“访问被拒绝”LOGON32_LOGON_SERVICE
[英]“Access is Denied” LOGON32_LOGON_SERVICE
问题描述
I am trying to impersonate network service using advapi32 
我正在尝试使用advapi32模拟网络服务
LogonUser("NETWORK SERVICE", "NT AUTHORITY", null, LOGON32_LOGON_SERVICE, LOGON32_PROVIDER_DEFAULT, ref token)
But keep getting Access is denied error, on a Windows 8 machine. 但在Windows 8计算机上继续获取Access is denied错误。 Any ideas? 有任何想法吗? (I googled a lot but can't find an answer). (我google了很多但找不到答案)。
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app" />
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
<applicationRequestMinimum>
<defaultAssemblyRequest permissionSetReference="Custom" />
<PermissionSet class="System.Security.PermissionSet" version="1" ID="Custom" SameSite="site" Unrestricted="true" />
</applicationRequestMinimum>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application />
</compatibility>
</asmv1:assembly>
EDIT: 编辑:
So after few attempts the impersonation seems to work, but I cannot ever authenticate as the host's Network Service. 因此,经过几次尝试,模仿似乎有效,但我无法作为主机的网络服务进行身份验证。 How can an application pool run under a network service than? 应用程序池如何在网络服务下运行?
Using 运用
LOGON32_LOGON_SERVICE
results in: 结果是:
Unhandled Exception: System.ComponentModel.Win32Exception: Access is denied
at Tools.Network.Impersonator.Impersonate(String userName, String domainName,
String password, LogonType logonType, LogonProvider logonProvider)
at Tools.Network.Impersonator..ctor(String userName, String domainName, Strin
g password, LogonType logonType, LogonProvider logonProvider)
at Impersonation.Program.Main(String[] args)
Using 运用
LOGON32_LOGON_NEW_CREDENTIALS
results in: 结果是:
System.IO.IOException: Logon failure: unknown user name or bad password.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Bo
olean overwrite)
at System.IO.File.Copy(String sourceFileName, String destFileName, Boolean ov
erwrite)
at Impersonation.Program.Main(String[] args)
Puzzled. 困惑。
2 个解决方案
解决方案1
3 已采纳 2013-01-10 18:26:11
Finally! 最后! I have found an answer: 我找到了答案:
How do I 'run as' 'Network Service'? 我如何'运行''网络服务'?
and 和
http://geek.hubkey.com/2008/02/impersonating-built-in-service-account.html http://geek.hubkey.com/2008/02/impersonating-built-in-service-account.html
On Windows 8.. "Microsoft have changed the default behaviour of this in Windows 8 / Windows Server 2012. To allow interactive services, you need to find the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Windows and change NoInteractiveServices from 1 to 0." 在Windows 8上。“Microsoft已在Windows 8 / Windows Server 2012中更改了此默认行为。要允许交互式服务,您需要找到注册表项HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Control \\ Windows并将NoInteractiveServices从1更改为0 “。
解决方案2
1 2013-01-04 23:55:57
Here is a really good link that has code and everything I think that this is what you may be looking for . 这是一个非常好的链接,有代码和我认为这是你可能正在寻找的一切。 Let me know if this link does the trick 如果这个链接有效,请告诉我
.NET (C#) Impersonation with Network Credentials works for LOGON32_LOGON_NEW_CREDENTIALS as your logon type, which requires that you select LOGON32_PROVIDER_WINNT50 as the logon provider type. .NET(C#)使用网络凭据进行模拟适用于LOGON32_LOGON_NEW_CREDENTIALS作为登录类型,这要求您选择LOGON32_PROVIDER_WINNT50作为登录提供程序类型。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.