1
我是相當新的C#之間傳遞的憑據,所以請溫柔:)C#有道的運形式和服務贏得
我想什麼來完成是創建一個應用程序,以便有一定的團隊在這裏工作是能夠修改某些DNS條目。出於安全原因,我們無法爲其Active Directory用戶帳戶修改對DNS的訪問權限,並且我們試圖擺脫爲它們更改DNS條目,因爲它耗費我們大量的時間。
因此,我創建了一個Windows服務,其中包含幾種獲取和修改DNS條目的方法以及一個使用Windows服務方法的Windows窗體。目的是使Windows服務在Active Directory用戶帳戶(服務帳戶)下運行,該帳戶已修改了對DNS的訪問權限,並使Windows窗體在其正常用戶帳戶下運行。
如果我運行窗體作爲我的管理員帳戶(它具有修改DNS訪問權限),但是當我在我的正常用戶帳戶下運行窗體(它沒有修改DNS訪問權限)時,例外,
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at ChangeDNS.ChangeDNSService.getCName(String cName) in C:\Tools\Projects\ChangeDNSService\ChangeDNSService\Program.cs:line 58
我無法找到引用或例子一些光棚什麼我缺少什麼合適的方式來傳遞的表單以及Windows服務之間的憑證。能否請你幫忙指點我的方向,因爲這將是非常感謝。
感謝和問候,
達裏安
編輯:
表單具有下面的代碼,
ServiceReference1.ChangeDNSClient dnsClient = new ServiceReference1.ChangeDNSClient();
dnsClient.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
Console.WriteLine(dnsClient.getCName("TestDarianCName1"));
的服務具有下面的代碼,
public string getCName(string cName)
{
serviceLog.Source = serviceName;
string returnServer = "";
try
{
ConnectionOptions connection = new ConnectionOptions();
ManagementScope oMs = new ManagementScope("\\\\" + dnsServer + "\\root \\microsoftdns", connection);
string strQuery = "select * from microsoftdns_" + recType + "Type where containername = '" + domain + "' and OwnerName = '" + cName + "." + domain + "'";
ManagementObjectSearcher oS = new ManagementObjectSearcher(strQuery);
oS.Scope = oMs;
ManagementObjectCollection oRc = oS.Get();
foreach (ManagementObject oR in oRc)
{
returnServer = oR["RecordData"].ToString();
}
}
catch (Exception e)
{
serviceLog.WriteEntry("Exception caught:\n\n" + e.ToString());
}
return returnServer;
}
它認爲我在行ManagementObjectCollection oRc = oS.Get();
EDIT2:
客戶端綁定:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IChangeDNS" />
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8216/ServiceChangeDNS/service"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IChangeDNS"
contract="ServiceReference1.IChangeDNS" name="WSHttpBinding_IChangeDNS">
<identity>
<servicePrincipalName value="host/MyComputerName.domain.local" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
服務綁定:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<services>
<service behaviorConfiguration="ChangeDNSServiceBehavior" name="ChangeDNS.ChangeDNSService">
<endpoint address="" binding="wsHttpBinding" contract="ChangeDNS.IChangeDNS" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8216/ServiceChangeDNS/service" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ChangeDNSServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="False"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
提供的錯誤聽起來像是預期的,不是嗎?說你的AD用戶帳戶沒有訪問權限,所以當你以普通帳戶的身份運行它時,你會得到一個訪問被拒絕的錯誤......不確定問題是什麼。發表一些示例代碼/重新解釋問題?你只是試圖讓應用程序完全使用不同的帳戶運行? – sab669
Quote:「它沒有修改訪問DNS」。你還希望發生什麼? 「訪問被拒絕」的意思是「沒有修改權限」。 –
@ sab669 - 對不起,如果我不清楚,我試圖使用服務帳戶的憑據來修改DNS,而不是用戶的憑據。因此,用戶運行窗體從他們的帳戶,調用具有正確的憑據來修改DNS –