问题
I know I can impersonate a windows account using: http://msdn.microsoft.com/en-us/library/chf6fbt4.aspx
But how do I go about impersonating a WellKnownSidType account?
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
NTAccount account = sid.Translate(typeof(NTAccount)) as NTAccount;
if (account != null)
{
//Impersonate here???
}
回答1:
First off, you will not be able to impersonate built-in accounts like 'Network Service' or 'Local Service' unless you are running under the 'Local Service' account, which as far as I know can only be done by the OS.
The following post provides a possible solution to the point above (I did not try it, just googled it before I started writting all this my self), but it looks reasonable.
http://geek.hubkey.com/2008/02/impersonating-built-in-service-account.html
Once are running under the 'Local Service' account, you simply need to use LogonUser (also shown in the link above) to Logon using the account name of the well known SID and then impersonate the token.
I see the link above runs 'CMD.EXE' as a service which can is allowed to interact with the desktop, note that the 'interact with desktop' functionality is being deprecated.
回答2:
Use the WindowsIdentity constructor and follow the directions here. You're going to need "Act as part of the operating system", among other things.
来源:https://stackoverflow.com/questions/3682296/how-to-impersonate-a-wellknownsidtype