EDN Admin
Well-known member
Hi all,
I have an application which need to interact with database and update it as required.
Below i have 2 procedures
AuthencateBufferLogin() - Used to impersonate the user (i.e., to work with other user, to perform some task
QueryDataBase() - Used to Query database
i could able to copy files and create files as desired by using this Buffer login which has permissions in the destinated.
Note : permissions for other users were removed in these folders for security reasons
Here goes the code...
<div style="color:black; background-color:white
<pre><span style="color:blue Public <span style="color:blue Class BufferLogin
<span style="color:blue Public <span style="color:blue Enum LogonType <span style="color:blue As <span style="color:blue Integer
<span style="color:green This logon type is intended for users who will be interactively using the computer,
<span style="color:green such as a user being logged on
<span style="color:green by a terminal server, remote shell, or similar process.
<span style="color:green This logon type has the additional expense of caching logon information
<span style="color:green for disconnected operations;
<span style="color:green therefore, it is inappropriate for some client/server applications,
<span style="color:green such as a mail server.
LOGON32_LOGON_INTERACTIVE = 2
<span style="color:green This logon type is intended for high performance servers to authenticate plaintext passwords.
<span style="color:green The LogonUser function does not cache credentials for this logon type.
LOGON32_LOGON_NETWORK = 3
<span style="color:green This logon type is intended for batch servers, where processes may be executing on behalf of a user without
<span style="color:green their direct intervention. This type is also for higher performance servers that process many plaintext
<span style="color:green authentication attempts at a time, such as mail or Web servers.
<span style="color:green The LogonUser function does not cache credentials for this logon type.
LOGON32_LOGON_BATCH = 4
<span style="color:green Indicates a service-type logon. The account provided must have the service privilege enabled.
<span style="color:green
LOGON32_LOGON_SERVICE = 5
<span style="color:green This logon type is for GINA DLLs that log on users who will be interactively using the computer.
<span style="color:green This logon type can generate a unique audit record that shows when the workstation was unlocked.
LOGON32_LOGON_UNLOCK = 7
<span style="color:green This logon type preserves the name and password in the authentication package, which allows the server to make
<span style="color:green connections to other network servers while impersonating the client. A server can accept plaintext credentials
<span style="color:green from a client, call LogonUser, verify that the user can access the system across the network, and still
<span style="color:green communicate with other servers.
<span style="color:green NOTE: Windows NT: This value is not supported.
LOGON32_LOGON_NETWORK_CLEARTEXT = 8
<span style="color:green This logon type allows the caller to clone its current token and specify new credentials for outbound connections.
<span style="color:green The new logon session has the same local identifier but uses different credentials for other network connections.
<span style="color:green NOTE: This logon type is supported only by the LOGON32_PROVIDER_WINNT50 logon provider.
<span style="color:green NOTE: Windows NT: This value is not supported.
LOGON32_LOGON_NEW_CREDENTIALS = 9
<span style="color:blue End <span style="color:blue Enum
<span style="color:blue Public <span style="color:blue Enum LogonProvider <span style="color:blue As <span style="color:blue Integer
<span style="color:green Use the standard logon provider for the system.
<span style="color:green The default security provider is negotiate, unless you pass NULL for the domain name and the user name
<span style="color:green is not in UPN format. In this case, the default provider is NTLM.
<span style="color:green NOTE: Windows 2000/NT: The default security provider is NTLM.
