close databases all lcPath = 'X:\PS\' lcTable = 'Protected' lcAdminUser = 'RAN02' try use (lcPath + lcTable) Messagebox('Table opened

without using impersonation') use catch Messagebox('Unable to open table without using impersonation') endtry if Impersonate(lcAdminUser, Inputbox('Enter your password', 'Password')) try use (lcPath + lcTable) Messagebox('Table opened using impersonation') report form x:\foxv\hugo\prog\dummy to printer prompt preview next 1 use catch Messagebox('Unable to open Table even using impersonation') endtry endif Messagebox('Finish impersonation', 16) EndImpersonate() FUNCTION Impersonate(UserName As String, UserPassword As String) As Boolean LOCAL nToken, loNet Declare Integer LogonUser IN advapi32 ; String lpszUsername, ; String lpszDomain, ; String lpszPassword, ; Integer dwLogonType, ; Integer dwLogonProvider, ; Long @phToken Declare Integer ImpersonateLoggedOnUser IN WIN32API Long ptr Declare RevertToSelf IN ADVAPI32 nToken = 0 loNET = CREATEOBJECT('wscript.Network') IF LogonUser(UserName, loNET.UserDomain, UserPassword, 2, 0, @nToken) > 0 IF ImpersonateLoggedOnUser(nToken) > 0 loNet.MapNetworkDrive('X:', '\\skyapps\apps') && Map all network drives is neces sary RETURN .t. ENDIF ENDIF RETURN .F. ENDFUNC FUNCTION EndImpersonate() As Boolean

Declare RevertToSelf IN ADVAPI32 RevertToSelf() CLEAR DLLS ENDFUNC ------------------------------------------------------------------------------We had done this for testing some time ago, and it worked pretty well AFAWK, but without using run as, just doing the impersonation directly from within foxpro code. * If the table "Products" is in a protected folder, for example and the user "Pr odAdmin" has rights to the folder, then: if Impersonate("ProdAdmin", "ProdPassword") * I use a mapped drive just as an example, of course it is not needed or desireb le USE X:\ProductFolder\Products endif * Do some process EndImpersonate() FUNCTION Impersonate(UserName As String, UserPassword As String) As Boolean LOCAL nToken, loNet Declare Integer LogonUser IN advapi32 ; String lpszUsername, ; String lpszDomain, ; String lpszPassword, ; Integer dwLogonType, ; Integer dwLogonProvider, ; Long @phToken Declare Integer ImpersonateLoggedOnUser IN WIN32API Long ptr Declare RevertToSelf IN ADVAPI32 nToken = 0 loNET = CREATEOBJECT('wscript.Network') IF LogonUser(UserName, loNET.UserDomain, UserPassword, 2, 0, @nToken) > 0 IF ImpersonateLoggedOnUser(nToken) > 0 CLEAR DLLS loNet.MapNetworkDrive('X:', '\\skyapps\apps') && Map all network drives is neces sary RETURN .t. ENDIF ENDIF CLEAR DLLS RETURN .F. ENDFUNC FUNCTION EndImpersonate() As Boolean Declare RevertToSelf IN ADVAPI32 RevertToSelf() CLEAR DLLS ENDFUNC

------------------------------------------------------------------------------Problem: how to limit access to database files only to designated FoxPro applica tion? Q: does anybody know about similar solution for Novell server (i.e. a FoxPro ap plication starts on workstation and access resources on a Novell server imperson ating the security context)? In many situations FoxPro dbf files can be viewed/modified in Excel, copied, mov ed, deleted by a user with sufficient permissions for the data folder. RunAs utility, available in W2K and XP, can solve this issue. With this utility user A can run FoxPro application with access level of user B. An example: W2K domain: MYDOMAIN W2k server: MYSERVER Data folder on MYSERVER: c:\data Win XP workstation, MYSTATION, current user: Peter FoxPro app on MYSTATION: c:\apps\hr.exe This application maps c:\data on MYSERVER to H: Peter has no access to c:\data on MYSERVER, the data files can not be neither vi ewed nor copied. When he starts hr.exe directly, the application is not able to map the network resource and fails. To start the application properly Peter types in DOS window (can be a batch file as well): runas /user:DataUser@MYDOMAIN "c:\apps\hr.exe" or runas /user:DataUser@MYDOMAIN "c:\apps\hr.exe" | SANUR < password for DataUser > Note, the SANUR part of the above command line is using a freeware utility to p ipe the password to the runas command. Check out http://www.commandline.co.uk/sa nur - William Fields DataUser is user account on MYDOMAIN with access level sufficient to work with f iles in c:\data on MYSERVER. Now hr.exe is able to map c:\data on MYSERVER and works normally. Still Peter ha s no access to data files outside of hr.exe application. Please discuss -- Anatoliy Mogylevets Why not to use Logon User and Impersonate Logged On User API calls to do all the work internally to VFP application? Just a small sample from my collection: From: "Remus Rusanu" Subject: Re: DBF Security Date: 14 2002 . 19:06 This is a reply I posted some time ago into a different thread, but is related t o this subject.

