使用模擬創建Windows文件夾

Question

我正在嘗試使用由加密的.config文件提供的有限管理員帳戶的憑據創建文件夾，現在我的代碼正在假設用戶無法訪問這些目錄，因此，如果授予訪問代碼的權限，則會引發未授權的調用，但我無法這樣做，因爲這會危及我們的安全。我知道如何從加密文件中取出我的用戶名/密碼，我只是不確定我應該用什麼庫或語法來模擬;這是我的代碼：

//set the cursor 

string activeDir = "\\\\department\\shares\\users\\"; 

//create directory with userID as the folder name 

string newPath = System.IO.Path.Combine(activeDir + userID); 

System.IO.Directory.CreateDirectory(newPath); 

，所以我需要一種方法來提供憑據，但我在我一直在使用System.DirectoryServices.AccountManagement和pricipalcontext爲更改提供用戶名/口令的損失 - 到活動目錄...我是否需要使用類似的庫來更改文件系統？ 任何幫助將不勝感激，謝謝！

Answer 1

我想你可以暫時模仿該用戶執行此操作的線程。看來這隻能用P/Invoke完成。看看this example。

using (var impersonation = new ImpersonatedUser(decryptedUser, decryptedDomain, decryptedPassword)) 
{ 
    Directory.CreateDirectory(newPath); 
} 

爲了完整起見（如果鏈接停止某一天的工作），找到ImpersonatedUser類以下（學分Jon Cole）：

using System; 
using System.ComponentModel; 
using System.Runtime.InteropServices; 
using System.Security.Principal; 

public class ImpersonatedUser : IDisposable 
{ 
    IntPtr userHandle; 

    WindowsImpersonationContext impersonationContext; 

    public ImpersonatedUser(string user, string domain, string password) 
    { 
     userHandle = IntPtr.Zero; 

     bool loggedOn = LogonUser(
      user, 
      domain, 
      password, 
      LogonType.Interactive, 
      LogonProvider.Default, 
      out userHandle); 

     if (!loggedOn) 
      throw new Win32Exception(Marshal.GetLastWin32Error()); 

     // Begin impersonating the user 
     impersonationContext = WindowsIdentity.Impersonate(userHandle); 
    } 

    public void Dispose() 
    { 
     if (userHandle != IntPtr.Zero) 
     { 
      CloseHandle(userHandle); 

      userHandle = IntPtr.Zero; 

      impersonationContext.Undo(); 
     } 
    } 

    [DllImport("advapi32.dll", SetLastError = true)] 
    static extern bool LogonUser(

     string lpszUsername, 

     string lpszDomain, 

     string lpszPassword, 

     LogonType dwLogonType, 

     LogonProvider dwLogonProvider, 

     out IntPtr phToken 

     ); 

    [DllImport("kernel32.dll", SetLastError = true)] 
    static extern bool CloseHandle(IntPtr hHandle); 

    enum LogonType : int 
    { 
     Interactive = 2, 
     Network = 3, 
     Batch = 4, 
     Service = 5, 
     NetworkCleartext = 8, 
     NewCredentials = 9, 
    } 

    enum LogonProvider : int 
    { 
     Default = 0, 
    } 

} 

Answer 2

使用Windows網絡（WNET）功能。他們受到Windows 2000及更高版本的支持。包裝：

public class WNet 
{ 
    public static void AddConnection(string resource, string username, string password) 
    { 
     NETRESOURCE nr = new NETRESOURCE(); 
     nr.RemoteName = resource; 
     uint err = WNetAddConnection2W(ref nr, password, username, 0); 
     if (err != 0) 
      throw new RemoteDirectoryException(string.Format("WNetAddConnection2 failed with error: #{0}", err)); 
    } 

    private struct NETRESOURCE 
    { 
     public uint Scope; 
     public uint Type; 
     public uint DisplayType; 
     public uint Usage; 
     public string LocalName; 
     public string RemoteName; 
     public string Comment; 
     public string Provider; 
    } 

    [DllImport("mpr.dll", CharSet = CharSet.Unicode)] 
    private extern static uint WNetAddConnection2W(ref NETRESOURCE lpNetResource, string lpPassword, string lpUsername, uint dwFlags); 
} 

添加連接，資源和創建目錄：

string activeDir = "\\\\department\\shares\\users\\"; 
string username = "username"; 
string password = "password"; 

WNet.AddConnection(activeDir, username, password); 

string newPath = System.IO.Path.Combine(activeDir, userID); 
System.IO.Directory.CreateDirectory(newPath);