管理服务:将用户登录到桌面,生成可与桌面交互的进程
[英]Admin service: log user into desktop, spawn a process that can interact with the desktop
问题描述
I'm having a difficult time getting a very specific use case to work. 
我很难找到一个非常具体的用例来工作。 The application in question has two components: a Windows service, which needs to run in a privileged context outside of the desktop (ie to accept connections while a user is logged in or not) and a client Winforms app. 有问题的应用程序有两个组件:Windows服务,需要在桌面外的特权上下文中运行(即,在用户登录时是否接受连接)和客户端Winforms应用程序。 The service accepts websocket connections, and should the connection request succeed, it is supposed to log the user in interactively (into the desktop) and spawn a process as that user with desktop access. 该服务接受websocket连接,如果连接请求成功,则应该以交互方式(进入桌面)记录用户,并以具有桌面访问权限的用户生成进程。 I've used the following links, and while they are able to impersonate a user, they don't actually log the user into the desktop, ie if I watch the system using VNC, or if I test it on my local system, the user doesn't get logged in. The process does, however, get spawned as the user, but obviously not with desktop access. 我使用了以下链接,虽然他们能够冒充用户,但他们实际上并没有将用户登录到桌面,即如果我使用VNC观看系统,或者我在本地系统上测试它,用户没有登录。但是,该过程会以用户身份生成,但显然不会使用桌面访问。
Does anyone have a code sample that will log a user into the desktop? 有没有人有一个代码示例,将用户登录到桌面?
The links and code I've tried: 我试过的链接和代码:
Using Process.Start() to start a process as a different user from within a Windows Service 使用Process.Start()以Windows服务中的不同用户身份启动进程
How to use LogonUser properly to impersonate domain user from workgroup client public 如何正确使用LogonUser从工作组客户端公共模拟域用户
Launch a process under another user's credentials 在另一个用户的凭据下启动进程
https://social.msdn.microsoft.com/Forums/vstudio/en-US/9fb068b0-507b-4b6b-879a-b0fbe492ba92/c-start-program-with-different-user-credentials https://social.msdn.microsoft.com/Forums/vstudio/en-US/9fb068b0-507b-4b6b-879a-b0fbe492ba92/c-start-program-with-different-user-credentials
The current code is: 目前的代码是:
using Cassia;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.DirectoryServices;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Permissions;
using System.Security.Principal;
using System.ServiceProcess;
namespace program
{
public partial class service
{
#region Interop
[StructLayout(LayoutKind.Sequential)]
public struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
public struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public UInt32 Attributes;
}
public struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
enum TOKEN_INFORMATION_CLASS
{
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics,
TokenRestrictedSids,
TokenSessionId,
TokenGroupsAndPrivileges,
TokenSessionReference,
TokenSandBoxInert,
TokenAuditPolicy,
TokenOrigin,
TokenElevationType,
TokenLinkedToken,
TokenElevation,
TokenHasRestrictions,
TokenAccessInformation,
TokenVirtualizationAllowed,
TokenVirtualizationEnabled,
TokenIntegrityLevel,
TokenUIAccess,
TokenMandatoryPolicy,
TokenLogonSid,
MaxTokenInfoClass
}
[Flags]
enum CreationFlags : uint
{
CREATE_BREAKAWAY_FROM_JOB = 0x01000000,
CREATE_DEFAULT_ERROR_MODE = 0x04000000,
CREATE_NEW_CONSOLE = 0x00000010,
CREATE_NEW_PROCESS_GROUP = 0x00000200,
CREATE_NO_WINDOW = 0x08000000,
CREATE_PROTECTED_PROCESS = 0x00040000,
CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 0x02000000,
