SAS EG asking for credentials "randomly" when called from VB - vba

I have the following function in an Excel sheet module, which sends SQL queries to SAS:
Function run_query(query)
Dim app ' application
Dim project ' Project object
Dim sasProgram ' Code object (SAS program)
Set app = CreateObject("SASEGObjectModel.Application.5.1")
Set project = app.New
Set sasProgram = project.CodeCollection.Add
sasProgram.Text = "PROC SQL;" + query + " QUIT;"
sasProgram.Run
app.Quit
End Function
It sometimes works like a charm, and most often doesn't, as it asks for my credentials (triggered by command sasProgram.Run as it's where the debugger stops), I didn't find a way to make the error, or success, reproducible.
I've set my credentials persistence to Persist for user but I still have issues.
I've also tried to set my Autentification to None (attempt anonymous connection) and Windows integrated (Uses your current windows account) and none of them changed the situation.

Related

VBNet changing Active Directory passwords of expired or one time password accounts

I need to change the Passwords of an Active Directory account in windows 10 in VB.NET.
The program, I wrote, runs as local administrator,
My working code with a valid user account is (Domain_xps and UserName_xps are Strings and pwdPtr System.Runtime.InteropServices.Marshal.SecureStringToBSTR of a SecureString):
dEntry = New DirectoryServices.DirectoryEntry("LDAP://" & Domain_xps, UserName_xps
, System.Runtime.InteropServices.Marshal.PtrToStringBSTR(pwdPtr)
, System.DirectoryServices.AuthenticationTypes.Secure
+ System.DirectoryServices.AuthenticationTypes.Sealing
+ System.DirectoryServices.AuthenticationTypes.ServerBind) ',pwd)
nativeObject = dEntry.NativeObject
Dim searcher_Fullname_xpo As System.DirectoryServices.DirectorySearcher
= New System.DirectoryServices.DirectorySearcher(dEntry)
With searcher_Fullname_xpo
.Filter = "(&(objectClass=User) (sAMAccountName=" & UserName_xps & "))"
End With
result_xpo = searcher_Fullname_xpo.FindOne
Dim user As DirectoryServices.DirectoryEntry 'open directory
user = result_xpo.GetDirectoryEntry() 'get directory results
user.Username = UserName_xps
user.Password = PWD_xps
user.Path = result_xpo.GetDirectoryEntry().Path
user.AuthenticationType = System.DirectoryServices.AuthenticationTypes.Secure
+ System.DirectoryServices.AuthenticationTypes.Sealing
+ System.DirectoryServices.AuthenticationTypes.ServerBind
user.Options.PasswordPort = 389
user.Options.PasswordEncoding = 1
user.Invoke("ChangePassword", New Object() {PWD_xps, PWDNeu_xps})
user.CommitChanges() 'commit changes
user.Close() 'close directory
But if a account has expired through holidays or if a new user with a one time password is generated and tries to change his password, i get an error.
The user or password are wrong.
while debugging i noticed, that following lines produce the same error.
nativeObject = dEntry.NativeObject
Dim searcher_Fullname_xpo As System.DirectoryServices.DirectorySearcher = New System.DirectoryServices.DirectorySearcher(dEntry)
With searcher_Fullname_xpo
.Filter = "(&(objectClass=User) (sAMAccountName=" & UserName_xps & "))"
End With
result_xpo = searcher_Fullname_xpo.FindOne
And also
user.Options.PasswordPort = 389
user.Options.PasswordEncoding = 1
user.Invoke("ChangePassword", New Object() {PWD_xps, PWDNeu_xps})
each of these produce the error and doesn't change the password correctly, after encapsulating every line in a try catch expression.
Active Directory shows a change, but the user account is not valid any more.
I tried basically the same methods, in hope that i could set the options.
Dim ADS_OPTION_PASSWORD_PORTNUMBER As Long = 6
Dim ADS_OPTION_PASSWORD_METHOD As Long = 7
Dim ADS_PASSWORD_ENCODE_REQUIRE_SSL As Integer = 0
Dim ADS_PASSWORD_ENCODE_CLEAR As Integer = 1
Try
user.Invoke("SetOption", New Object() {ADS_OPTION_PASSWORD_PORTNUMBER, 389})
Catch ex3 As Exception
End Try
Try
user.Invoke("SetOption", New Object() {ADS_OPTION_PASSWORD_METHOD, ADS_PASSWORD_ENCODE_CLEAR})
Catch ex3 As Exception
End Try
And i tried also
user.Invoke("SetPassword", New Object() {PWDNeu_xps})
the error message stays the same
To set the password seems the right way, but as i can't set the password port or enable the password method, it produces the same error.
i also found this old thread How to change password in active directory when password expired
but that is not longer possible under windows 10.
How can i change the password, of an expired account with the needed options in VB Net or can i configure the account, so that it is possible to achieve it.
So an update on this situation. 28.10.2021
I also tried as workaround a powershell command as described in Microsoft or here for that matter.
And the same thing happens, the password change isn't possible,
Set-ADAccountPassword : The server has rejected the client credentials.
With a valid user the comand works as does it in DotNet
Write a program in a 32 bit version of C or up to C++11 on a 32 bit version of Microsoft Windows up to XP pro sp2 (and not later version) which does what you want to do. Compile it with Code::Blocks up to version 17.12 and not a later version. Do not allow any version of Visual C++ or Visual Basic or Visual Studio on that computer before or during this process.
Load and run that program, on your Windows 10 computer, as the highest administrator level that Windows 10 will "allow". If you cannot get it to run compiled as GUI, then try to get it to run compiled as CLI. Remember, This is Extremely important: Compile the program as a stand-alone single executable that uses NO external dlls.
Change the password outside of any Windows 10 commands. Edit the file that they are in with your program, and do not tell Windows 10 anything is happening.

