问题
I'm building a small web based management app. Within it I need to connect to different servers using different accounts via wmi.
What I want is to tell my app: you are now run by user1, do this and this. And then I want to tell it: now you are user2, do this and this.
I guess, I'm not all that clear with my question, I'll refactor it.
回答1:
You would have to write a seperate piece of .Net code (some umanaged calls too) to perform impersonation of your user then call your code whilst impersonating that user. You can then restore the user account afterwards:
Apologies for the VB sample, but this would be easy to port to C#.
VB Sample
Public Class UserImpersonation
Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _
ByVal lpszDomain As [String], ByVal lpszPassword As [String], _
ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Boolean
<DllImport("kernel32.dll")> _
Private Shared Function FormatMessage(ByVal dwFlags As Integer, ByRef lpSource As IntPtr, _
ByVal dwMessageId As Integer, ByVal dwLanguageId As Integer, ByRef lpBuffer As [String], _
ByVal nSize As Integer, ByRef Arguments As IntPtr) As Integer
End Function
Private Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean
Private Declare Auto Function DuplicateToken Lib "advapi32.dll" (ByVal ExistingTokenHandle As IntPtr, _
ByVal SECURITY_IMPERSONATION_LEVEL As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As Boolean
<PermissionSetAttribute(SecurityAction.Demand, Name:="FullTrust")> _
Public Shared Function ImpersonateUser(ByVal strDomain As String, ByVal strUserid As String, ByVal strPassword As String) As WindowsImpersonationContext
Dim tokenHandle As New IntPtr(0)
Dim dupeTokenHandle As New IntPtr(0)
Try
' Get the user token for the specified user, domain, and password using the
' unmanaged LogonUser method.
' The local machine name can be used for the domain name to impersonate a user on this machine.
Const LOGON32_PROVIDER_DEFAULT As Integer = 0
'This parameter causes LogonUser to create a primary token.
Const LOGON32_LOGON_INTERACTIVE As Integer = 2
tokenHandle = IntPtr.Zero
' Call LogonUser to obtain a handle to an access token.
Dim returnValue As Boolean = LogonUser(strUserid, strDomain, strPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, tokenHandle)
If returnValue = False Then
Dim ret As Integer = Marshal.GetLastWin32Error()
Throw New System.ComponentModel.Win32Exception(ret)
Else
' Use the token handle returned by LogonUser.
Dim newId As New WindowsIdentity(tokenHandle)
Dim ImpersonatedUser As WindowsImpersonationContext = newId.Impersonate()
Return ImpersonatedUser
End If
Catch ex As Exception
Console.WriteLine("UserImpersonation.impersonateUser Exception Occurred: " + ex.Message)
Return Nothing
End Try
' Free the tokens.
If Not System.IntPtr.op_Equality(tokenHandle, IntPtr.Zero) Then
CloseHandle(tokenHandle)
End If
End Function
Public Shared Function UndoImpersonate(ByVal WIC As WindowsImpersonationContext) As Boolean
Try
' Stop impersonating the user.
WIC.Undo()
Return True
Catch ex As Exception
Console.WriteLine(("Exception occurred. " + ex.Message))
Return False
End Try
End Function
End Class
来源:https://stackoverflow.com/questions/568970/how-do-i-use-another-identity-to-execute-my-code-in-asp-net-provided-i-have-a-us