1. 首頁
  2. 問答
  3. Impersonnate admnistrator只能在.net中使用的功能

Impersonnate admnistrator只能在.net中使用的功能

2012-09-28 55 views
1

我有一個程序,我需要對文件夾訪問權進行一些更改,通常情況下,只有管理員用戶纔可以這樣做。但是,對於特定情況,即使正在運行應用程序的用戶沒有管理員權限,我也必須能夠'假裝'我是管理員並進行一些更改。Impersonnate admnistrator只能在.net中使用的功能

有什麼辦法可以執行這樣的任務嗎?

感謝

編輯:具有用戶名/密碼,如果這是必需是沒有問題的。

來源

2012-09-28 David Brunelle

+0

您是否在談論Windows用戶和權限? – SLaks

+0

是的,我們有一個AD,我需要暫時假裝我是管理員,但是一旦任務完成,我需要恢復爲普通用戶。 –

回答

3

像這樣的事情對於當前用戶:

System.Security.Principal.WindowsImpersonationContext impersonationContext; 
impersonationContext = 
    ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate(); 

//Insert your code that runs under the security context of the authenticating user here. 

impersonationContext.Undo();

如果您正在尋找冒充特定的用戶則更多的工作將需要:

http://platinumdogs.me/2008/10/30/net-c-impersonation-with-network-credentials/

來源

2012-09-28 20:59:20

+0

這聽起來相當複雜,模仿一個用戶。我想我會把它放在一個dll中,這樣我可以重複使用它。 –

1 
public class ImpersonationDemo 
{ 
    [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] 
    public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, 
     int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken); 

    [DllImport("kernel32.dll", CharSet = CharSet.Auto)] 
    public extern static bool CloseHandle(IntPtr handle); 

    // Test harness. 
    // If you incorporate this code into a DLL, be sure to demand FullTrust. 
    [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")] 
    public static void Main(string[] args) 
    { 
     SafeTokenHandle safeTokenHandle; 
     try 
     { 
      string userName, domainName; 
      // Get the user token for the specified user, domain, and password using the 
      // unmanaged LogonUser method. 
      // The local machine name can be used for the domain name to impersonate a user on this machine. 
      Console.Write("Enter the name of the domain on which to log on: "); 
      domainName = Console.ReadLine(); 

      Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName); 
      userName = Console.ReadLine(); 

      Console.Write("Enter the password for {0}: ", userName); 

      const int LOGON32_PROVIDER_DEFAULT = 0; 
      //This parameter causes LogonUser to create a primary token. 
      const int LOGON32_LOGON_INTERACTIVE = 2; 

      // Call LogonUser to obtain a handle to an access token. 
      bool returnValue = LogonUser(userName, domainName, Console.ReadLine(), 
       LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, 
       out safeTokenHandle); 

      Console.WriteLine("LogonUser called."); 

      if (false == returnValue) 
      { 
       int ret = Marshal.GetLastWin32Error(); 
       Console.WriteLine("LogonUser failed with error code : {0}", ret); 
       throw new System.ComponentModel.Win32Exception(ret); 
      } 
      using (safeTokenHandle) 
      { 
       Console.WriteLine("Did LogonUser Succeed? " + (returnValue ? "Yes" : "No")); 
       Console.WriteLine("Value of Windows NT token: " + safeTokenHandle); 

       // Check the identity. 
       Console.WriteLine("Before impersonation: " 
        + WindowsIdentity.GetCurrent().Name); 
       // Use the token handle returned by LogonUser. 
       WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()); 
       using (WindowsImpersonationContext impersonatedUser = newId.Impersonate()) 
       { 

        // Check the identity. 
        Console.WriteLine("After impersonation: " 
         + WindowsIdentity.GetCurrent().Name); 
       } 
       // Releasing the context object stops the impersonation 
       // Check the identity. 
       Console.WriteLine("After closing the context: " + WindowsIdentity.GetCurrent().Name); 
      } 
     } 
     catch (Exception ex) 
     { 
      Console.WriteLine("Exception occurred. " + ex.Message); 
     } 

    } 
} 
public sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid 
{ 
    private SafeTokenHandle() 
     : base(true) 
    { 
    } 

    [DllImport("kernel32.dll")] 
    [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] 
    [SuppressUnmanagedCodeSecurity] 
    [return: MarshalAs(UnmanagedType.Bool)] 
    private static extern bool CloseHandle(IntPtr handle); 

    protected override bool ReleaseHandle() 
    { 
     return CloseHandle(handle); 
    } 
}

更多信息:http://msdn.microsoft.com/en-us/library/system.security.principal.windowsimpersonationcontext.aspx

來源

2012-09-28 21:16:57

相關問題

 相關問題