tags:

views:

131

answers:

3
Q: 

Creating folders using DirectoryEntry

I am writing an ASP.NET (C#) application to create users for my domain. It also has to create folders and shares on a separate file server. I have so far been able to accomplish my task using

  • System.IO.Directory.CreateDirectory to create the folders,
  • a ("WinNT://fileserver/lanmanserver") DirectoryEntry to create the shares.

Unfortunately, my ASP.NET application has to run with impersonation on to create the folder. I don't like that. I would like to know if there is a way to create a folder on the file server using a DirectoryEntry object since i can pass the needed credentials to its constructor. Or, alternatively, is there a way to pass credentials to Directory.CreateDirectory?

Thanks in advance. Here is the current code, just in case

strPath = "\\myServer\D$\newDir";
Directory.CreateDirectory(strPath);

using (DirectoryEntry deFS = new DirectoryEntry("WinNT://myServer/lanmanserver"))
{
    using (DirectoryEntry deSH = deFS.Children.Add("newDir$", "fileshare"))
    {  
       deSH.Properties["path"].Value = "D:\\newDir";
       deSH.Properties["description"].Value = "My Stackoverflow sample share";
       deSH.CommitChanges();
    }
}
A: 

As far as I know you have two options: impersonate a user that has permissions to create the directory on the remote share or give the permissions to the default user that runs asp.net services.

What is wrong with that? You are accessing a non-default resource on your network and the default privileges dont allow you to do that. It's pretty much like a regular user account trying to write on a network share.

tucaz  2009-10-02 15:36:50
I am not that versed on asp.net programming but I assume that running the asp.net process with a privileged account opens my system to possible attack and I don't want that. It would like it if I could "go privileged" only when I need to. Or have I misunderstood the whole thing?
birukw  2009-10-02 15:42:21
I am also kind of curious as I couldn't find enough documentation on using the WinNT provider with System.DirectoryServices. It logically sounds possible to create a folder using that
birukw  2009-10-02 15:44:47
A: 

I don't believe you should be using DirectoryObject for that purpose, it wasn't made for such an access. But here's a trick you could be using to make impersonation easier. Create an impersonator class, which would implement IDisposable, something like this:

public class Impersonator : IDisposable
{
    public Impersonator(userid, password) 
    {
        ... LogonUserEx();
        ... DuplicateToken();
        ... Impersonate();
    }
    public void Dispose()
    {
        ... RevertToSelf();
    }
}

then you would be able to do this:

using(new Impersonator("myaccount", "password"))
{
     ... do stuff that requires impersonation
}
galets  2009-10-02 16:00:32
thanks a lot. This solution will serve me fine.Looks like I have some reading to do on the details of impersonation.
birukw  2009-10-02 16:15:31
A: 

The DirectoryEntry class has a constructor which take username and password as input. Have you tried this?

See documentation at Microsoft

AndreasN  2009-10-12 14:31:15
yes ofcourse. That is exactly the reason for this whole thread
birukw  2009-10-13 10:06:54

related questions

Set OpenFolderDialog to a special folder
Windows and renaming folders, the 'con' issue
Popular folder structure for build
How do I unlock a folder/file under Linux
What is the best folder distribution on Linux for user private folders?
How do you manage and organize your files? (scripts, repos, downloads, pdf's, etc)
Automatically Copying folders until a certain limit is reached
What is your method of "folksonomy" tagging for files on your local machine?
C# Best way to get folder depth for a given path?
Projects folder structure recommendation
data structure for bigger number of files
JavaScript - extract folder names
How to scan a folder in Java?
Concatenating arbitrary number of rows of strings in mysql (hierarchical query)
How do you check if a folder is accessible over a network in c#
What's the best way to get the name of a folder that doesn't exist?
How to ignore a directory with SVN?
Changing the default folder in emacs
What, if anything is typically done in a repository's structure to reflect deployed units?
Renaming the containing project folder in VS.net under TFS.
Where did these hex named folders come from?
asp.net mvc - subfolders
Revoke shared folders in windows
What is the best way to rename (move) file system branches in .NET?
How do you get a directory listing in C?