[英]Windows impersonation LogonUser error
I am trying to use this code to logon to a restricted network share (with windows server 2012 on the head node) from my local machine (windows 8.1), and I can't seem to get it to work. 我试图使用此代码从我的本地计算机(Windows 8.1)登录到受限制的网络共享(头节点上的Windows Server 2012),我似乎无法让它工作。
Both machines are on the same domain (verified), the account I am using is an adminstrator on my local machine, and the account I am trying to impersonate has admin rights on the machine hosting the share. 两台计算机都位于同一个域(已验证),我使用的帐户是本地计算机上的管理员,我尝试模拟的帐户在托管共享的计算机上具有管理员权限。 I can mount the share using the credentials just fine.
我可以使用凭证安装共享就好了。
But when I run this line of code: 但是当我运行这行代码时:
bool returnValue = LogonUser(userName, domainName, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, out safeTokenHandle);
I get the following error: The trust relationship between this workstation and the primary domain failed
NativeErrorCode 1798. 我收到以下错误:
The trust relationship between this workstation and the primary domain failed
NativeErrorCode 1798。
This seems to occur regardless of what credentials I use- it happens if I use my own (which I know are good!). 无论我使用什么凭据,这似乎都会发生 - 如果我使用自己的凭证(我知道这很好!)就会发生这种情况。
I can't seem to find a solution for this- the docs I find are for a different use case (I think), and involve removing a machine (which one?) from the domain and rejoining. 我似乎无法找到解决方案 - 我找到的文档是针对不同的用例(我认为),并涉及从域中删除一台机器(哪一个?)并重新加入。
Any suggestions on how to debug this? 关于如何调试这个的任何建议? Solutions?
解决方案? Suggestions?
建议?
So I found the answer. 所以我找到了答案。
LOGON32_LOGON_INTERACTIVE
is not right. LOGON32_LOGON_INTERACTIVE
不对。 LOGON32_LOGON_NEW_CREDENTIALS
is what to use. LOGON32_LOGON_NEW_CREDENTIALS
是使用的。
On this page they describe what the variables are, but not the values. 在这个页面上,他们描述了变量是什么,而不是值。 You need to actually go look at the
#define
in winbase.h
(I found a version here ) that shows the values for those variables. 您需要实际查看
winbase.h
中的#define
(我在这里找到了一个版本),它显示了这些变量的值。 In this case, you need to use a logon type value of 9
instead of 2
. 在这种情况下,您需要使用登录类型值
9
而不是2
。 In C# land, it's just a bit more work, but... it works :) 在C#land中,它只是更多的工作,但......它的工作原理:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.