I am trying to access media directly from a network share on our local network.
The problem is that I need to pass windows credentials with the url.
I have tried impersonation with logon type 9, and I have tried passing the credentials in the url like this:
#"\\username:password#ip\share_name\path\filename.mkv"
I am trying to access the media in a windows media player in a winform project, and the player just loads something and goes to a ready state.
When typing the address in explorer it asks for credentials, which is what I expected, but how do I do that in my case? I feel like I have tried everything..
token = IntPtr.Zero;
LogonUser("Username", "NAS-IP", "Password",
9, 0, ref token);
person = new WindowsIdentity(token).Impersonate();
axWindowsMediaPlayer1.URL = #"\\ip\camera_share\axis-ACCC8E7B9050\20170712\08\20170712_085720_39AA_ACCC8E7B9050\20170712_08\20170712_085720_0092.mkv";
EDIT
For some reason it works if I use the machinename/servername as address in the media player url. This is just not that efficient if the client only knows the ip of the server not the name.
token = IntPtr.Zero;
LogonUser("username", "serverip", "password",
9, 0, ref token);
person = new WindowsIdentity(token).Impersonate();
axWindowsMediaPlayer1.URL = #"\\servername\camera_share\axis-ACCC8E7B9050\20170719\10\20170719_100732_8084_ACCC8E7B9050\20170719_10\20170719_100732_E5A7.mkv";
Any idea on how to work around that?
You need to use NetworkCredential to log into remote locations.
using System.IO;
using System.Net;
NetworkCredential theNetworkCredential = new
NetworkCredential(#"domain\username", "password");
CredentialCache theNetCache = new CredentialCache();
theNetCache.Add(new Uri(#"\\computer"), "Basic", theNetworkCredential);
string[] theFolders = Directory.GetDirectories(#"\\computer\share");
After some extensive research I found a very viable answer in the thread: How to provide user name and password when connecting to a network share
Luke Quinane made the following code:
public class NetworkConnection : IDisposable
{
string _networkName;
public NetworkConnection(string networkName,
NetworkCredential credentials)
{
_networkName = networkName;
var netResource = new NetResource()
{
Scope = ResourceScope.GlobalNetwork,
ResourceType = ResourceType.Disk,
DisplayType = ResourceDisplaytype.Share,
RemoteName = networkName
};
var userName = string.IsNullOrEmpty(credentials.Domain)
? credentials.UserName
: string.Format(#"{0}\{1}", credentials.Domain, credentials.UserName);
var result = WNetAddConnection2(
netResource,
credentials.Password,
userName,
0);
if (result != 0)
{
throw new Win32Exception(result, "Error connecting to remote share");
}
}
~NetworkConnection()
{
Dispose(false);
}
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
{
WNetCancelConnection2(_networkName, 0, true);
}
[DllImport("mpr.dll")]
private static extern int WNetAddConnection2(NetResource netResource,
string password, string username, int flags);
[DllImport("mpr.dll")]
private static extern int WNetCancelConnection2(string name, int flags,
bool force);
}
[StructLayout(LayoutKind.Sequential)]
public class NetResource
{
public ResourceScope Scope;
public ResourceType ResourceType;
public ResourceDisplaytype DisplayType;
public int Usage;
public string LocalName;
public string RemoteName;
public string Comment;
public string Provider;
}
public enum ResourceScope : int
{
Connected = 1,
GlobalNetwork,
Remembered,
Recent,
Context
};
public enum ResourceType : int
{
Any = 0,
Disk = 1,
Print = 2,
Reserved = 8,
}
public enum ResourceDisplaytype : int
{
Generic = 0x0,
Domain = 0x01,
Server = 0x02,
Share = 0x03,
File = 0x04,
Group = 0x05,
Network = 0x06,
Root = 0x07,
Shareadmin = 0x08,
Directory = 0x09,
Tree = 0x0a,
Ndscontainer = 0x0b
}
Which I could use like this:
using (new NetworkConnection(#"\\IP", new NetworkCredential("Username", "Password", System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName)))
{
axWindowsMediaPlayer1.URL = #"\\IP\camera_share\axis-ACCC8E7B9050\20170719\10\20170719_100732_8084_ACCC8E7B9050\20170719_10\20170719_100732_E5A7.mkv";
}
Thanks Luke!