LOGON32_PROVIDER_DEFAULT = 0
<span style="color:blue End <span style="color:blue Enum
<span style="color:blue Declare <span style="color:blue Auto <span style="color:blue Function LogonUser <span style="color:blue Lib <span style="color:#a31515 "advapi32.dll" (<span style="color:blue ByVal lpszUsername <span style="color:blue As <span style="color:blue String, _
<span style="color:blue ByVal lpszDomain <span style="color:blue As <span style="color:blue String, <span style="color:blue ByVal lpszPassword <span style="color:blue As <span style="color:blue String, <span style="color:blue ByVal dwLogonType <span style="color:blue As LogonType, _
<span style="color:blue ByVal dwLogonProvider <span style="color:blue As LogonProvider, <span style="color:blue ByRef phToken <span style="color:blue As IntPtr) <span style="color:blue As <span style="color:blue Integer
<span style="color:blue Declare <span style="color:blue Function ImpersonateLoggedOnUser <span style="color:blue Lib <span style="color:#a31515 "advapi32.dll" (<span style="color:blue ByVal hToken <span style="color:blue As <span style="color:blue Integer) <span style="color:blue As <span style="color:blue Integer
<span style="color:blue Declare <span style="color:blue Function RevertToSelf <span style="color:blue Lib <span style="color:#a31515 "advapi32.dll" () <span style="color:blue As <span style="color:blue Integer
<span style="color:blue Const LOGON32_PROVIDER_DEFAULT = 0
<span style="color:blue Const LOGON32_LOGON_INTERACTIVE = 2
<span style="color:blue Const LOGON32_LOGON_NETWORK = 3
<span style="color:blue Const LOGON32_LOGON_BATCH = 4
<span style="color:blue Const LOGON32_LOGON_SERVICE = 5
<span style="color:blue Const LOGON32_LOGON_UNLOCK = 7
<span style="color:blue Public BuffLoginFailMsg <span style="color:blue As <span style="color:blue String
<span style="color:blue Public <span style="color:blue Function AuthenticateBufferLogin() <span style="color:blue As <span style="color:blue Boolean
<span style="color:blue Dim nToken = 0
<span style="color:blue If LogonUser(<span style="color:#a31515 "xyz", <span style="color:#a31515 "abc.com", <span style="color:#a31515 "xyz", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, nToken) = 0 <span style="color:blue Then
<span style="color:green MsgBox("login failed")
BufferLoginStatus = <span style="color:blue False
BuffLoginFailMsg = <span style="color:#a31515 "Login Failed"
<span style="color:blue Else
<span style="color:green MsgBox("Login success")
<span style="color:blue If ImpersonateLoggedOnUser(nToken) = 0 <span style="color:blue Then
<span style="color:green MsgBox("Failed to authenticate. Unable to continue")
BufferLoginStatus = <span style="color:blue False
BuffLoginFailMsg = <span style="color:#a31515 "Failed to authenticate. Unable to continue"
<span style="color:blue Else
<span style="color:green MsgBox("authentication success")
BufferLoginStatus = <span style="color:blue True
<span style="color:blue End <span style="color:blue If
<span style="color:blue End <span style="color:blue If
<span style="color:blue Return BufferLoginStatus
<span style="color:blue End <span style="color:blue Function
<span style="color:blue Public <span style="color:blue Sub QueryDatabase(<span style="color:blue ByVal QueryDataBase <span style="color:blue As <span style="color:blue String, _
<span style="color:blue ByVal table <span style="color:blue As <span style="color:blue String, _
<span style="color:blue ByVal SQL <span style="color:blue As <span style="color:blue String, _
<span style="color:blue ByRef da <span style="color:blue As OleDbDataAdapter, _
<span style="color:blue ByRef ds <span style="color:blue As DataSet)
<span style="color:green Query DataBase based on SQL argument received
<span style="color:green Return DataAdapter and DataSet
<span style="color:blue If AuthenticateBufferLogin() <span style="color:blue Then
<span style="color:blue Try
ds.Clear()
dbSource = <span style="color:#a31515 "Data Source = " & DBPath & QueryDataBase
conn.ConnectionString = dbProvider & dbSource & dbPassword
<span style="color:blue My.Computer.FileSystem.WriteAllText(DBPath & <span style="color:#a31515 "text.txt", <span style="color:#a31515 "it will success", <span style="color:blue True)
conn.Open() Here i get Unspecified Error
da = <span style="color:blue New OleDbDataAdapter(SQL, conn)
da.Fill(ds, table)
conn.Close()
<span style="color:blue Catch ex <span style="color:blue As Exception
conn.Close()
MsgBox(ex.Message, vbOKOnly, <span style="color:#a31515 "Get Details")
<span style="color:blue End <span style="color:blue Try
<span style="color:blue Else
MsgBox(BuffLoginFailMsg, vbOKOnly, <span style="color:#a31515 "Get Details Authentication")
<span style="color:blue End <span style="color:blue If
RevertToSelf() <span style="color:green Control back to currrent user
<span style="color:blue Return
<span style="color:blue End <span style="color:blue Sub
<span style="color:blue End <span style="color:blue Class
[/code]
Here i am facing these below issues when the control comes to QueryDatabase() procedure.
<img src="http://social.microsoft.com/Forums/getfile/49600/" alt="
1. I am getting " Unspecified error " while i am opening the connection to database @
conn.open statement. but able to create files in that folder through this impersonate user.
2. This i could able to resolve by opening folder properties and adding <span>
Authenticated Users in Security Tab to C:Users in Win7 OS and applying settings. But if i run the application from another login getting same error. for this i need to update the Authenticated Users permission on newly created
profile (user).
Can anyone give me any suggestion on this.
