Windows share credentials

Bostjan_Laba · November 27, 2024, 4:04pm

Usually when I install our apps somewhere, company admins there already setup network shares for us and up until now it has always been done on OS level, so user had windows credentials for the share and our app “just worked”.

Now I have a company which does not want a user to have access to a shared map on the server. They are willing to provide shared map but they want our app to be using it exclusively.

So we get user/pass for the share but would have to implement it in our app so that app can open network share, store/read files from it, but when outside the app user could not access the network share. So I’m guessing we’re talking about network share authentication (SMB) from inside our app.

Anyone done that? How and with any particular 3rd party? Obviously the app would have user/pass for the share stored “internally” so user does not have to type it in whenever using app or whatever (admin would have to do it in such case, which is not an option).

Thank you.

Gustavo_Saracca · November 27, 2024, 5:01pm

As far as I understand, it is an issue with the operating system and its permissions, not the application.

Bostjan_Laba · November 27, 2024, 5:12pm

Well, technically we get to OS in any case. But here app would have to respond to OS requesting user/pass credentials to access shared folder without causing windows to save them in the windows credentials store.

Julian · November 27, 2024, 6:07pm

If permissions have already been assigned to the share could you access it like this … \\server\sharename ?

We use this method for some .tps files via Clarion 10, the downside being that I have to set every file name before opening it …
file{PROP:Name} = '\\server\share\filename.tps'

Jane · November 27, 2024, 6:44pm

That’s a perfect scenario for a Windows service, where you can specify the user name and password for the service (app) itself.
Unfortunately, services don’t allow direct interaction with the user desktop.
So a helper service app for your main app, or a web app?

Or you could perhaps use a batch file to map a drive with that user’s credentials
net use q: \servername\sharename myPassword /user:theShareUserName

But that leaves the password in plain view.

Or perhaps try running that net use command in a hidden window with Capesoft’s OddJob.

Bostjan_Laba · November 27, 2024, 10:13pm

I like the idea. Service takes care of folder access and my app communicates with the service for data read/write. I will check this scenario, for now it seems closest to what I need.

seanh · November 27, 2024, 10:37pm

I think the IP driver might also work in this situation. IP Driver has a service running on the server, you communicate with the IP service. No share required.

Bostjan_Laba · November 28, 2024, 12:21pm

Can’t. I can use MSSQL and a share. I am not allowed to put anything on the server itself.

Gustavo_Saracca · November 28, 2024, 2:29pm

Now I think I understand.
Please tell me if this is correct.

Do you want me to access the database with Windows certificates?
If so, is the system user the user that should access the database?

jslarve · November 28, 2024, 8:34pm

I haven’t tried it, but maybe you could write a small stub app that calls your app with “runas”, passing the special credentials that your actual app is supposed to use? JAT Runas | Microsoft Learn