 |
|
|
 首页 |
名片设计 CorelDRAW Illustrator AuotoCAD Painter 其他软件 Photoshop Fireworks Flash |
|
不管是asp.net、web service还是window service,程序运行的时候只有本地计算机的部分权限,有时候需要更大的权限,比如读写某台服务器或域中的一台计算机上的文件等,这就需要更大的权限,比如域帐户权限。 通过获取不同身份的WindowsImpersonationContext对象,可以模仿不同用户登陆,请看我生成的NetworkSecurity类的 public static WindowsImpersonationContext ImpersonateUser(string strDomain, string strLogin, string strPwd, LogonType logonType, LogonProvider logonProvider); 附NetworkSecurity.cs源代码如下: /* * Author : TongWei * Date : 2005-1-25 * Rights : China Netwave Inc.@2005 */ using System; using System.Runtime.InteropServices; using System.Security.Principal; using System.Security.Permissions; namespace CNW.OMP.Common.Utility { public enum LogonType : int { /// <summary> /// This logon type is intended for users who will be interactively using the computer, such as a user /// being logged on by a terminal server, remote shell, or similar process. This logon type has the /// additional expense of caching logon information for disconnected operation, and is therefore /// inappropriate for some client/server applications, such as a mail server. /// </summary> LOGON32_LOGON_INTERACTIVE = 2, /// <summary> /// This logon type is intended for high performance servers to authenticate clear text passwords. /// The LogonUser function does not cache credentials for this logon type. /// </summary> LOGON32_LOGON_NETWORK = 3, /// <summary> /// This logon type is intended for batch servers, where processes may be executing on behalf of a user /// without their direct intervention; or for higher performance servers that process many clear-text /// authentication attempts at a time, such as mail or web servers. The LogonUser function does not cache /// credentials for this logon type. /// </summary> LOGON32_LOGON_BATCH = 4, /// <summary> /// Indicates a service-type logon. The account provided must have the service privilege enabled. /// </summary> LOGON32_LOGON_SERVICE = 5, /// <summary> /// This logon type is intended for GINA DLLs logging on users who will be interactively using the computer. /// This logon type allows a unique audit record to be generated that shows when the workstation was unlocked. /// </summary> LOGON32_LOGON_UNLOCK = 7, /// <summary> /// Windows XP/2000: This logon type preserves the name and password in the authentication packages, /// allowing the server to make connections to other network servers while impersonating the client. /// This allows a server to accept clear text credentials from a client, call LogonUser, verify that /// the user can access the system across the network, and still communicate with other servers. /// </summary> LOGON32_LOGON_NETWORK_CLEARTEXT = 8, /// <summary> /// Windows XP/2000: This logon type allows the caller to clone its current token and specify new credentials /// for outbound connections. The new logon session has the same local identity, but uses different credentials /// for other network connections. /// This logon type is supported only by the LOGON32_PROVIDER_WINNT50 logon provider. /// </summary> LOGON32_LOGON_NEW_CREDENTIALS = 9 }; public enum LogonProvider : int { /// <summary> /// Use the standard logon provider for the system. The default security provider is NTLM. /// Windows XP: The default provider is negotiate, unless you pass NULL for the domain name and /// the user name is not in UPN format. In this case the default provider is NTLM. /// </summary> LOGON32_PROVIDER_DEFAULT = 0, /// <summary> /// Use the Windows NT 3.5 logon provider. /// </summary> LOGON32_PROVIDER_WINNT35 = 1, /// <summary> /// Use the NTLM logon provider. /// </summary> LOGON32_PROVIDER_WINNT40 = 2, /// <summary> /// Windows XP/2000: Use the negotiate logon provider. /// </summary> LOGON32_PROVIDER_WINNT50 = 3 }; class SecuUtil32 { [DllImport("advapi32.dll", SetLastError=true)] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr TokenHandle); [DllImport("kernel32.dll", CharSet=CharSet.Auto)] public extern static bool CloseHandle(IntPtr handle); [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)] public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle); } public