4

I'm writing an add-in for a fujitsu scanner in C#. Documents are scanned to a local directory, and I wanted to copy them to a pc on the network. I keep getting System.IO.IOException: Logon failure: unknown user name or bad password though. I tried copying them to a public directory (at least I think its public), and I still get the same result.

Any ideas for stuff I could try? I don't think my code here is the issue, but here it is anyway.

private bool moveTheFile(String source, String destination)
    {
        System.DirectoryServices.DirectoryEntry dntry = null;
        try
        {
            //System.IO.File.Move(source, destination);
            System.IO.File.Copy(source, destination);
            System.IO.File.Delete(source);
            if (System.IO.File.Exists(destination))
            {
                return true;
            }
            else
            {
                return false;
            }
        }
        catch (Exception err)
        {
            _host.WriteSystemLog(LogType.Information, "E1000099", "File.Move Error " + err.ToString());
            return false;
        }
    }

1 Answers1

2

Your problem is due to the fact that the machine is using a LOCAL SERVICE account or something that does not have access even to the shared public folder. You need to impersonate a different account I believe. I found the following code on a different site to do this:

public WindowsImpersonationContext 
    ImpersonateUser(string sUsername, string sDomain, string sPassword)
{
    // initialize tokens
    IntPtr pExistingTokenHandle = new IntPtr(0);
    IntPtr pDuplicateTokenHandle = new IntPtr(0);
    pExistingTokenHandle = IntPtr.Zero;
    pDuplicateTokenHandle = IntPtr.Zero;

    // if domain name was blank, assume local machine
    if (sDomain == "")
        sDomain = System.Environment.MachineName;
    try
    {
        string sResult = null;
        const int LOGON32_PROVIDER_DEFAULT = 0;
        // create token
        const int LOGON32_LOGON_INTERACTIVE = 2;
        //const int SecurityImpersonation = 2;
        // get handle to token
        bool bImpersonated = LogonUser(sUsername, sDomain, sPassword, 
            LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, 
                ref pExistingTokenHandle);
        // did impersonation fail?
        if (false == bImpersonated)
        {
            int nErrorCode = Marshal.GetLastWin32Error();
            sResult = "LogonUser() failed with error code: " + 
                nErrorCode + "\r\n";
            // show the reason why LogonUser failed
            MessageBox.Show(this, sResult, "Error", 
                MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
        // Get identity before impersonation
        sResult += "Before impersonation: " + 
            WindowsIdentity.GetCurrent().Name + "\r\n";
        bool bRetVal = DuplicateToken(pExistingTokenHandle, 
            (int)SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, 
                ref pDuplicateTokenHandle);
        // did DuplicateToken fail?
        if (false == bRetVal)
        {
            int nErrorCode = Marshal.GetLastWin32Error();
            // close existing handle
            CloseHandle(pExistingTokenHandle); 
            sResult += "DuplicateToken() failed with error code: " 
                + nErrorCode + "\r\n";
            // show the reason why DuplicateToken failed
            MessageBox.Show(this, sResult, "Error", 
                MessageBoxButtons.OK, MessageBoxIcon.Error);
            return null;
        }
        else
        {
            // create new identity using new primary token
            WindowsIdentity newId = new WindowsIdentity
                                        (pDuplicateTokenHandle);
            WindowsImpersonationContext impersonatedUser = 
                                        newId.Impersonate();
            // check the identity after impersonation
            sResult += "After impersonation: " + 
                WindowsIdentity.GetCurrent().Name + "\r\n";

            MessageBox.Show(this, sResult, "Success", 
                MessageBoxButtons.OK, MessageBoxIcon.Information);
            return impersonatedUser;
        }
    }
    catch (Exception ex)
    {
        throw ex;
    }
    finally
    {
        // close handle(s)
        if (pExistingTokenHandle != IntPtr.Zero)
            CloseHandle(pExistingTokenHandle);
        if (pDuplicateTokenHandle != IntPtr.Zero) 
            CloseHandle(pDuplicateTokenHandle);
    }
}

Here are the supporting methods:

[DllImport("advapi32.dll", SetLastError=true)]
        public static extern bool LogonUser(string pszUsername, string pszDomain, string pszPassword, 
            int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

        // closes open handes returned by LogonUser
        [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
        public extern static bool CloseHandle(IntPtr handle);

        // creates duplicate token handle
        [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
        public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, 
            int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
// group type enum
    public enum SECURITY_IMPERSONATION_LEVEL : int
    {
        SecurityAnonymous = 0,
        SecurityIdentification = 1,
        SecurityImpersonation = 2,
        SecurityDelegation = 3
    }
jugg1es
  • 1,560
  • 18
  • 33
  • I may have to go that route. I looked into it before, but when I try to import advapi32.dll as a reference, I get an error that says it can't be added. And I need that .dll to use LogonUser, right? – David 'Encore' Merryman Apr 30 '13 at 19:54
  • I've edited my code to give you the supporting methods that were included in the project I copied from. You don't actually need to import advapi32.dll into your project, you simply use interops. You could also set up an FTP to do this if you wanted. Here is the project I copied the code from : http://www.codeproject.com/Articles/4051/Windows-Impersonation-using-C – jugg1es Apr 30 '13 at 20:06
  • I'm using this class now to resolve a very similar issue. It was still failing but stopped failing when I gave it the old WINS NT domain name instead of the FQ domain name. Not sure why it would matter. – Nathan McKaskle Sep 14 '17 at 15:52