Regards, Remus What kind of server are you refering to? Network file server with VFP DBC on it, database server (SQL or Oracle)? The general answer is yes, , using the Logon User API ake the credentials of the edentials. If the server is a network except this user that will erver. Here's an example: #define #define #define #define #define #define LOGON32_PROVIDER_DEFAULT 0 LOGON32_LOGON_INTERACTIVE LOGON32_LOGON_NETWORK LOGON32_LOGON_BATCH LOGON32_LOGON_SERVICE LOGON32_LOGON_UNLOCK 2 3 4 5 7 you can use the program to log in as a different user function. After this call is made, the program will t given user and will access any resource using this cr server, you can explicitly deny access too all users be the VFP program. Same can be done for a database s

DECLARE integer LogonUser IN AdvApi32.DLL; string szUsername,; string lpszDomain,; string lpszPassword,; integer dwLogonType,; integer dwLogonProvider,; integer @phToken DECLARE integer ImpersonateLoggedOnUser IN AdvApi32.DLL integer hToken DECLARE integer RevertToSelf IN AdvApi32.DLL local nToken nToken = 0 ? LogonUser("username","domain","password",LOGON32_LOGON_INTERACTIVE, LOGON32_PR OVIDER_DEFAULT, @nToken) ? nToken ? ImpersonateLoggedOnUser(nToken) * Access will be granted, you are accessing the dbf as domain\user USE "\\server\share\secret file.dbf" ? RevertToSelf() * Now access will be denied, you are accessing the dbf as the currently user lo gged on at the computer's console. MODIFY FILE "\\server\share\secret file.dbf" Since only the program knows the password for the user that has access to the fi les, only the program can access the files. Advantages: - You let the Windows infrastructure handle security and access rights - Very easy to implement, just call Logon User and Impersonate Logged On User at the very beggining of the program

Disadvantages: - Any resources accessed by the program must be accessible to the program's secr et user. I.e. if you print a report to a network printer, access rights must be granted on that printer. - The password is stored in clear text in the program's exe. You can avoid this using some encryption. HTH, Remus P.S. Sorry, I'm totally new to Wiki, so I suppose somebody can reformat this pag e :( Igor Korolyov Hi Igor, thanks for your reply. I tried those three API calls recently but was n ot able to map network drive, UNC path did not work either. May be I missed some thing, will try again. -- Anatoliy Mogylevets Please keep this discussion going. I've tried to do similar things with Create Process With Logon W (the API-equivalent of Launch As...) with mixed results. I think one has to be careful about the context in which the application is runnin g, that is as a COM server (perhaps under a DCOM-managed identity) or as a stand -alone application. - lc After all Impersonate Logged On User gives better solution (thanks to Igor Koro lyov and Hugo Ranea). So far I tested it within simple FoxPro app -- all worked fine. As soon as I have testing results for much larger application I will post them on this page. -- Anatoliy Mogylevets [2004.10.06] AFAIK there are some settings that affect this API calls - but they are documented in MSDN - process must have SE_TCB_NAME privilege under Win 2 K not to fail on Logon User, and SE_CHANGE_NOTIFY_NAME privilege in "some cases" - sory, don't know what do they mean. As I tried this sample under account that have local computer admin privil eges - I don't have any problems... BTW I don't "map drives", but use UNC path to create (or access) file on protect ed share. New file owner was account, I'm logged in into VFP app - not my usual domain account. BTW they all (my startup account and the one in Logon Usercall) was AD accounts. Igor Korolyov Could this "approach" run under Windows Network that DOES NOT has domain, but w orkgroup? As long as you are able to allow and deny user permissions to folders on local c omputer this approach will work on a local computer (Win XP Pro, W2K). I'm not s ure that without global (domain) user names it will work across a LAN. Someone s hould probably try :) -- Anatoliy Mogylevets I just wanted to point out that there are certain risks using impersonation, for example if the VFP application that is using it opens (within the impersonation code) external programs, for example Explorer, the user would now have the righ ts of the impersonated user, and will be able to delete/view/modify files that a re out of his/her permission scope. Well, I think I was wrong about this (or it is a feature of XP SP2?), and if you try to open explorer even from within the Impersonate/EndImpersonate, it will f ail to open a protected folder ------------------------------------------------------------------------------I am running VFP 9 with SP1 under windows 2k. In order to protect my database/ta ble files on a network I have created a single user who has access to the folder

where the files are contained. This is the only user with access to the folder. When an individual on the network runs the application the application logs on as that user and so has access to the database files, the code goes like this: #define #define #define #define #define #define #define #define #define LOGON32_PROVIDER_DEFAULT 0 LOGON32_PROVIDER_WINNT50 3 LOGON32_PROVIDER_WINNT40 2 LOGON32_PROVIDER_WINNT35 1 LOGON32_LOGON_INTERACTIVE 2 LOGON32_LOGON_NETWORK 3 LOGON32_LOGON_BATCH 4 LOGON32_LOGON_SERVICE 5 LOGON32_LOGON_UNLOCK 7

DECLARE integer Logon User IN AdvApi32.DLL; string szUsername,; string lpszDomain,; string lpszPassword,; integer dwLogonType,; integer dwLogonProvider,; integer @phToken DECLARE integer Impersonate Logged On User IN AdvApi32.DLL integer hToken DECLARE integer RevertToSelf IN AdvApi32.DLL public nToken nToken = 0 lu=LogonUser("vuser","domain","password",LOGON32_LOGON_INTERACTIVE, LOGON32_PROV IDER_DEFAULT, @nToken) ip=ImpersonateLoggedOnUser(nToken) This all works well and gives the desired result...the files are accessible to t he application only and when done the application issues '=REVERTTOSELF()'. The problem comes in after I issue the Impersonate Logged On User call I can no long er get the GETFILE() function to work in VFP. The easiest way to reproduce this is to run the above code in a prg and execute GETFILE() from the command window. This fails for me, as it does in my larger application. Any help is appreciated Roy I'm guessing that the proxy user doesn't have the rights to access the local fil esystem and/or registry and GetFile() is trying to look at them before showing i tself. Do you get an error, or does the dialog just not show? There's a possibility that calling the Open File dialog directly could work, the re's an example in the samples\solution app. Stuart Dunkeld