Related
I have a very simple C# command line app that connects to an MQTT server and prints messages to the console.
using MQTTnet;
using MQTTnet.Client.Options;
using MQTTnet.Extensions.ManagedClient;
using System.Text;
var options = new MqttClientOptionsBuilder()
.WithTcpServer(MqttConfig.Server, MqttConfig.Port)
.WithCredentials(MqttConfig.User, MqttConfig.Password)
.WithClientId("MqttTest")
.WithCleanSession()
.Build();
var MqttClient = new MqttFactory().CreateMqttClient();
var cancellationToken = new CancellationToken();
var subscribeOptions = new MQTTnet.Client.Subscribing.MqttClientSubscribeOptions();
subscribeOptions.TopicFilters.Add(new MqttTopicFilter { Topic = MqttConfig.Topic });
MqttClient.ConnectAsync(options, cancellationToken);
MqttClient.SubscribeAsync(subscribeOptions, cancellationToken);
MqttClient.UseApplicationMessageReceivedHandler(e => { HandleMessageReceived(e.ApplicationMessage); });
while (true)
{
Task.Delay(1000).GetAwaiter().GetResult();
}
static void HandleMessageReceived(MqttApplicationMessage applicationMessage)
{
Console.WriteLine("### RECEIVED MESSAGE ###");
Console.WriteLine($"+ Topic = {applicationMessage.Topic}");
Console.WriteLine($"+ Payload = {Encoding.UTF8.GetString(applicationMessage.Payload)}");
Console.WriteLine();
}
abstract class MqttConfig
{
public static readonly string Server = "servername";
public static readonly int Port = 1883;
public static readonly string User = "user";
public static readonly string Password = "password";
public static readonly string Topic = "#";
}
Putting the MqttConfig class information into an app like MQTT X shows a bunch of incoming messages. But running this C# app just shows a blank console.
I ended up making basing the application on an MQTTnet sample. I'm posting it as an answer here in case anyone else has the same question in the future.
using MQTTnet;
using MQTTnet.Client;
using MQTTnet.Client.Options;
using System.Text.Json;
#region Subscribe to topic & handle incoming messages
var mqttFactory = new MqttFactory();
using (var mqttClient = mqttFactory.CreateMqttClient())
{
var mqttClientOptions = new MqttClientOptionsBuilder()
.WithTcpServer(MqttConfig.Server, MqttConfig.Port)
.WithCredentials(MqttConfig.User, MqttConfig.Password)
.Build();
mqttClient.UseApplicationMessageReceivedHandler(e =>
{
Console.WriteLine("Received application message.");
e.DumpToConsole();
return Task.CompletedTask;
});
await mqttClient.ConnectAsync(mqttClientOptions, CancellationToken.None);
var mqttSubscribeOptions = mqttFactory.CreateSubscribeOptionsBuilder()
.WithTopicFilter(f => f.WithTopic(MqttConfig.Topic))
.Build();
await mqttClient.SubscribeAsync(mqttSubscribeOptions, CancellationToken.None);
Console.WriteLine("MQTT client subscribed to topic.");
Console.ReadLine(); // Prevents app from immediately closing once MQTT subscription is complete.
// Will close if user presses "enter" before any messages are received.
}
static class ObjectExtensions
{
public static TObject DumpToConsole<TObject>(this TObject #object)
{
var output = "NULL";
if (#object != null)
{
output = JsonSerializer.Serialize(#object, new JsonSerializerOptions { WriteIndented = true });
}
Console.WriteLine($"[{#object?.GetType().Name}]:\r\n{output}");
return #object;
}
}
#endregion
static class MqttConfig
{
public static readonly string Server = "servername";
public static readonly int Port = 1883;
public static readonly string User = "user";
public static readonly string Password = "password";
public static readonly string Topic = "#";
}
I need to connect to an API. All examples that I could find use Tokens which I can send to each transaction I desire.
Accordingly to the supplier documentation, I couldn't find anything related to tokens.
The problem is when I connect, using curl or wp_remote_post() I don't have an 'connected' object to keep doing the transactions that I need.
