copying a file to server using credentials

[UncleT]

Hello,

I've been writing a vb6 application that I need to copy a file from one server to another. The system if for a police department and it is an Internal Affairs system. What I need is for the user to be able to copy a file to a location on the server using the application but the user does not have access to the share on the server and we do not want to give the user access to that share for legal purposes.

What we are wanting to do is create an account that can access this shared folder. Only Internal Affairs personnel and this account will be able to access this folder.

Is there a way using VB6 with an XP operating system, to copy these files using the credentials of the special IA account we create.

Example:

In the application Joe_Blow (who has no access to IA Folders) can select a file and click a command button and the file gets copied to the IA shared folder using the IA user account and password.

Thanks in advance for your help.

 

[rtshort]

I don't really know exactly what you are asking, but can't you just set up a new folder for what you want on the server, set permissions for it, and map it to the other PC?

Don't know if that's much help or not, but I think it would be possible.

Rob
Just my $.02.

 

[tedsmith]

You need to write a small application that is always running on the machine that you are copying to as well as on the sending computer when you want to send a file.

You use winsock and propertybag methods (well documented and mentioned in this forum) to transfer the file via TCPIP only to the application running on the receiving computer which will see it's own folders without restriction. Its a bit slower than direct file transfer.

If you only use write methods, nobody sending can see the folders in the receiving computer unless you have a password system.

This is roughly how the internet works.

 

[UncleT]

Actually what I am wanting to do is, copy a file using a VB application from one location to another using administrative credentials. The destination folder is locked down using windows security so the basic copyfile command does not work. I just want to know if there is a way to copy a file using admin credentials kind of like the Runas command?

Thanks,

UncleT

 

[tedsmith]

As far as I know copyfile uses the same Windows methods that you would if you just copied it across to a shared and permitted folder.
I would think that to get around permissions you would need to use another method like TCPIP but if the receiving computer was fully firewalled to the sending computer, even TCPIP would not work

 

[JerryKlmns]

What if the "sending" PC stores the file to a local shared folder and sends the "receiving" server a txt file including the full path to that IA-file and let the server go get the file. Built onother exe that looks for directory changes in the server shared accessed-by-all folder, grab the txt file, read the path, delete the txt and move the IA-file to a non-shared secured folder? Obviously every user needs a shared folder permitting only the user of server to grab the file.

 

[ousoonerjoe]

There is a way to do it:
You can execute the following (example shown) via the Shell Command.

net use y: \\Server\FldrName /user:SpecialUser password
move "y:\Inetpub\InternetSite\uploads\*.*" c:\AFSARP\SPOOL
net use y: /delete

I don't know what the security is like on this, but might help you to find what you're looking for.

Another methodology would be to have a Server side application receive the data in question, and then have it create and write the file to the server. A winsock connection I think would be the most secure for the setting your application will be running in.




"If I were to wake up with my head sewn to the carpet, I wouldn't be more surprised than I am right now.

 

[dilettante]

If I understand your requirements correctly, I'd probably use the following:

[ul]
[li]A custom "send file" utility in VB6.[/li]
[li]The IIS FTP service.[/li]
[li]A custom service written in VB6.[/li]
[/ul]

The file-sender would just use the Common Dialog to pick the file, then use the ITC (Inet control) to FTP it to the server.

The FTP server would catch the files.

The custom service would use the FindFirstChangeNotification() in Kernel32 (and related API calls) to monitor the FTP home directory for new file creations. When it finds them it would move them to your "share" folder with a unique name.


This could be made more secure by giving every user a local machine FTP account (and password) on the FTP server and setting the server to "Isolate users" mode. The file-sender could prompt for these credentials and use them when FTPing the data files. For low volume use Windows XP could handle being the server.

The file creation monitor service could easily pick up new files created in the per-user subfolders under the FTP root.


An alternative might be to use a 3rd party FTP server that offers scriptable event sinks. IIS SMTP does this, but IIS FTP does not - at least not on IIS 5.1 (the version included in XP).


Another alternative is to write a web application to do this, even using Classic ASP. The file-sender would just use HTTP instead of FTP.

 

[UncleT]

Thanks for everyone's help. I ended up just writing a vb6 program that resides in the App.path of the original program. This program will read a text file under the same path which contains the Source and Destination file to get copied and uses the basic copyfile command. Here is the kicker. Inside the original application, I just run application2 with the RUNAS command and I pass it administrative credentials.

 

[strongm]

>Here is the kicker

Er, not really. That was the obvious solution, which I assumed you had rejected in the original post

 

[tedsmith]

As a matter of interest, how do you manage to copyfile to the non-shared folder in the server?

What exactly do you mean by "pass it administrative credentials"?

Does this mean you can copy around the sharing prohibition on a folder in another computer and even read a file this way or do you have to enter something special in the client permissions?

 

[ousoonerjoe]

I hope you have the RUNAS credentials encrypted somewhere. The last thing you want is to have to do is recompile your program every time the password is changed or the account is changed. Nor do you want to store it in something like an INI file or registery that can be opened and read by anyone that has access to that machine.

Programming for Security can be a lot of fun, but there are very many aspects that have to be taken into consideration.

"If you think it's fool proof, some idiot will prove you wrong."

"If I were to wake up with my head sewn to the carpet, I wouldn't be more surprised than I am right now.