[英]wmi impersonation on remote computer as currently logon user
I have created mvc application. 我已经创建了mvc应用程序。 It's an intranet website.
这是一个Intranet网站。 users login with windows authentication.
用户使用Windows身份验证登录。 After some certain progress i need to connect from webserver to client machine to trigger some wmi function.
经过一定的进展后,我需要从Web服务器连接到客户端计算机以触发某些WMI功能。 Everything works i can connect their wmi and trigger actions with my service account ( which is administrator on client computer )
一切正常,我可以连接其wmi并使用我的服务帐户(在客户端计算机上是管理员)触发操作
My problem is the wmi context which i connect is always my administrator account's context. 我的问题是我连接的WMI上下文始终是我的管理员帐户的上下文。 This is not what i want because i need to run this as currently logon user on the remote machine.
这不是我想要的,因为我需要以远程计算机上的当前登录用户身份运行它。
So. 所以。 i need to login to remote machine with my admin account and run function as current user account.
我需要使用我的管理员帐户登录到远程计算机,并以当前用户帐户身份运行功能。 Is it possible ?
可能吗 ? or its not possible because of security of windows.
或由于Windows的安全性而无法实现。
This is how i connect to remote computer 这就是我连接到远程计算机的方式
ManagementScope wmiScope = new ManagementScope(@"\\" + remoteHost + wmiNameSpace);
wmiScope.Options.EnablePrivileges = true;
wmiScope.Options.Impersonation = ImpersonationLevel.Impersonate;
ManagementPath wmiClass = new ManagementPath(wmiClassName);
ManagementClass wmiObject = new ManagementClass(wmiScope, wmiClass, null);
return wmiObject;
and this is how i trigger function 这就是我触发功能的方式
ManagementClass wmiConnection = clientConnection.ConnectRemoteWMI(remote, @"\ROOT\ccm\ClientSDK", "CCM_ClientUtilities");
ManagementBaseObject parameters = wmiConnection.GetMethodParameters(policyType);
ManagementBaseObject result = wmiConnection.InvokeMethod(policyType, parameters, null);
This is not a direct answer. 这不是直接的答案。 However, you should have all the information you need here
但是,您应该在这里拥有所需的所有信息。
Connecting to WMI Remotely with C# 使用C#远程连接到WMI
In short you will need create a system ManagementScope 简而言之,您将需要创建一个系统ManagementScope
Note
System.Management
was the original .NET namespace used to access WMI;注意
System.Management
是用于访问WMI的原始.NET命名空间。 however, the APIs in this namespace generally are slower and do not scale as well relative to their more modernMicrosoft.Management.Infrastructure
counterparts.但是,此命名空间中的API相对于较现代的
Microsoft.Management.Infrastructure
相对而言通常较慢,并且扩展性也不太好。
However 然而
Create a ManagementScope
object, using the name of the computer and the WMI path, and connect to your target with a call to ManagementScope.Connect()
. 使用计算机的名称和WMI路径创建一个
ManagementScope
对象,并通过调用ManagementScope.Connect()
连接到您的目标。
If you connect to a remote computer in a different domain or using a different user name and password, then you must use a ConnectionOptions
object in the call to the ManagementScope
. 如果连接到其他域中的远程计算机或使用其他用户名和密码,则必须在对
ManagementScope
的调用中使用ConnectionOptions
对象。
The
ConnectionOptions
contains properties for describing the Authentication, Impersonation, username, password, and other connection options.ConnectionOptions
包含用于描述身份验证,模拟,用户名,密码和其他连接选项的属性。
ConnectionOptions options = new ConnectionOptions();
options.Impersonation = System.Management.ImpersonationLevel.Impersonate;
// options takes more arguments, you need to read up on what you want
ManagementScope scope = new ManagementScope("\\\\FullComputerName\\root\\cimv2", options);
scope.Connect();
ManagementPath path = new ManagementPath("Win32_NetworkAdapterConfiguration");
ObjectGetOptions o = new ObjectGetOptions(null, System.TimeSpan.MaxValue, true);
ManagementClass objMC = new ManagementClass(scope, path, o);
...
Generally speaking, it is recommended that you set your Impersonation level to Impersonate unless explicitly needed otherwise
一般来说,除非明确需要,否则建议您将模拟级别设置为“模拟”
Additional reading 补充阅读
Connecting to WMI Remotely with C# 使用C#远程连接到WMI
ManagementScope Class ManagementScope类别
ConnectionOptions Class ConnectionOptions类别
ObjectGetOptions Class ObjectGetOptions类别
ManagementPath Class ManagementPath类别
Disclaimer : You will have to read about these topics and work out what you need in your situation. 免责声明 :您将必须阅读有关这些主题的信息,并弄清自己所处的情况。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.