Using stored credentials in powershell through vb.net

I've written a pair of apps; one that issues powershell scripts to clients (the server) and one that executes powershell scripts passed to it (the client).
I've added functions to detect if a particular script requires elevation.
In the event that a script requires elevation, the server app prompts the user for their credentials. The password is converted to a secure string and saved in a SQL database, as is the username along with the script.
The client app grabs the script and, if elevation is required, grabs the username and secure string then tries to build a credential object from it.
The functionality is working fine for non-elevated scripts, but elevated scripts are not working. Its not erroring or throwing an exception (finally) but the scripts are not executed.
The first part of this process reads the data from SQL into a datatable and then i loop through the rows of that datatable.
Once I've got a row that contains a script that needs running, I build the script.
Here's how I'm building and executing the powershell in VB...
If this_routine_elevation_required = 1 Then
Dim scriptbody As String = row("scriptbody").ToString
Dim elevated_user_un As String = row("elevated_user").ToString
Dim elevated_user_ss As String = row("securestring").ToString
credential_script = "$securepassword = '" & elevated_user_ss & "' | ConvertTo-SecureString; $username='" & elevated_user_un & "';$credential = New-Object System.Management.Automation.PsCredential($username, $securepassword)"
action_response = RunPowershellScript(credential_script & "; " & scriptbody)
End If
and here is the function that executes the powershell (using 'Imports System.Management.Automation)...
Private Function RunPowershellScript(ByVal scriptText As String) As String
' create Powershell runspace
Dim MyRunSpace As Runspace = RunspaceFactory.CreateRunspace()
MyRunSpace.Open()
Dim MyPipeline As Pipeline = MyRunSpace.CreatePipeline()
MyPipeline.Commands.AddScript(scriptText)
Dim results As Collection(Of PSObject) = MyPipeline.Invoke()
MyRunSpace.Close()
Dim MyStringBuilder As New StringBuilder()
For Each obj As PSObject In results
MyStringBuilder.AppendLine(obj.ToString())
Next
Return MyStringBuilder.ToString()
End Function
I've thrown up a messagebox of the script before its passed to the RunPowershellScript function so i could make sure nothing was malformed or to ensure i wasnt doing anything stupid (i've manipulated the secure string for the purposes of this image)...
The example here is just a test to see if the executor could stop the W32Time service, something that would normally require elevation. It does not work.
I get an empty response back from the RunPowershellScript function and the service continues to run.
It occured to me that I'm getting a securestring from the database and then converting that securestring to a securestring, so perhaps its not ending up with the correct valid password in $credential, but from what i understand I have to provide a securestring for the password parameter of PsCredential, and without -ConvertTo-SecureString it would consider the password to just be a string. I tried this and it threw an exception about the password being null.
Can anyone help point me in the right direction?
Many thanks in advance.
Is the script running locally on the target or from the server?
Credential objects are specific to the computer AND user account which creates them, so they are not transferable and can only be used on the computer which creates them.