<
PBL (Visual Studio 2010 Ultimate)<br/>
<br/>
View the full article
I have an application which need to interact with database and update it as required.
Below i have 2 procedures
AuthencateBufferLogin() - Used to impersonate the user (i.e., to work with other user, to perform some task
QueryDataBase() - Used to Query database
i could able to copy files and create files as desired by using this Buffer login which has permissions in the destinated.
Note : permissions for other users were removed in these folders for security reasons
Here goes the code...
<div style="color:black; background-color:white
<pre><span style="color:blue Public <span style="color:blue Class BufferLogin
<span style="color:blue Public <span style="color:blue Enum LogonType <span style="color:blue As <span style="color:blue Integer
<span style="color:green This logon type is intended for users who will be interactively using the computer,
<span style="color:green such as a user being logged on
<span style="color:green by a terminal server, remote shell, or similar process.
<span style="color:green This logon type has the additional expense of caching logon information
<span style="color:green for disconnected operations;
<span style="color:green therefore, it is inappropriate for some client/server applications,
<span style="color:green such as a mail server.
LOGON32_LOGON_INTERACTIVE = 2
<span style="color:green This logon type is intended for high performance servers to authenticate plaintext passwords.
<span style="color:green The LogonUser function does not cache credentials for this logon type.
LOGON32_LOGON_NETWORK = 3
<span style="color:green This logon type is intended for batch servers, where processes may be executing on behalf of a user without
<span style="color:green their direct intervention. This type is also for higher performance servers that process many plaintext
<span style="color:green authentication attempts at a time, such as mail or Web servers.
<span style="color:green The LogonUser function does not cache credentials for this logon type.
LOGON32_LOGON_BATCH = 4
<span style="color:green Indicates a service-type logon. The account provided must have the service privilege enabled.
<span style="color:green
LOGON32_LOGON_SERVICE = 5
<span style="color:green This logon type is for GINA DLLs that log on users who will be interactively using the computer.
<span style="color:green This logon type can generate a unique audit record that shows when the workstation was unlocked.
LOGON32_LOGON_UNLOCK = 7
<span style="color:green This logon type preserves the name and password in the authentication package, which allows the server to make
<span style="color:green connections to other network servers while impersonating the client. A server can accept plaintext credentials
<span style="color:green from a client, call LogonUser, verify that the user can access the system across the network, and still
<span style="color:green communicate with other servers.
<span style="color:green NOTE: Windows NT: This value is not supported.
LOGON32_LOGON_NETWORK_CLEARTEXT = 8
<span style="color:green This logon type allows the caller to clone its current token and specify new credentials for outbound connections.
<span style="color:green The new logon session has the same local identifier but uses different credentials for other network connections.
<span style="color:green NOTE: This logon type is supported only by the LOGON32_PROVIDER_WINNT50 logon provider.
<span style="color:green NOTE: Windows NT: This value is not supported.
LOGON32_LOGON_NEW_CREDENTIALS = 9
<span style="color:blue End <span style="color:blue Enum
<span style="color:blue Public <span style="color:blue Enum LogonProvider <span style="color:blue As <span style="color:blue Integer
<span style="color:green Use the standard logon provider for the system.
<span style="color:green The default security provider is negotiate, unless you pass NULL for the domain name and the user name
<span style="color:green is not in UPN format. In this case, the default provider is NTLM.
<span style="color:green NOTE: Windows 2000/NT: The default security provider is NTLM.
