How do I read a file that requires credentials RRS feed

  • Question

  • Hi all;

    I need to be able to read a file, using .NET Core, that requires credentials (username & password). While my app may be running anywhere, it is reading files at times from a Windows \server\share.

    In standard .NET we do this by first trying impersonation and if that fails, an explicit Windows API login call. I understand that neither of these make sense in a .NET Core world because they're very operating system dependent.

    Is Samba the best way to do this in .NET Core? And if not, what is the best way?

    thanks - dave

    ps - Also asked on StackOverflow.

    What we did for the last 6 months - Made the world's coolest reporting & docgen system even more amazing

    Sunday, February 16, 2020 6:39 PM

All replies

  • It would be better if you can specify clearly what do the credential is used for, say for filesystem permission or EFS which is completely different thing.

    I'm assuming you mean "filesystem permission" based on your second paragraph. In that case it splits into 2 cases:

    1) If the file is on local filesystem, impersonation will work.

    2) If the file is on remote file share, since LANMAN Redirector lives on Explorer.exe, this means the can only exists 1 credential be used to access particular server per session. If the active user or other program in the session has tried to access the share with different credential (even if it's "guest") before, you'll receive error.

    KB938120 outlines a solution for this: you can assign different hostname to the IP of server so it'll try to access with new credential for the new server name. However it's imperfect as you need administrator access to change the System32\drivers\etc\hosts file.

    If possible, try to use P/Invoke to call WNetCancelConnection() first to clear any credential exists to the file server before trying to access there. (You should ignore ERROR_NOT_CONNECTED in this case)

    Monday, February 17, 2020 3:24 AM
  • Hi cheong00;

    I can't do any of what you suggest on .NET Core. That's my fundamental quandry.

    thanks - dave

    What we did for the last 6 months - Made the world's coolest reporting & docgen system even more amazing

    Monday, February 17, 2020 12:47 PM
  • Monday, February 17, 2020 11:32 PM
  • There's a fundamental problem with that suggestion - P/Invoke won't work on a Linux system. It doesn't have built in support for Windows impersonation.

    What we did for the last 6 months - Made the world's coolest reporting & docgen system even more amazing

    • Edited by DavidThielen Tuesday, February 18, 2020 12:10 AM
    Tuesday, February 18, 2020 12:07 AM
  • Yup. That is a fundamental problem. However for Linux the situation is tricky.

    You see, there are multiple ways to access Windows share folder on Linux. smbmount, mount.cifs, mount with WinBind, and more (The first 2 allows you to mount with fixed credential, the third allows you to mount with credential of current user - tranlated to Windows domain user by Winbind. However Winbind need configuration to work and is not by-default installed in most distros). Maybe it would be easier that if the Platform is Linux, look for /etc/fstab to see if a setting exist for that path. If exist then run mount with Process.Start() and check for error (There's no standard way to check whether a mount is mounted in linux. So you may want to assume an empty folder means the share is not mounted yet).

    Or you can announce support on just a few distros that are very close in structure and update cycle therefore can mount Windows share with the same way, and result in the same mount point and get rid of the chaos.

    Tuesday, February 18, 2020 2:13 AM