views:

154

answers:

1

So between the two machines, there is no trust - they are in different domains.

I've successfully connected to the remote machine using LogonUser API using logon type, *LOGON32_LOGON_NEW_CREDENTIALS*. I am able to retrieve the content of a directory using the UNC share, and create a file stream to "download" the file. So far so good.

The only issue is that it seems, LogonUser fails unless there is an already open session. Let me clarify that.

I found that the ASP.NET MVC page was not working this morning, specifically the page that retrieves the file list from this remote machine using LogonUser. I look at the log and I see in the stacktrace, *System.IO.__Error.WinIOError* above Directory.GetFiles call. I then remoted into the web server and tried to open the remote folder in the explorer using the same login/password used by the web site. It went through and I could see the files. I opened up the command prompt, type in net use, and I see that there is an open connection to the remote machine. Then I went back to the page and suddenly the page is working again.

So, at this point, I am not exactly sure if the LogonUser is working as expected or not. If the call requires that a network connection opened first by other means, then this is certainly not satisfactory.

Does anyone know what may be happening or suggest a workaround?

A: 

I am not sure that I understand why you use LogonUser. This function help you if you want to do some job on the local machine with another user credentials, but it helps not to establish a remote connection to another computer.

If you want to get some information from the remote computer independent on existing trust between to the computer you should use WNet or Net (Network Management) functions to establish a new connection to the remote computer. So you should use WNetAddConnection2 (see http://msdn.microsoft.com/en-us/library/aa385413%28VS.85%29.aspx) or NetUseAdd (http://msdn.microsoft.com/en-us/library/aa370645%28VS.85%29.aspx) functions. This function will makes remote login on the destination computer and establish a new session (exact what net use \\computer\share /u:domain\user password do). You can don't map a new connection to a local drive. To do so you should fill lpLocalName with NULL in the struct NETRESOURCE. As a lpUsername and lpPassword you should give any values which understand the destination computer. You can also use ipc$ as a destination share name, then you just establish a session to the computer and nothing more. After that you can use any other functions to access the remote share, directory or files. To close the session you should use WNetCancelConnection2 or NetUseDel.

Oleg
Thanks. Actually I've been looking at WNetAddConnection2 and have a working implementation. The only concern is, since this is an ASP.NET app (read: long-running), will creating this network connection (aka net use) have any adverse effects? Can you think of one?
Jiho Han
Oh, also, any idea why LogonUser works in certain conditions I stated in my original question?
Jiho Han
I suppose that your ASP.NET MVC application used a session which have established somebody else.
Oleg
I don't see that your application are long running. You can open a new session to the server (second computer) every time when you need it and close after all work is done. If another session from the same user account (ASP.NET application pool account) already exist, this will be shared. If you don't close a connection for a long time, it will be must be automatically reestablished so you don't have to do anything. The same effect you have if you make a connection to a server and don't transfer any data for a long time. So I am waiting no problem.
Oleg
Thanks a lot - that makes sense.
Jiho Han