Thanks; I'll tell my client about this.
>Got it.
>
>If you feel like it, I extracted this from the wikis:
>
>-------------------------
>
>>Problem: how to limit access to database files only to designated FoxPro application?
>>
>>Please follow this link:
>>
http://fox.wikis.com/wc.dll?Wiki~RunAsAnotherUser>>
>>Thanks!
>
>>Problem: how to limit access to database files only to designated FoxPro application?
>>
>>Please follow this link:
>>
http://fox.wikis.com/wc.dll?Wiki~RunAsAnotherUser>>
>>Thanks!
>
>We had done this for testing some time ago, and it worked pretty well AFAWK, but without using run as, just doing the impersonation directly from within foxpro code.
>
>
>
>* If the table "Products" is in a protected folder, for example and the user "ProdAdmin" has rights to the folder, then:
>
>if Impersonate("ProdAdmin", "ProdPassword")
> * I use a mapped drive just as an example, of course it is not needed or desireble
> USE X:\ProductFolder\Products
>endif
>* Do some process
>
>EndImpersonate()
>
>
>FUNCTION Impersonate(UserName As String, UserPassword As String) As Boolean
> LOCAL nToken, loNet
> Declare Integer LogonUser IN advapi32 ;
> String lpszUsername, ;
> String lpszDomain, ;
> String lpszPassword, ;
> Integer dwLogonType, ;
> Integer dwLogonProvider, ;
> Long @phToken
>
> Declare Integer ImpersonateLoggedOnUser IN WIN32API Long ptr
>
> Declare RevertToSelf IN ADVAPI32
>
> nToken = 0
> loNET = CREATEOBJECT('wscript.Network')
> IF LogonUser(UserName, loNET.UserDomain, UserPassword, 2, 0, @nToken) > 0
> IF ImpersonateLoggedOnUser(nToken) > 0
> CLEAR DLLS
> loNet.MapNetworkDrive('X:', '\\skyapps\apps')
> RETURN .t.
> ENDIF
> ENDIF
> CLEAR DLLS
> RETURN .F.
>ENDFUNC
>
>FUNCTION EndImpersonate() As Boolean
> Declare RevertToSelf IN ADVAPI32
> RevertToSelf()
> CLEAR DLLS
>ENDFUNC
>
>
>Now the code between Impersonate() and EndImpersonate() would have the rights of the user passed as parameter. Note that this can be dangerous, for example if you open explorer while impersonating (within the program, for the impersonation is just scoped to the vfp session), the user would have all rights of the impersonated user.
>
>-------------------------------
Difference in opinions hath cost many millions of lives: for instance, whether flesh be bread, or bread be flesh; whether whistling be a vice or a virtue; whether it be better to kiss a post, or throw it into the fire... (from Gulliver's Travels)