Bellow is how it is done in C#. I need some directions in what objects I have to use and create the same functionality in php. Thanks
Connection Class:
public class RestService: IDisposable {
private readonly HttpClient _httpClient;
private readonly string _acumaticaBaseUrl;
public RestService(
string acumaticaBaseUrl, string userName, string password, string company, string branch, string locale) {
_acumaticaBaseUrl = acumaticaBaseUrl;
_httpClient = new HttpClient(
new HttpClientHandler {
UseCookies = true,
CookieContainer = new CookieContainer()
}) {
BaseAddress = new Uri(acumaticaBaseUrl + "/entity/Default/6.00.001/"),
DefaultRequestHeaders = {
Accept = {
MediaTypeWithQualityHeaderValue.Parse("text/json")
}
}
};
//Log in to MYOB Advanced
_httpClient.PostAsJsonAsync(
acumaticaBaseUrl + "/entity/auth/login", new {
name = userName,
password = password,
company = company,
branch = branch,
locale = locale
}).Result.EnsureSuccessStatusCode();
}
void IDisposable.Dispose() {
_httpClient.PostAsync(_acumaticaBaseUrl + "/entity/auth/logout", new ByteArrayContent(new byte[0])).Wait();
_httpClient.Dispose();
}
}
////////////////
//Data submission
public string Put(string entityName, string parameters, string entity) {
var res = _httpClient.PutAsync(_acumaticaBaseUrl + "/entity/Default/6.00.001/" + entityName + "?" + parameters, new StringContent(entity, Encoding.UTF8, "application/json")).Result.EnsureSuccessStatusCode();
return res.Content.ReadAsStringAsync().Result;
}
}
So im pretty new and this made be a dumb question but im trying to take this variable ive made within my textbox and move it into a bool that i made and im really not getting it.
Here is the first little snipit that shows what variable im trying to get.
public FixTheDomain()
{
InitializeComponent();
}
private void FixTheDomain_Load(object sender, EventArgs e)
{
}
public void Pass_Textbox(object sender, EventArgs e)
{
string Pass;
Pass = PassTextbox.Text;\\this is the variable i want
}
And i want to put it into this bool
public static bool ValidateUser()
{
bool validation;
try
{
LdapConnection lcon = new LdapConnection
(new LdapDirectoryIdentifier((string)null, false, false));
NetworkCredential nc = new NetworkCredential(Environment.UserName,
variablegoeshere,Environment.UserDomainName);
lcon.Credential = nc;
lcon.AuthType = AuthType.Negotiate;
// user has authenticated at this point,
// as the credentials were used to login to the dc.
lcon.Bind(nc);
validation = true;
}
catch (LdapException)
{
validation = false;
}
return validation;
}
Modify the ValidateUser method so that it takes a parameter of type string.
public static bool ValidateUser(string pass)
{
bool validation;
try
{
LdapConnection lcon = new LdapConnection
(new LdapDirectoryIdentifier((string)null, false, false));
NetworkCredential nc = new NetworkCredential(Environment.UserName,
pass,Environment.UserDomainName);
lcon.Credential = nc;
lcon.AuthType = AuthType.Negotiate;
// user has authenticated at this point,
// as the credentials were used to login to the dc.
lcon.Bind(nc);
validation = true;
}
catch (LdapException)
{
validation = false;
}
return validation;
}
You can then call it and pass it the parameter:
string Pass;
Pass = PassTextbox.Text;
bool validation = ValidateUser(Pass);
To pass values between methods, the most common technique is using parameters.
