Windows Service failing to access mapped network drive - c#

My C# based Wcf application hosted as windows service is unable to access mapped network drive even though it works with UNC path. I have come across the below article which states that it is not possible to use mapped drives with windows service.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms685143(v=vs.85).aspx
In my scenario I am logging into the service with a domain account & the same account is used to create the mapped network drive in the machine.
My company has all clients running the projects in mapped drives and they would want the service also to run and access the mapped drive configurations for pulling data.
In this scenario I am wondering if there could be a possible workaround given the situation that network drive would be created with the same account that the service is logged in with.
Any possible workaround or code fixes would be highly appreciated. Thanks .

Related

Accessing Azure File Storage from WebJob using SMB protocol

I have a c# console application running as a web job in Azure PaaS. Since it is a legacy system and use local UNC path to put the generated pdf, I am exploring the ways I can do this on Azure Storage. Following this, I have created a storage account then File share and finally a directory inside file share. I can access the directory from windows machine by entering the login credentials. so I know the storage is all set and working. Now I want to replace the UNC path in my c# code with the UNC(?) path on Azure PaaS but I am wondering if that would work and if yes then how I should handle the credentials? Since Microsoft says that File Share supports SMB 3.0 I reckon I should be able to use it just the way I use any on premises drive. I do not want to use REST api's to do the file operations as defined here and in the video here because it would involve code changes which in my case would be a huge exercise. Since File share supports SMB protocol I was expecting to find examples where it is called from a web job. Can somebody point me to the right resource or guide me how I can accomplish this piece of functionality.
Here's your problem -
From the App Service sandbox Wiki -
Restricted Outgoing Ports
Regardless of address, applications cannot connect to anywhere using ports 445, 137, 138, and 139. In other words, even if connecting to a non-private IP address or the address of a virtual network, connections to ports 445, 137, 138, and 139 are not permitted.
That's largely SMB traffic.
Your options are limited, i would try to publish on Cloud Services instead (worker role), still PaaS but with a vintage feel to it and no outbound port restrictions.
Service Fabric with Guest Executable programming model could also be an option, although it's probably a little too involved for a simple console app. Pick Windows nodes for .NET Full Framework.

C# Internal Server Error

I wrote a C# WCF server and I am trying to get it up in IIS but everything I try to go to my endpoint I get this error:
I checked the Permissions on the site and I have Authenticated Users others:
so I am not sure what to do now...
I imagine that the root of the problem is that you are trying to create an application on the server that points to files on your own computer using a Remote Desktop Connection drive share. The \\?\UNC\tsclient\C\... path is a dead giveaway.
This is a definite no. You cannot run a web service this way. The tsclient path is specific to your individual connection and will not work from any other context. Any other user account - including the service account that the IIS instance is running from - will not be able to access those files.
To resolve this issue you need to copy the files from your machine to a location on the server and recreate the IIS application entry, referencing the location on the server. You might still need to monkey with the security on the server-local folder.

Accessing an NFS share from a Windows service

I have a Windows service that can't access an NFS share on a UNIX box. I can't access the share with the UNC path, so I have to have it mounted.
I have a console application that can see the drive and runs fine, but when I deploy my Windows service, it can't see the drive.
I have the drive mounted as my local user as well as the administrator.
I've tried mounting a drive from my application by using "Process.Start(mBatchFilePath);", but that didn't work either.
I'm running as the local user (set as administrator).
Tried using a symbolic link
Going to try to set up an FTP to transfer the files
Does anyone have any suggestions on how I can make this work?
SOLVED: I used SSH.Net and transfer files with an SFTP server
I don't think that mapping the drive to a symbolic link is a real solution. The Problem is, that the service runs under a certain user account and thus it accesses all resources with the privileges of this account. Of course your IT admin is right, it's not a good idea to let the service run under the local administrator account.
You should create a new user account that is allowed to access the shared folder. Then set up the service that it runs under this account and the service should be able to access the network share. But remember, a network share that is mapped to a drive letter is only mapped for the current user. So the service (that runs under a different user account) simply doesn't have any drive with this letter, it is not mapped under its account.
So in your service you should always access the share with its full UNC path and not with a mapped drive letter.
Since we were connecting to a Solaris server from a windows box I needed to use SFTP to send files to the server.
I contemplated some sort of a folder sync, but it wasn't a route I wanted to go down.
I used the SSH.Net libraries.

Why does DriveInfo.GetDrives() not get network mapped drive in windows service

I have a windows service developed in .NET C# using VS 2010, I'm calling the DriveInfo.GetDrives() but it is not getting the Z: drive (a mapped network drive),
I did some googling and found some results pointing to windows account privileges, so I have tried all account types of service installer such as LocalSystem, User, LocalService, NetworkService but none worked and I still can't get the drive Z:.
I did another test, debugging the windows service (as a console application) and I can get drive Z: that way.
Is there a solution to my problem?
You need to run the windows service with an account that has the network drive mapped, for example, the same account that you used to run as a console application. As Hans advised you should not be using mapped drives in windows services because they are a concept associated to a real user.
However if you really want to continue to use mapped drives see this related question for pitfalls and workarounds related to this specific situation:
How to map a network drive to be used by a service
Drive mappings are associated with LUID and you could have multiple Authentication ID under the same user (e.g. service, normal integrity level, high integrity level etc).
You can have a normal integrity level process running in the user's session to provide the mapped drive list created by the user. This is how Windows Explorer copies mapped drives for elevated setup programs.

Search and get file information from remote workstation on a Windows domain

I need to query the file system of a remote workstation on a Windows domain. The program should search the remote file system for the existence of specific filenames and file paths. For example, assume I want to find out whether “c:\program files\mozilla\firefox.exe” or “c:\program files\chrome\chrome.exe” exists on any workstation in a domain of 10,000 machines.
What options I know:
1) Only C# code with windows impersonation using WIN32 API and using UNC path with Admin Share access like \ServerName\C$\FolderName.(I am not sure that we need to run the app from domain server to get workstation Admin Share access).
2) Using WMI with C# Management classes, get remote system access with Domain Admin credentials impersonation, then use query(s) to get the remote file information.
I have implemented both scenarios, but I am not sure which one best and performs well on real time. I have only tested with 2-3 systems network available with me.
I have questions in my mind.
1) Which option is best suits for the situation?
2) Which one is faster, safer and consistent?
Please suggest me one of those or any best option available for above requirement.
Thank You,
Ravi
No need to run this from a domain controller. With proper privs, you can run WMI queries from anywhere. In fact, pushing them to a DC would add a hop to the query and likely be slower than querying directly. If you have domain admin privs for the process, I'd just query directly to the unc path for the file existence check, and be done with it.

Categories