使用替代凭据验证 MSMQ 消息?
[英]Authenticate MSMQ Message with alternative credentials?
问题描述
I've written a C# application that puts an XML-object into an MSMQ queue.
我编写了一个 C# 应用程序,将 XML 对象放入 MSMQ 队列。 The queue requires authentication.队列需要身份验证。
MessageQueue queue = GetQueue();
var message = new Message();
message.Formatter = new CustomXMLFormatter();
message.Body = xml.ToString();
message.Label = "From my application";
message.UseAuthentication = true;
queue.Send(message, MessageQueueTransactionType.Single);
This all works today, but now I need to make a change in the way I authenticate.这一切今天都有效,但现在我需要改变我的身份验证方式。 Currently the messages are authenticated using the user that runs the application.目前,使用运行应用程序的用户对消息进行身份验证。 However, I want to use a static AD-user istead.但是,我想改用静态 AD 用户。 (The reason is that the system retriveing the messages needs that all the messages have been added by a single user account). (原因是系统检索消息需要所有消息都已由单个用户帐户添加)。
Is there a way to change which user performs the authentication?有没有办法更改执行身份验证的用户?
1 个解决方案
解决方案1
1 2011-10-13 14:57:12
You could try to use an Impersonator .您可以尝试使用Impersonator 。 It works well if your application is running on a machine that is inside the domain.如果您的应用程序在域内的机器上运行,则它运行良好。 You would have to use something else if the machine is outside the domain, and with no access to the AD Directory.如果机器在域之外,并且无法访问 AD 目录,您将不得不使用其他东西。
Here's an example of what the code could look like :下面是代码的示例:
using ( new Impersonator( "myUsername", "myDomainname", "myPassword" ) )
{
...
<code that executes under the new context>
...
}
As a reference, here is the code from the article:作为参考,这里是文章中的代码:
namespace Tools
{
#region Using directives.
// ----------------------------------------------------------------------
using System;
using System.Security.Principal;
using System.Runtime.InteropServices;
using System.ComponentModel;
// ----------------------------------------------------------------------
#endregion
/////////////////////////////////////////////////////////////////////////
/// <summary>
/// Impersonation of a user. Allows to execute code under another
/// user context.
/// Please note that the account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <remarks>
/// This class is based on the information in the Microsoft knowledge base
/// article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158
///
/// Encapsulate an instance into a using-directive like e.g.:
///
/// ...
/// using ( new Impersonator( "myUsername", "myDomainname", "myPassword" ) )
/// {
/// ...
/// [code that executes under the new context]
/// ...
/// }
/// ...
///
/// Please contact the author Uwe Keim (mailto:uwe.keim@zeta-software.de)
/// for questions regarding this class.
/// </remarks>
public class Impersonator :
IDisposable
{
#region Public methods.
// ------------------------------------------------------------------
/// <summary>
/// Constructor. Starts the impersonation with the given credentials.
/// Please note that the account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
public Impersonator(
string userName,
string domainName,
string password )
{
ImpersonateValidUser( userName, domainName, password );
}
// ------------------------------------------------------------------
#endregion
#region IDisposable member.
// ------------------------------------------------------------------
public void Dispose()
{
UndoImpersonation();
}
// ------------------------------------------------------------------
#endregion
#region P/Invoke.
// ------------------------------------------------------------------
[DllImport("advapi32.dll", SetLastError=true)]
private static extern int LogonUser(
string lpszUserName,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
private static extern int DuplicateToken(
IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
private static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private static extern bool CloseHandle(
IntPtr handle);
private const int LOGON32_LOGON_INTERACTIVE = 2;
private const int LOGON32_PROVIDER_DEFAULT = 0;
// ------------------------------------------------------------------
#endregion
#region Private member.
// ------------------------------------------------------------------
/// <summary>
/// Does the actual impersonation.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
private void ImpersonateValidUser(
string userName,
string domain,
string password )
{
WindowsIdentity tempWindowsIdentity = null;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
try
{
if ( RevertToSelf() )
{
if ( LogonUser(
userName,
domain,
password,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref token ) != 0 )
{
if ( DuplicateToken( token, 2, ref tokenDuplicate ) != 0 )
{
tempWindowsIdentity = new WindowsIdentity( tokenDuplicate );
impersonationContext = tempWindowsIdentity.Impersonate();
}
else
{
throw new Win32Exception( Marshal.GetLastWin32Error() );
}
}
else
{
throw new Win32Exception( Marshal.GetLastWin32Error() );
}
}
else
{
throw new Win32Exception( Marshal.GetLastWin32Error() );
}
}
finally
{
if ( token!= IntPtr.Zero )
{
CloseHandle( token );
}
if ( tokenDuplicate!=IntPtr.Zero )
{
CloseHandle( tokenDuplicate );
}
}
}
/// <summary>
/// Reverts the impersonation.
/// </summary>
private void UndoImpersonation()
{
if ( impersonationContext!=null )
{
impersonationContext.Undo();
}
}
private WindowsImpersonationContext impersonationContext = null;
// ------------------------------------------------------------------
#endregion
}
/////////////////////////////////////////////////////////////////////////
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
msmq中没有消息 - No message in msmq
序列化MSMQ的备用视图 - Serializing Alternative views For MSMQ
云中排队的WCF的MSMQ的替代方案? - Alternative for MSMQ for queued WCF in the cloud?
接收MSMQ消息 - Receiving an MSMQ message
MSMQ消息ID(作为变体) - MSMQ Message ID (as Variant)
MSMQ自定义消息格式 - MSMQ custom message format
MSMQ Poison消息和TimeToReachQueue - MSMQ Poison message and TimeToReachQueue
向MSMQ发送消息时出现问题 - Problems with Sending message to MSMQ
MSMQ-邮件正文不可读 - MSMQ - message body is unreadable
MSMQ:MSMQ是否保证顺序消息传递? - MSMQ: Does MSMQ guarantees sequential message passing?
相关标签