So for your method:
public static bool ValidateUser(string pass)
{
bool validation;
try
{
LdapConnection lcon = new LdapConnection
(new LdapDirectoryIdentifier((string)null, false, false));
NetworkCredential nc = new NetworkCredential(Environment.UserName,
pass,Environment.UserDomainName);
lcon.Credential = nc;
lcon.AuthType = AuthType.Negotiate;
// user has authenticated at this point,
// as the credentials were used to login to the dc.
lcon.Bind(nc);
validation = true;
}
catch (LdapException)
{
validation = false;
}
return validation;
}
And in your caller:
public void Pass_Textbox(object sender, EventArgs e)
{
string Pass;
Pass = PassTextbox.Text;\\this is the variable i want
ValidateUser(Pass);
}
I'm having problems retrieving the User Principal object from AD as follows:
public static UserPrincipal GetUserPrincipalByUserName(string userName, IdentityType identityType, string adUsername, string adPassword, string adDomain)
{
UserPrincipal result;
try
{
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, adDomain, adUsername, adPassword))
{
result = UserPrincipal.FindByIdentity(pc, identityType, userName);
}
}
catch
{
result = null;
}
return result;
}
All pretty normal right? However, in my web application, I'm pulling out the username from User.Identity.Name, which gives me the username in the down-level format (domain\username), not my UPN (username#domain.com). My unit tests (1 and 2) pass on the UPN or SAM IdentityTypes, but not on the down-level name provided (3), nor the unqualified username (4), using IdentityType.Name:
[TestClass]
public class ActiveDirectoryTests
{
public const string Username = "jdoe";
public const string DownLevelUsername = "DOMAIN\\jdoe";
public const string Upn = "jdoe#domain.com";
public const string AdUsername = "username";
public const string AdPassword = "password";
public const string AdDomain = "domain";
[TestMethod]
public void SearchByUpn()
{
Assert.IsNotNull(ActiveDirectory.SafeGetUserPrincipalByUserName(Upn, IdentityType.UserPrincipalName, AdUsername, AdPassword, AdDomain));
}
[TestMethod]
public void SearchBySamUsername()
{
Assert.IsNotNull(ActiveDirectory.SafeGetUserPrincipalByUserName(Username, IdentityType.SamAccountName, AdUsername, AdPassword, AdDomain));
}
[TestMethod]
public void SearchByDownLevelUsername()
{
Assert.IsNotNull(ActiveDirectory.SafeGetUserPrincipalByUserName(DownLevelUsername, IdentityType.Name, AdUsername, AdPassword, AdDomain));
}
[TestMethod]
public void SearchByUnqualifiedUsername()
{
Assert.IsNotNull(ActiveDirectory.SafeGetUserPrincipalByUserName(Username, IdentityType.Name, AdUsername, AdPassword, AdDomain));
}
}
Can I do this task without just doing some arbitrary string parsing on the down-level name that I get from User.Identity.Name? Can/should I just dig the SID out of the user object and use that instead?
I fixed my own problem just by using the SID, but for info:
The down-level domain name doesn't directly map to a UPN (missing info on the domain suffix), so basically you can't do text transforms between the two
The User.Identity.Name is still a mystery - see my other question here: What does System.DirectoryServices.AccountManagement.IdentityType.Name specify?
in an .NET application, I'm trying to authenticate users by username and password a against windows users, local ones as well as domain users. I already tried this solution . My code to get the PrincipalContext looks the following:
protected static PrincipalContext TryCreatePrincipalContext(String domain)
{
var computerDomain = TryGetComputerDomain();
if (String.IsNullOrEmpty(domain) && String.IsNullOrEmpty(computerDomain))
return new PrincipalContext(ContextType.Machine);
else if (String.IsNullOrEmpty(domain))
return new PrincipalContext(ContextType.Domain, computerDomain);
else
return new PrincipalContext(ContextType.Domain, domain);
}
protected static String TryGetComputerDomain()
{
try
{
var domain = Domain.GetComputerDomain();
return domain.Name;
} catch
{
return null;
}
}
That works fine for local windows users users and for remote users in an ActiveDirectory. But if I try to run the authentication on a machine, that is joined to a non-ActiveDirectory Domain Master, eg. a Samba Server I get the following Exception:
System.DirectoryServices.AccountManagement.PrincipalServerDownException: Mit dem Server konnte keine Verbindung hergestellt werden. --->
System.DirectoryServices.Protocols.LdapException: Der LDAP-Server ist nicht verfügbar.
bei System.DirectoryServices.Protocols.LdapConnection.Connect()
bei System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
bei System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
bei System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
bei System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
bei System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name)
bei DomainAuthTest.DomainAuthenticator.TryCreatePrincipalContext(String domain)
bei DomainAuthTest.DomainAuthenticator.Authenticate(String domainUser, String password)
bei DomainAuthTest.Program.Main(String[] args)
So it seems that the PrincipalContext tries to use LDAP in case of ContextType.Domain. If I try to use ContextType.Machine I have cannot use the workgroup/domain-name as PrincipalContext tries to connect directly to the machine. That fails if there is already a connection to that machine with that windows from the same machine.