CREATE_SEPARATE_WOW_VDM = 0x00001000,
CREATE_SUSPENDED = 0x00000004,
CREATE_UNICODE_ENVIRONMENT = 0x00000400,
DEBUG_ONLY_THIS_PROCESS = 0x00000002,
DEBUG_PROCESS = 0x00000001,
DETACHED_PROCESS = 0x00000008,
EXTENDED_STARTUPINFO_PRESENT = 0x00080000
}
public enum TOKEN_TYPE
{
TokenPrimary = 1,
TokenImpersonation
}
public enum SECURITY_IMPERSONATION_LEVEL
{
SecurityAnonymous,
SecurityIdentification,
SecurityImpersonation,
SecurityDelegation
}
[Flags]
enum LogonFlags
{
LOGON_NETCREDENTIALS_ONLY = 2,
LOGON_WITH_PROFILE = 1
}
enum LOGON_TYPE
{
LOGON32_LOGON_INTERACTIVE = 2,
LOGON32_LOGON_NETWORK,
LOGON32_LOGON_BATCH,
LOGON32_LOGON_SERVICE,
LOGON32_LOGON_UNLOCK = 7,
LOGON32_LOGON_NETWORK_CLEARTEXT,
LOGON32_LOGON_NEW_CREDENTIALS
}
enum LOGON_PROVIDER
{
LOGON32_PROVIDER_DEFAULT,
LOGON32_PROVIDER_WINNT35,
LOGON32_PROVIDER_WINNT40,
LOGON32_PROVIDER_WINNT50
}
struct SECURITY_ATTRIBUTES
{
public uint Length;
public IntPtr SecurityDescriptor;
public bool InheritHandle;
}
[Flags]
enum SECURITY_INFORMATION : uint
{
OWNER_SECURITY_INFORMATION = 0x00000001,
GROUP_SECURITY_INFORMATION = 0x00000002,
DACL_SECURITY_INFORMATION = 0x00000004,
SACL_SECURITY_INFORMATION = 0x00000008,
UNPROTECTED_SACL_SECURITY_INFORMATION = 0x10000000,
UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000,
PROTECTED_SACL_SECURITY_INFORMATION = 0x40000000,
PROTECTED_DACL_SECURITY_INFORMATION = 0x80000000
}
[StructLayoutAttribute(LayoutKind.Sequential)]
struct SECURITY_DESCRIPTOR
{
public byte revision;
public byte size;
public short control; // public SECURITY_DESCRIPTOR_CONTROL control;
public IntPtr owner;
public IntPtr group;
public IntPtr sacl;
public IntPtr dacl;
}
struct STARTUPINFO
{
public uint cb;
[MarshalAs(UnmanagedType.LPTStr)]
public string Reserved;
[MarshalAs(UnmanagedType.LPTStr)]
public string Desktop;
[MarshalAs(UnmanagedType.LPTStr)]
public string Title;
public uint X;
public uint Y;
public uint XSize;
public uint YSize;
public uint XCountChars;
public uint YCountChars;
public uint FillAttribute;
public uint Flags;
public ushort ShowWindow;
public ushort Reserverd2;
public byte bReserverd2;
public IntPtr StdInput;
public IntPtr StdOutput;
public IntPtr StdError;
}
[StructLayout(LayoutKind.Sequential)]
struct PROCESS_INFORMATION
{
public IntPtr Process;
public IntPtr Thread;
public uint ProcessId;
public uint ThreadId;
}
[DllImport("advapi32.dll", SetLastError = true)]
static extern bool InitializeSecurityDescriptor(IntPtr pSecurityDescriptor, uint dwRevision);
const uint SECURITY_DESCRIPTOR_REVISION = 1;
[DllImport("advapi32.dll", SetLastError = true)]
static extern bool SetSecurityDescriptorDacl(ref SECURITY_DESCRIPTOR sd, bool daclPresent, IntPtr dacl, bool daclDefaulted);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
extern static bool DuplicateTokenEx(
IntPtr hExistingToken,
uint dwDesiredAccess,
ref SECURITY_ATTRIBUTES lpTokenAttributes,
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
TOKEN_TYPE TokenType,
out IntPtr phNewToken);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool LogonUser(
string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
out IntPtr phToken
);
[DllImport("advapi32.dll", SetLastError = true)]
static extern bool GetTokenInformation(
IntPtr TokenHandle,