MS-Access in Sharepoint - what data available?

For better or worse we are launching an Access db from Sharepoint. Note that this db is not PUBLISHED to SP, people just double-click the link and open the db on their desktops.
So now we need to begin imposing the equivalent of some roles-based edit restrictions. I know there is a VBA CurrentWebUser function and a CurrentWebUserGroups which provides some basic data about who's accessing an Office file from Sharepoint. However my reading and limited experimenting with this stuff leads me to suspect that, for Access at least, these will only work with published dbs, and not ones that are just being launched and run locally, like we're doing.
Is there anything I can get from SP in a case like this? Web user and user group would be useful, so would whichever site/page the link is being clicked on. Is any of this available?
Thanks.
rabbit
Well, not in any simple way.
As you've already determined, Application.CurrentWebUser just returns Null.
However, there are several ways to query the user information from SharePoint.
The recommended way (also by me) if you're going to work with SharePoint extensively, is to use the CSOM api, which requires a .Net language, so you'll have to create a COM module, authenticate it separately, and that's all a lot of work.
However, if you're only using simple GET requests, you can also use the REST API and re-use the authentication MS Access uses itself (since MS Access uses MSXML2 to submit web requests to SharePoint, we can create our own MSXML2.XMLHTTP object and it will re-use the cookies Access uses).
The following code uses the JSONInterpreter object I've shared here on GitHub. You could convert it to use XML and MSXML if you don't want that dependency, though.
To execute a request, I use the following code, that assumes the Access application is authenticated, but if it isn't, it connects to the SharePoint site using ADO.
(For this code, MySiteName is a global variable containing the URL of your SharePoint site, without a trailing slash)
Public Function SPRestGetJSON(Site As String, Request As String) As String
Dim tries As Long
Dim Success As Boolean
Do
'Try to execute request
tries = tries + 1
Dim xmlHttpReq As Object 'MSXML2.XMLHTTP60
Set xmlHttpReq = CreateObject("Msxml2.XMLHTTP.6.0") 'New MSXML2.XMLHTTP60
xmlHttpReq.Open "GET", Site & Request, False
xmlHttpReq.setRequestHeader "Content-Type", "application/json"
xmlHttpReq.setRequestHeader "Accept", "application/json;odata=nometadata"
xmlHttpReq.send
Dim root As JSONInterpreter
Set root = New JSONInterpreter
root.JSON = xmlHttpReq.responseText
If Not root.Exists("odata.error") Then
Success = True
End If
If Not Success And tries = 1 Then
'Connect to SharePoint using WSS + ADO to create auth cookies inside MSXML
Dim conn As Object 'ADODB.Connection
Set conn = CreateObject("ADODB.Connection") 'New ADODB.Connection
conn.Open "Provider=Microsoft.ACE.OLEDB.12.0;WSS;DATABASE=" & Site
On Error Resume Next
conn.Execute "SELECT 1 From SomeTable" 'Execute to non-existent table but connect to sharepoint
On Error GoTo 0
conn.Close
End If
Loop While tries < 2 And Success = False
SPRestGetJSON = xmlHttpReq.responseText
End Function
Then, we can use that in a simple function:
Public Function GetSPUsername() As String
Dim jsi As New JSONInterpreter
jsi.JSON = SPRestGetJSON(MySiteName, "/_api/Web/CurrentUser")
GetSPUsername = jsi.item("LoginName").VBAVariant
End Function
Getting groups is also available. This code returns an array of dictionary objects, you can view the available keys in the locals window:
Public Function GetSPGroups() As Variant 'Array of dictionaries
Dim jsi As New JSONInterpreter
jsi.JSON = SPRestGetJSON(SiteName, "/_api/Web/CurrentUser/Groups")
GetSPGroups = jsi.item("value").VBAVariant
End Function
Then, to get the title of the first group the current user is a member of in the immediate window, we can use:
?GetSPGroups(0)!Title

