尝试模拟用户时拒绝访问

Question

What I'm trying to accomplish is to impersonate a specific user for console application. I have researched this to try to find solution but I keep getting the access denied error. Here is what i'm doing below. Please any help would be appreciated, I have been working on this for 4 days now.

Imports System.Security
Imports System.Security.Principal

Imports System.Runtime.InteropServices
Imports System.Security.Permissions

Dim impersonationContext As WindowsImpersonationContext

Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
                        ByVal lpszDomain As String, _
                        ByVal lpszPassword As String, _
                        ByVal dwLogonType As Integer, _
                        ByVal dwLogonProvider As Integer, _
                        ByRef phToken As IntPtr) As Integer

Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
                        ByVal ExistingTokenHandle As IntPtr, _
                        ByVal ImpersonationLevel As Integer, _
                        ByRef DuplicateTokenHandle As IntPtr) As Integer

Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long

Public Sub Main(ByVal args As String())

    Dim w As StreamWriter
    Dim filepath As String = "C:\test_files\testFile.txt"

    Dim new_string As String
    new_string = ""

    Try
        If impersonateValidUser("USERNAME", "DOMAIN", "PASSWORD") Then
            'Insert your code that runs under the security context of a specific user here.
            'undoImpersonation()
        Else
            'Your impersonation failed. Therefore, include a fail-safe mechanism here.
        End If

        new_string = "Worked " & System.Security.Principal.WindowsIdentity.GetCurrent.Name

    Catch ex As Exception
        new_string = "Didnt work: " & ex.Message
    Finally

        If System.IO.File.Exists(filepath) Then
            File.Delete(filepath)
        End If

        w = File.CreateText(filepath)

        w.WriteLine(new_string)
        w.Flush()
        w.Close()

        'myConnection.Close()
    End Try

End Sub

Private Function impersonateValidUser(ByVal userName As String, ByVal domain As String, ByVal password As String) As Boolean

    Dim tempWindowsIdentity As WindowsIdentity
    Dim token As IntPtr = IntPtr.Zero
    Dim tokenDuplicate As IntPtr = IntPtr.Zero
    impersonateValidUser = False

    If RevertToSelf() Then
        If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
                     LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
            If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
                tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
                impersonationContext = tempWindowsIdentity.Impersonate()
                If Not impersonationContext Is Nothing Then
                    impersonateValidUser = True
                End If
            End If
        End If
    End If
    If Not tokenDuplicate.Equals(IntPtr.Zero) Then
        CloseHandle(tokenDuplicate)
    End If
    If Not token.Equals(IntPtr.Zero) Then
        CloseHandle(token)
    End If
End Function

Answer 1

Unless you have a specific need to use the ANSI version of LogonUser , you should use LogonUser instead of LogonUserA in your declaration, ie

Declare Function LogonUser Lib "advapi32.dll"

You should also verify that the user being impersonated has interactive logon rights on the local machine.