class NetworkSecurity { public NetworkSecurity() { // // TODO: Add constructor logic here // } /// <summary> /// The ImpersonateUser function attempts to log a user on to the local computer. /// The local computer is the computer from which ImpersonateUser was called. /// You cannot use ImpersonateUser to log on to a remote computer. /// You specify the user with a user name and domain, and authenticate the user with a clear-text password. /// If the function succeeds, you receive a handle to a token that represents the logged-on user. /// You can then use this token handle to impersonate the specified user, or in most cases, /// to create a process running in the context of the specified user. /// </summary> /// <param name="strDomain"> /// specifies the name of the domain or server whose account database contains the strLogin account. /// </param> /// <param name="strLogin">specifies the name of the user.</param> /// <param name="strPwd">specifies the clear-text password for the user account specified by strLogin.</param> /// <param name="logonType">Specifies the type of logon operation to perform.</param> /// <param name="logonProvider">Specifies the logon provider.</param> /// <example> /// //Add System.Security.dll /// //using System.Security.Principal; /// /// string strDomain=ConfigurationSettings.AppSettings["mSALoginDomainName"]; /// string strUser=ConfigurationSettings.AppSettings["mSALoginDomainUser"]; /// string strPassword=ConfigurationSettings.AppSettings["mSALoginDomainPassword"]; /// /// WindowsImpersonationContext impContext = null; /// try /// { /// impContext = NetworkSecurity.ImpersonateUser(strDomain,strUser,strPassword, /// LogonType.LOGON32_LOGON_SERVICE, /// LogonProvider.LOGON32_PROVIDER_DEFAULT); /// } /// catch /// { /// /// } /// /// //work under this logined user /// /// impContext.Undo(); /// </example> /// <returns> /// </returns> public static WindowsImpersonationContext ImpersonateUser(string strDomain, string strLogin, string strPwd, LogonType logonType, LogonProvider logonProvider) { // Initialize tokens IntPtr tokenHandle = new IntPtr(0); IntPtr dupeTokenHandle = new IntPtr(0); tokenHandle = IntPtr.Zero; dupeTokenHandle = IntPtr.Zero; // If domain name was blank, assume local machine if (strDomain == "") strDomain = System.Environment.MachineName; try { const int SecurityImpersonation = 2; // Call LogonUser to obtain a handle to an access token. bool returnValue = SecuUtil32.LogonUser( strLogin, strDomain, strPwd, (int)logonType, (int)logonProvider, ref tokenHandle); // Did impersonation fail? if (false == returnValue) { int ret = Marshal.GetLastWin32Error(); // Throw the exception show the reason why LogonUser failed string strErr = String.Format("LogonUser failed with error code : {0}", ret); throw new ApplicationException(strErr, null); } // Get identity before impersonation bool retVal = SecuUtil32.DuplicateToken(tokenHandle, SecurityImpersonation, ref dupeTokenHandle); // Did DuplicateToken fail? if (false == retVal) { // Close existing handle SecuUtil32.CloseHandle(tokenHandle); // Throw the exception show the reason why DuplicateToken failed throw new ApplicationException("Failed to duplicate token", null); } // Create new identity using new primary token // The token that is passed to the following constructor must // be a primary token in order to use it for impersonation. WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle); WindowsImpersonationContext impersonatedUser = newId.Impersonate(); return impersonatedUser; } catch (Exception ex) { throw new ApplicationException(ex.Message, ex); } finally { // Close handle if (tokenHandle != IntPtr.Zero) SecuUtil32.CloseHandle(tokenHandle); if (dupeTokenHandle != IntPtr.Zero) SecuUtil32.CloseHandle(dupeTokenHandle); } } } } 返回类别: 教程 上一教程: .NET之ASP Web Form迅速入门(3) 下一教程: 第九章 方式[《.net框架程序设计》读书笔记] 您可以阅读与".net下模仿不同身份登陆以获取不同权限"相关的教程: · 让你的.NET程序兼容不同版本的Dll文件 · 在.NET下获取硬盘序列号的问题 · 用ASP.Net获取客户端网卡的MAC · 一个简朴的ASP.NET Forms 身份认证 · 在.NET中轻松获取系统信息(1) -WMI篇 Montaque(原作) |
  |
| 快精灵印艺坊 版权所有 |
首页 会员中心在线印刷在线编辑付款方式索取样品设计指南连锁门店
|
||