LOGON32_PROVIDER_DEFAULT = 0
<span style="color:blue End <span style="color:blue Enum
<span style="color:blue Declare <span style="color:blue Auto <span style="color:blue Function LogonUser <span style="color:blue Lib <span style="color:#a31515 "advapi32.dll" (<span style="color:blue ByVal lpszUsername <span style="color:blue As <span style="color:blue String, _
<span style="color:blue ByVal lpszDomain <span style="color:blue As <span style="color:blue String, <span style="color:blue ByVal lpszPassword <span style="color:blue As <span style="color:blue String, <span style="color:blue ByVal dwLogonType <span style="color:blue As LogonType, _
<span style="color:blue ByVal dwLogonProvider <span style="color:blue As LogonProvider, <span style="color:blue ByRef phToken <span style="color:blue As IntPtr) <span style="color:blue As <span style="color:blue Integer
<span style="color:blue Declare <span style="color:blue Function ImpersonateLoggedOnUser <span style="color:blue Lib <span style="color:#a31515 "advapi32.dll" (<span style="color:blue ByVal hToken <span style="color:blue As <span style="color:blue Integer) <span style="color:blue As <span style="color:blue Integer
<span style="color:blue Declare <span style="color:blue Function RevertToSelf <span style="color:blue Lib <span style="color:#a31515 "advapi32.dll" () <span style="color:blue As <span style="color:blue Integer
<span style="color:blue Const LOGON32_PROVIDER_DEFAULT = 0
<span style="color:blue Const LOGON32_LOGON_INTERACTIVE = 2
<span style="color:blue Const LOGON32_LOGON_NETWORK = 3
<span style="color:blue Const LOGON32_LOGON_BATCH = 4
<span style="color:blue Const LOGON32_LOGON_SERVICE = 5
<span style="color:blue Const LOGON32_LOGON_UNLOCK = 7
<span style="color:blue Public BuffLoginFailMsg <span style="color:blue As <span style="color:blue String
<span style="color:blue Public <span style="color:blue Function AuthenticateBufferLogin() <span style="color:blue As <span style="color:blue Boolean
<span style="color:blue Dim nToken = 0
<span style="color:blue If LogonUser(<span style="color:#a31515 "xyz", <span style="color:#a31515 "abc.com", <span style="color:#a31515 "xyz", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, nToken) = 0 <span style="color:blue Then
<span style="color:green MsgBox("login failed")
BufferLoginStatus = <span style="color:blue False
BuffLoginFailMsg = <span style="color:#a31515 "Login Failed"
<span style="color:blue Else
<span style="color:green MsgBox("Login success")
<span style="color:blue If ImpersonateLoggedOnUser(nToken) = 0 <span style="color:blue Then
<span style="color:green MsgBox("Failed to authenticate. Unable to continue")
BufferLoginStatus = <span style="color:blue False
BuffLoginFailMsg = <span style="color:#a31515 "Failed to authenticate. Unable to continue"
<span style="color:blue Else
<span style="color:green MsgBox("authentication success")
BufferLoginStatus = <span style="color:blue True
<span style="color:blue End <span style="color:blue If
<span style="color:blue End <span style="color:blue If
<span style="color:blue Return BufferLoginStatus
<span style="color:blue End <span style="color:blue Function
<span style="color:blue Public <span style="color:blue Sub QueryDatabase(<span style="color:blue ByVal QueryDataBase <span style="color:blue As <span style="color:blue String, _
<span style="color:blue ByVal table <span style="color:blue As <span style="color:blue String, _
<span style="color:blue ByVal SQL <span style="color:blue As <span style="color:blue String, _
<span style="color:blue ByRef da <span style="color:blue As OleDbDataAdapter, _
<span style="color:blue ByRef ds <span style="color:blue As DataSet)
<span style="color:green Query DataBase based on SQL argument received
<span style="color:green Return DataAdapter and DataSet
<span style="color:blue If AuthenticateBufferLogin() <span style="color:blue Then
<span style="color:blue Try
ds.Clear()
dbSource = <span style="color:#a31515 "Data Source = " & DBPath & QueryDataBase
conn.ConnectionString = dbProvider & dbSource & dbPassword
<span style="color:blue My.Computer.FileSystem.WriteAllText(DBPath & <span style="color:#a31515 "text.txt", <span style="color:#a31515 "it will success", <span style="color:blue True)
conn.Open() Here i get Unspecified Error
da = <span style="color:blue New OleDbDataAdapter(SQL, conn)
da.Fill(ds, table)
conn.Close()
<span style="color:blue Catch ex <span style="color:blue As Exception
conn.Close()
MsgBox(ex.Message, vbOKOnly, <span style="color:#a31515 "Get Details")
<span style="color:blue End <span style="color:blue Try
<span style="color:blue Else
MsgBox(BuffLoginFailMsg, vbOKOnly, <span style="color:#a31515 "Get Details Authentication")
<span style="color:blue End <span style="color:blue If
RevertToSelf() <span style="color:green Control back to currrent user
<span style="color:blue Return
<span style="color:blue End <span style="color:blue Sub
<span style="color:blue End <span style="color:blue Class
[/code]
Here i am facing these below issues when the control comes to QueryDatabase() procedure.
<img src="http://social.microsoft.com/Forums/getfile/49600/" alt="
1. I am getting " Unspecified error " while i am opening the connection to database @
conn.open statement. but able to create files in that folder through this impersonate user.
2. This i could able to resolve by opening folder properties and adding <span>
Authenticated Users in Security Tab to C:Users in Win7 OS and applying settings. But if i run the application from another login getting same error. for this i need to update the Authenticated Users permission on newly created
profile (user).
Can anyone give me any suggestion on this.
<
PBL (Visual Studio 2010 Ultimate)<br/>
<br/>
View the full article