impersonation

问题 I have a Django app. When logged in as an admin user, I want to be able to pass a secret parameter in the URL and have the whole site behave as if I were another user. Let's say I have the URL /my-profile/ which shows the currently logged in user's profile. I want to be able to do something like /my-profile/?__user_id=123 and have the underlying view believe that I am actually the user with ID 123 (thus render that user's profile). Why do I want that? Simply because it's much easier to

问题 I have developed a quite simple ASP.NET web application that reads the system event logs entries. When I am debugging or running it from VS 2017 (hosted in IIS Express ) I am able to read the log entries without any issue. Once I deploy/publish this asp.net web app on IIS 8 and try to read the system event log entries it doesn't work. If I check the event viewer I get something like this (translated from Spanish) : System.InvalidOperationException: Unable to open the Application record on the

问题 In Windows, a program can get a user access token by calling LogonUser, OpenProcessToken, SSPI functions, and a couple others. Once you have the token, there are quite a few functions that you can pass this token into in order to do things as this user. Do these sort of actions typically have side effects for the "parent" process? For example, you can load the user's profile (registry settings, etc) via LoadUserProfile. Amongst other things, LoadUserProfile will load the user's registry hive

问题 I want to copy a file from remote machine in the same domain. so I am using impersonation to do that. I am using DLLImport of advapi32.dll and it properly impersonate the user. Now when below code line executed i got the following error. \\line File.Copy(@"\\sins00048178\D$\BNCustody\Swift\Received_from_SWIFT\Error_files\E03248681_error.out", @"C:\E03248681_error.out", true); \\Error "Logon failure: user not allowed to log on to this computer." COMPLETE CODE AS REQUESTED [DllImport("advapi32

问题 Given a username and password how do i impersonate that user and run some code as that user. And by managed i mean without pinvokes or dllimports 回答1: This is the wrapper class we created that has worked on several different Windows platforms: public class Impersonator { // constants from winbase.h public const int LOGON32_LOGON_INTERACTIVE = 2; public const int LOGON32_LOGON_NETWORK = 3; public const int LOGON32_LOGON_BATCH = 4; public const int LOGON32_LOGON_SERVICE = 5; public const int

问题 Given a username and password how do i impersonate that user and run some code as that user. And by managed i mean without pinvokes or dllimports 回答1: This is the wrapper class we created that has worked on several different Windows platforms: public class Impersonator { // constants from winbase.h public const int LOGON32_LOGON_INTERACTIVE = 2; public const int LOGON32_LOGON_NETWORK = 3; public const int LOGON32_LOGON_BATCH = 4; public const int LOGON32_LOGON_SERVICE = 5; public const int

问题 I have a SL4 app that uses WCF to communicate with a backend SQL Server 2008 database. One of the WCF services needs to connect to the database with a dedicated system account due to the database permissions required by the stored procedure that is called. I have attempted to implement a solution using impersonation within the service code e.g. int result = LogonUser(userName, domain, password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, out _token); if (result > 0) {

问题 Is calling ImpersonateSecurityContext on the server impersonating the client on the calling thread or for the entire process. The documentation is a bit vague on the matter as it states that "The function creates an impersonation token and allows the thread or process to run with the impersonation context" . I assume that impersonation is only for the calling thread, anything else would be strange, but I want to be sure. 回答1: Per MSDN: Client Impersonation Impersonation is the ability of a

问题 Is it possible to impersonate a user without supplying user name/password? Basically, I'd like to get the CSIDL_LOCAL_APPDATA for a user (not the current one) using the ShGetFolderPath() function. All I currently have is a SID for that user. 回答1: No, you have to call Win32 API LogonUser function to get windows account token back so you can then impersonate. 回答2: You can impersonate a user without supplying password by calling ZwCreateToken. See the CreatePureUserToken function in this article

问题 Is it possible to impersonate a user without supplying user name/password? Basically, I'd like to get the CSIDL_LOCAL_APPDATA for a user (not the current one) using the ShGetFolderPath() function. All I currently have is a SID for that user. 回答1: No, you have to call Win32 API LogonUser function to get windows account token back so you can then impersonate. 回答2: You can impersonate a user without supplying password by calling ZwCreateToken. See the CreatePureUserToken function in this article