Setting MS Access password at runtime in vb.net designer generated system

I am developing a VB.NET update system for a volunteer organisation’s MS Access database. The database is protected by a password as it contains personal information. I have created the application using the VB designer. I need to be able to code the application so that, if the owner decides to change the MS Access password, they will have no need to come back to me to change the code and rebuild the solution. In other words, I do not want the password to be hard coded in the app.config file or the settings.designer.vb file. My code should not need to know the password as a simple call to one of the Fill functions can test any password entered by the user. My problem is that I have found no way to alter the connection string that is tested in the setttings.designer.vb code whenever the database is accessed. I am using Visual Studio 2017.
I have spent a long time searching the web for answers and have tried various solutions involving the configurationmanager without success. I am new to this area so I would be most grateful if anyone here can help.
Here is my latest attempt which still produces an invalid password error even though the third debug statement suggests that the connection string, including the password, has been correctly set.
Public Sub UpdateConnString(connString As String)
Dim configFileMap As New ExeConfigurationFileMap()
Dim config As Configuration = ConfigurationManager.OpenExeConfiguration(configFileMap.ExeConfigFilename)
Dim connStringName As String = "TestConnectionString"
Debug.Print("0 " + config.ConnectionStrings.ConnectionStrings(connStringName).ConnectionString)
config.ConnectionStrings.ConnectionStrings(connStringName).ConnectionString = connString
Debug.Print("1 " + config.ConnectionStrings.ConnectionStrings(connStringName).ConnectionString)
config.Save(ConfigurationSaveMode.Modified, True)
Debug.Print("2 " + config.ConnectionStrings.ConnectionStrings(connStringName).ConnectionString)
End Sub
Just because a connection string is stored in the config file, you aren't required to use it as it is. You can read in that default value and then edit it before using it, e.g.
Dim builder As New OleDbConnectionStringBuilder(My.Settings.DefaultConnectionString)
builder.DataSource = dataSource
Dim connectionString = builder.ConnectionString
You can add or modify any part of a connection string you want that way at run time.
Thank you for your response. Unfortunately, the code throws a compilation error - "DefaultConnectionString is not a member of My.Settings".
Fortunatley I have now managed to find a working solution:
'My.Settings.Item("TestConnectionString") = connectionString

Access to path is denied when trying to import from the client's desktop with SSIS

I'm creating a html page that will import an excel file in to a tracking system. On a button click event excel file is located / ssis package is fired / data imported then closed out. Thats the idea work flow. Problem is the excel file access is being denied before the package even executes
Here is the exact error :
I've tried :
excel file properties have been shared to everyone
identity impersonate set to true
hard coding the path
here is the VB code
Protected Sub bntExecute_Click(sender As Object, e As EventArgs) Handles btnExecute.Click
Dim app As Application = New Application()
Dim package As Package = Nothing
'Dim fileName As String = "C:\Users\Desktop\T. Bryant III\PTSID_Update_Template"'
Try
Dim fileName As String = Server.MapPath(System.IO.Path.GetFileName(FileUpload1.PostedFile.FileName.ToString()))
FileUpload1.PostedFile.SaveAs(fileName)
package = app.LoadPackage("#C:\Users\Desktop\T.Bryant III\KitImport", Nothing)
'excel connection from package'
package.Connections("SourceConnectionExcel").ConnectionString = "provider=Microsoft.Jet.OLEDB.4.0data source =" + fileName + "Extended Properties = Excel 8.0"
'Execute the pakage'
Dim results As Microsoft.SqlServer.Dts.Runtime.DTSExecResult = package.Execute()
Catch ex As Exception
Throw ex
Finally
package.Dispose()
package = Nothing
End Try
End Sub
Thanks in advance or if there is an easier way to do this please let me know. The package when executing it in ssis works fine with its own connection manager etc.
A few things to try. If they don't work for you as permanent solutions, they should at least confirm that your code is working and you are dealing with a persmissions issue (which appears to be the case).
Move your file to the public folder (C:\Users\Public).
Run your application (or web browser) as an administrator (if applicable to your version of Windows).
If you are using a web browser, try using a different one.
If nothing else works, try pasting your code into a Windows Form Application.
If you still get the same error after trying all of this, it's time to take another look at your code. Remove the Try/Catch block to determine precisely which line is throwing the error. If you've tried hard coding, I'm guessing it's the SaveAs method. I'm not sure what class FileUpload1 is, but some SaveAs methods won't overwrite existing files unless you explicitly tell them to. Check the appropriate documentation and see if you don't need to pass a True value somewhere along with filename.
Update us with the results. At the very least, this should narrow down your problem and allow for a better diagnosis of it.