So my question is:
How to authenticate a user with the credentials domain, username and password against a domain master, which is not necessarily based on an ActiveDirectory?
Are there managed APIs to accomplish the above described task?
If there are no managed foundation-classes, what is the right direction to do that with?
Thank you for your replies.
For the sake of completeness, here my solution which seems to do exactly what I want:
public class WinApiDomainAuthenticator
{
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool LogonUser(string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
out IntPtr phToken);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
public static IPrincipal Authenticate(String domainUser, String password)
{
var userToken = IntPtr.Zero;
var creds = new DomainAuthCredentials(domainUser, password);
if (! LogonUser(creds.Username,
creds.Domain,
creds.Password,
(int)LogonType.LOGON32_LOGON_BATCH,
(int)LogonProvider.LOGON32_PROVIDER_DEFAULT, out userToken))
{
var error = new Win32Exception(Marshal.GetLastWin32Error());
throw new SecurityException("Error while authenticating user", error);
}
var identity = new WindowsIdentity(userToken);
if (userToken != IntPtr.Zero)
CloseHandle(userToken);
return ConvertWindowsIdentityToGenericPrincipal(identity);
}
protected static IPrincipal ConvertWindowsIdentityToGenericPrincipal(WindowsIdentity windowsIdentity)
{
if (windowsIdentity == null)
return null;
// Identity in format DOMAIN\Username
var identity = new GenericIdentity(windowsIdentity.Name);
var groupNames = new string[0];
if (windowsIdentity.Groups != null)
{
// Array of Group-Names in format DOMAIN\Group
groupNames = windowsIdentity.Groups
.Select(gId => gId.Translate(typeof(NTAccount)))
.Select(gNt => gNt.ToString())
.ToArray();
}
var genericPrincipal = new GenericPrincipal(identity, groupNames);
return genericPrincipal;
}
protected class DomainAuthCredentials
{
public DomainAuthCredentials(String domainUser, String password)
{
Username = domainUser;
Password = password;
Domain = ".";
if (!domainUser.Contains(#"\"))
return;
var tokens = domainUser.Split(new char[] { '\\' }, 2);
Domain = tokens[0];
Username = tokens[1];
}
public DomainAuthCredentials()
{
Domain = String.Empty;
}
#region Properties
public String Domain { get; set; }
public String Username { get; set; }
public String Password { get; set; }
#endregion
}
}
The LogonType and LogonProvider enums reflect the definitions in "Winbase.h". I settled with LogonType.LOGON32_LOGON_BATCH instead of LogonType.LOGON32_LOGON_NETWORK because samba 3.4.X seems to have trouble with this type.
Here is one that I just did for an app I'm working on myself - requires Framework v3.5 or greater....
public static bool Authenticate(string user, string password)
{
// Split the user name in case a domain name was specified as DOMAIN\USER
string[] NamesArray = user.Split(new char[] { '\\' }, 2);
// Default vars for names & principal context type
string DomainName = string.Empty;
string UserName = string.Empty;
ContextType TypeValue = ContextType.Domain;
// Domain name was supplied
if (NamesArray.Length > 1)
{
DomainName = NamesArray[0];
UserName = NamesArray[1];
}
else
{
// Pull domain name from environment
DomainName = Environment.UserDomainName;
UserName = user;
// Check this against the machine name to pick up on a workgroup
if (string.Compare(DomainName, System.Environment.MachineName, StringComparison.InvariantCultureIgnoreCase) == 0)
{
// Use the domain name as machine name (local user)
TypeValue = ContextType.Machine;
}
}
// Create the temp context
using (PrincipalContext ContextObject = new PrincipalContext(TypeValue, DomainName))
{
// Validate the credentials
return ContextObject.ValidateCredentials(UserName, password);
}
}