WCF模拟不是冒充管理员
[英]WCF impersonation is not impersonating an administrator
问题描述
I am trying to use WCF to do some remote user management things. 
我正在尝试使用WCF来做一些远程用户管理的事情。 I and reusing some code I had on a server 2003 box and worked fine, but on my windows 7 test box when I check to see if the user who called the function is administrator it says it is not. 我重复使用我在服务器2003盒子上的一些代码并且工作正常,但是当我检查调用该函数的用户是否为管理员时,在我的Windows 7测试框中它说它不是。
[OperationBehavior(Impersonation=ImpersonationOption.Required)]
public string SetPassword(string username)
{
WindowsPrincipal principal = new WindowsPrincipal(OperationContext.Current.ServiceSecurityContext.WindowsIdentity);
System.Diagnostics.Debug.Print(WindowsIdentity.GetCurrent().Name);
System.Diagnostics.Debug.Print(principal.Identity.Name);
if (principal.IsInRole(WindowsBuiltInRole.Administrator))
{
//try
{
lock (Watchdog.m_principalContext)
{
using (UserPrincipal up = UserPrincipal.FindByIdentity(Watchdog.m_principalContext, username))
{
string newpassword = CreateRandomPassword();
up.SetPassword(newpassword);
up.Save();
return newpassword;
}
}
}
//catch
{
return null;
}
}
else
throw new System.Security.SecurityException("User not administrator");
}
principal.IsInRole(WindowsBuiltInRole.Administrator) is returning false every time. principal.IsInRole(WindowsBuiltInRole.Administrator)每次都返回false。 Both my current identity and principal.idenity are the correct user to be impersonated. 我当前的身份和principal.idenity都是被模仿的正确用户。 and that user is a member of the administrators user group. 该用户是管理员用户组的成员。
I think it has to do with UAC that was implemented in windows vista and up. 我认为它与在Windows Vista中实现的UAC有关。 this will be a issue because the production machine this will be going on to is a win2k8-r2 box. 这将是一个问题,因为这将是一个win2k8-r2框的生产机器。
Any suggestions on what to do? 有关该怎么办的任何建议?
2 个解决方案
解决方案1
3 2010-10-07 17:04:24
看一下这篇文章 ,在“应对Windows Vista”一节中,这是一篇关于UAC的非常好的文章,并以编程方式检查Admin privs。
解决方案2
0 已采纳 2010-10-07 17:27:38
As I did not want to do all that work (from RandomNoob's post) for check if the user is an administrator and the service is already running in a administrative context, I decided to just drop impersonation. 由于我不想做所有工作(来自RandomNoob的帖子)以检查用户是否是管理员并且服务已经在管理上下文中运行,我决定放弃模拟。 I created a new user group called WCFUsers and anyone who will be using the service was added to that group. 我创建了一个名为WCFUsers的新用户组,任何将使用该服务的用户都被添加到该组中。 It now does the System.DirectoryServices.AccountManagement operations in its own context. 它现在在自己的上下文中执行System.DirectoryServices.AccountManagement操作。
[OperationBehavior(Impersonation=ImpersonationOption.NotAllowed)]
public string SetPassword(string username)
{
WindowsPrincipal principal = new WindowsPrincipal(OperationContext.Current.ServiceSecurityContext.WindowsIdentity);
if (principal.IsInRole("WCFUsers"))
{
try
{
lock (Watchdog.m_principalContext)
{
using (UserPrincipal up = UserPrincipal.FindByIdentity(Watchdog.m_principalContext, username))
{
string newpassword = CreateRandomPassword();
up.SetPassword(newpassword);
up.Save();
return newpassword;
}
}
}
catch
{
return null;
}
}
else
return null;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.