TOKEN_INFORMATION_CLASS TokenInformationClass,
IntPtr TokenInformation,
int TokenInformationLength,
out int ReturnLength
);
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
static extern bool CreateProcessAsUser(
IntPtr Token,
[MarshalAs(UnmanagedType.LPTStr)] string ApplicationName,
[MarshalAs(UnmanagedType.LPTStr)] string CommandLine,
ref SECURITY_ATTRIBUTES ProcessAttributes,
ref SECURITY_ATTRIBUTES ThreadAttributes,
bool InheritHandles,
uint CreationFlags,
IntPtr Environment,
[MarshalAs(UnmanagedType.LPTStr)] string CurrentDirectory,
ref STARTUPINFO StartupInfo,
out PROCESS_INFORMATION ProcessInformation);
[DllImport("Kernel32.dll")]
extern static int CloseHandle(IntPtr handle);
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
[StructLayout(LayoutKind.Sequential, Pack = 1)]
internal struct TokPriv1Luid
{
public int Count;
public long Luid;
public int Attr;
}
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
internal const int TOKEN_QUERY = 0x00000008;
internal const int TOKEN_DUPLICATE = 0x0002;
internal const int TOKEN_ASSIGN_PRIMARY = 0x0001;
#endregion
public static bool LoginUser(string domain, string username, string password, string program, string workingDir)
{
IntPtr token = IntPtr.Zero;
IntPtr primaryToken = IntPtr.Zero;
try
{
bool result = LogonUser(username, domain, password, (int)LOGON_TYPE.LOGON32_LOGON_NETWORK, (int)LOGON_PROVIDER.LOGON32_PROVIDER_DEFAULT, out token);
if (!result)
{
int winError = Marshal.GetLastWin32Error();
Console.WriteLine("LoginUser unable to login user " + username + ", error: " + winError);
return false;
}
SECURITY_ATTRIBUTES processAttributes = new SECURITY_ATTRIBUTES();
SECURITY_DESCRIPTOR sd = new SECURITY_DESCRIPTOR();
IntPtr ptr = Marshal.AllocCoTaskMem(Marshal.SizeOf(sd));
Marshal.StructureToPtr(sd, ptr, false);
InitializeSecurityDescriptor(ptr, SECURITY_DESCRIPTOR_REVISION);
sd = (SECURITY_DESCRIPTOR)Marshal.PtrToStructure(ptr, typeof(SECURITY_DESCRIPTOR));
result = SetSecurityDescriptorDacl(ref sd, true, IntPtr.Zero, false);
if (!result)
{
int winError = Marshal.GetLastWin32Error();
}
primaryToken = new IntPtr();
result = DuplicateTokenEx(token, 0, ref processAttributes, SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, TOKEN_TYPE.TokenPrimary, out primaryToken);
if (!result)
{
int winError = Marshal.GetLastWin32Error();
}
processAttributes.SecurityDescriptor = ptr;
processAttributes.Length = (uint)Marshal.SizeOf(sd);
processAttributes.InheritHandle = true;
SECURITY_ATTRIBUTES threadAttributes = new SECURITY_ATTRIBUTES();
threadAttributes.SecurityDescriptor = IntPtr.Zero;
threadAttributes.Length = 0;
threadAttributes.InheritHandle = false;
bool inheritHandles = true;
IntPtr environment = IntPtr.Zero;
STARTUPINFO startupInfo = new STARTUPINFO();
startupInfo.Desktop = "";
PROCESS_INFORMATION processInformation;
result = CreateProcessAsUser(
primaryToken,
program,
program,
ref processAttributes,
ref threadAttributes,
inheritHandles,
16,
environment,
workingDir,
ref startupInfo,
out processInformation);
if (!result)
{
int winError = Marshal.GetLastWin32Error();
Console.WriteLine("LoginUser unable to create process as user " + username + ", error: " + winError);
return false;
}
return true;
}
catch (Exception e)
{
Console.WriteLine("LoginUser exception encountered: " + e.Message());
