[英]Getting Access Denied when trying to impersonate user
What I'm trying to accomplish is to impersonate a specific user for console application. 我要完成的工作是模拟控制台应用程序的特定用户。 I have researched this to try to find solution but I keep getting the access denied error.
我已经对此进行了研究以尝试找到解决方案,但我不断收到拒绝访问错误。 Here is what i'm doing below.
这是我在下面做的事情。 Please any help would be appreciated, I have been working on this for 4 days now.
请任何帮助将不胜感激,我已经为此工作了4天。
Imports System.Security
Imports System.Security.Principal
Imports System.Runtime.InteropServices
Imports System.Security.Permissions
Dim impersonationContext As WindowsImpersonationContext
Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As Integer
Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long
Public Sub Main(ByVal args As String())
Dim w As StreamWriter
Dim filepath As String = "C:\test_files\testFile.txt"
Dim new_string As String
new_string = ""
Try
If impersonateValidUser("USERNAME", "DOMAIN", "PASSWORD") Then
'Insert your code that runs under the security context of a specific user here.
'undoImpersonation()
Else
'Your impersonation failed. Therefore, include a fail-safe mechanism here.
End If
new_string = "Worked " & System.Security.Principal.WindowsIdentity.GetCurrent.Name
Catch ex As Exception
new_string = "Didnt work: " & ex.Message
Finally
If System.IO.File.Exists(filepath) Then
File.Delete(filepath)
End If
w = File.CreateText(filepath)
w.WriteLine(new_string)
w.Flush()
w.Close()
'myConnection.Close()
End Try
End Sub
Private Function impersonateValidUser(ByVal userName As String, ByVal domain As String, ByVal password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False
If RevertToSelf() Then
If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
End Function
Unless you have a specific need to use the ANSI version of LogonUser , you should use LogonUser instead of LogonUserA in your declaration, ie 除非您特别需要使用LogonUser的ANSI版本,否则应在声明中使用LogonUser而不是LogonUserA,即
Declare Function LogonUser Lib "advapi32.dll"
You should also verify that the user being impersonated has interactive logon rights on the local machine. 您还应该验证被模拟的用户在本地计算机上具有交互式登录权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.