BTW: You also could use the LogonUser API since you know both username as well as password.
Arno Garrels wrote: > Fastream Technologies wrote: >> Hello Arno, >> >> Either we are having a kind of communication problem or you did not >> read what I sent you privately. We prefer to sponsor YOU to do it for >> some money so that WE donate the code to OVERBYTE. > > I think what you want is something that should be coded at the > application level. Derive your own component from TFtpCtrlSocket add > a TNtlmAuthSession. When the user is logged validate user > credentials, don't cleanup the session. Before a transfer starts you > will have to impersonate the context at least once temporarily in > order to check whether access is allowed. If subsequent read/write > operations shall be executed in server context the server must own > the same or higher privileges, of course. I've never coded something > like that so it's just an idea of how it might work. > >> If this is not >> possible, then there are some more questions we must ask. Such as >> what should be passed to "domain" which was not asked in our reverse >> proxy! > > AFAIR, if blank current domain or local host is used, otherwise > specified domain, but not for sure, it was very easy to scribble a > small test project to find that out. > > -- > Arno Garrels [TeamICS] > http://www.overbyte.be/eng/overbyte/teamics.html > >> >> Regards, >> >> SZ >> >> On 5/8/07, Arno Garrels <[EMAIL PROTECTED]> wrote: >>> Fastream Technologies wrote: >>>> Ok. Another misunderstanding... Let me explain: the client will >>>> send the USER PASS just as any FTP client does. Then the server >>>> will decide what rights he has wrt Activedirectory domain. I hope >>>> you get it now. >>> >>> In OverbyteIcsNtlmSsp.pas have a look at function >>> >>> TNtlmAuthSession.ValidateUserCredentials( >>> const AUser, APassword, ADomain: String; >>> CleanUpSession: Boolean): Boolean; >>> >>> If you want to call ImpersonateContext/RevertContext pass FALSE in >>> parameter CleanUpSession. >>> >>> -- >>> Arno Garrels [TeamICS] >>> http://www.overbyte.be/eng/overbyte/teamics.html >>> >>>> >>>> Regardsi, >>>> >>>> SZ >>>> >>>> On 5/8/07, Arno Garrels <[EMAIL PROTECTED]> wrote: >>>>> Fastream Technologies wrote: >>>>>> I am talking about FTP SERVER. Can you help us build NTLM >>>>>> security to TFtpServer? Or, IS THIS POSSIBLE? >>>>> >>>>> Do you know any FTP client with NTLM support? >>>>> >>>>> -- >>>>> Arno Garrels [TeamICS] >>>>> http://www.overbyte.be/eng/overbyte/teamics.html >>>>> >>>>>> >>>>>> Regards, >>>>>> >>>>>> SZ >>>>>> >>>>>> On 5/7/07, Arno Garrels <[EMAIL PROTECTED]> wrote: >>>>>>> I missed the keyword "FTP". NTLM isn't available in any of the >>>>>>> FTP components. >>>>>>> >>>>>>> Arno Garrels wrote: >>>>>>>> Fastream Technologies wrote: >>>>>>>> >>>>>>>>> - Arno told me that one would need to impersonate the thread >>>>>>>>> and then attempt to read/write on network. However, since the >>>>>>>>> thread is also used by other users, would we need to >>>>>>>>> impersonate every time we do a TFileStream operation?? Or is >>>>>>>>> it just for the test?? >>>>>>>> >>>>>>>> If the server admin wants to control access to files'n folders >>>>>>>> only by Windows security you probably hit the point where one >>>>>>>> (impersonated) thread per user was best choice? Otherwise you >>>>>>>> could handle NTLM like any other authentication type. >>>>>>>> >>>>>>>> -- >>>>>>>> Arno Garrels [TeamICS] >>>>>>>> http://www.overbyte.be/eng/overbyte/teamics.html >>>>>>> -- >>>>>>> To unsubscribe or change your settings for TWSocket mailing list >>>>>>> please goto http://www.elists.org/mailman/listinfo/twsocket >>>>>>> Visit our website at http://www.overbyte.be >>>>> -- >>>>> To unsubscribe or change your settings for TWSocket mailing list >>>>> please goto http://www.elists.org/mailman/listinfo/twsocket >>>>> Visit our website at http://www.overbyte.be >>> -- >>> To unsubscribe or change your settings for TWSocket mailing list >>> please goto http://www.elists.org/mailman/listinfo/twsocket >>> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