return false;
}
finally
{
if (token != IntPtr.Zero)
{
int x = CloseHandle(token);
if (x == 0)
throw new Win32Exception(Marshal.GetLastWin32Error());
x = CloseHandle(primaryToken);
if (x == 0)
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
}
public static SecureString securePassword(string password)
{
if (string_null(password)) return null;
SecureString secure = new SecureString();
foreach (char c in password)
{
secure.AppendChar(c);
}
return secure;
}
}
}
And my goal is to be able to call it simply as: 我的目标是能够简单地称它为:
if (!LoginUser("machinename", "username", "password", "c:\\path\\to\\program.exe", "c:\\path\\to"))
{
// error
}
else
{
// success, user is logged into desktop and app is launch
// as user with desktop access
}
3 个解决方案
解决方案1
3 2015-05-11 23:58:21
I had the same scenario before and things get complicated so I just used PSEXEC in combination with Process.Start 之前我有相同的场景,事情变得复杂,所以我只是将PSEXEC与Process.Start结合使用
Just using PSEXEC like whats indicated on their sample all you have to do is something like this 只是使用PSEXEC,就像他们的样本上所示,你所要做的就是这样
Copy or install your executable via code or manually (ie program.exe) to the remote system and execute it interactively, running under the account DannyGlover: 通过代码或手动(即program.exe)将可执行文件复制或安装到远程系统并以交互方式执行,在DannyGlover帐户下运行:
psexec \\workstation64 -c program.exe -u YourUser -p YourPa55w0rd
Now you know your parameters you can then use Process.Start to run it. 现在您知道了您的参数,然后可以使用Process.Start来运行它。 So it will look something like this 所以它看起来像这样
using System.Diagnostics;
...
Process process = new Process();
process.StartInfo.FileName = "program.exe";
process.StartInfo.Arguments = "\\workstation64 -c program.exe -u YourUser -p YourPa55w0rd";
process.Start();
process.WaitForExit();
By the way you can learn more and download PSEXEC here http://ss64.com/nt/psexec.html 顺便说一下,您可以在http://ss64.com/nt/psexec.html上了解更多信息并下载PSEXEC
解决方案2
0 2015-05-15 15:47:42
I found your problem on Elance.com and found this link. 我在Elance.com上发现了您的问题并找到了此链接。
I had same kind of issue with one of my project. 我和我的一个项目有同样的问题。 That required the windows service to launch a POS Terminal communicator exe and that should be with UI with administrator access. 这需要Windows服务启动POS终端通信器exe,并且应该具有管理员访问权限的UI。 I tried same impersonation of winlogon.exe to avoid UAC but that did not help. 我尝试同样模仿winlogon.exe以避免UAC,但这没有帮助。
For my problem that i used Scheduled Tasks and created my task using c#. 对于我使用计划任务并使用c#创建任务的问题。 You can find a very good library here http://taskscheduler.codeplex.com . 你可以在http://taskscheduler.codeplex.com找到一个非常好的图书馆。 Now on a required call you can run the task dynamically and you have full control over that. 现在,在必要的呼叫中,您可以动态运行任务,并且您可以完全控制该任务。
You can create your own task/edit/delete dynamically and can run your apps by not avoiding UAC. 您可以动态创建自己的任务/编辑/删除,并可以通过不避免UAC来运行您的应用程序。
解决方案3
0 2015-05-15 21:27:08
You're seeking to create a new interactive session. 您正在寻求创建一个新的交互式会话。 Unfortunately, this is not possible. 不幸的是,这是不可能的。 As far as I understand it, you want to launch a process and then control the machine remotely with VNC. 据我了解,您希望启动一个过程,然后使用VNC远程控制机器。 Maybe you just need to use Remote Desktop? 也许你只需要使用远程桌面?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.