[英]Getting Access Denied when trying to impersonate user
我要完成的工作是模擬控制台應用程序的特定用戶。 我已經對此進行了研究以嘗試找到解決方案,但我不斷收到拒絕訪問錯誤。 這是我在下面做的事情。 請任何幫助將不勝感激,我已經為此工作了4天。
Imports System.Security
Imports System.Security.Principal
Imports System.Runtime.InteropServices
Imports System.Security.Permissions
Dim impersonationContext As WindowsImpersonationContext
Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As Integer
Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long
Public Sub Main(ByVal args As String())
Dim w As StreamWriter
Dim filepath As String = "C:\test_files\testFile.txt"
Dim new_string As String
new_string = ""
Try
If impersonateValidUser("USERNAME", "DOMAIN", "PASSWORD") Then
'Insert your code that runs under the security context of a specific user here.
'undoImpersonation()
Else
'Your impersonation failed. Therefore, include a fail-safe mechanism here.
End If
new_string = "Worked " & System.Security.Principal.WindowsIdentity.GetCurrent.Name
Catch ex As Exception
new_string = "Didnt work: " & ex.Message
Finally
If System.IO.File.Exists(filepath) Then
File.Delete(filepath)
End If
w = File.CreateText(filepath)
w.WriteLine(new_string)
w.Flush()
w.Close()
'myConnection.Close()
End Try
End Sub
Private Function impersonateValidUser(ByVal userName As String, ByVal domain As String, ByVal password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False
If RevertToSelf() Then
If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
End Function
除非您特別需要使用LogonUser的ANSI版本,否則應在聲明中使用LogonUser而不是LogonUserA,即
Declare Function LogonUser Lib "advapi32.dll"
您還應該驗證被模擬的用戶在本地計算機上具有交互式登錄權限。
嘗試暫停/恢復傳出消息隊列時出現訪問被拒絕錯誤
[英]Getting an access denied error when trying to pause/resume an outgoing message queue
嘗試使用SSIS從客戶端桌面導入時,拒絕訪問路徑
[英]Access to path is denied when trying to import from the client's desktop with SSIS
嘗試將文件上傳到數據庫時,VB.NET網頁的訪問被拒絕
[英]VB.NET webpage gets access denied when trying to upload a file to a database
當用戶的訪問級別被拒絕時,ASP.NET MVC顯示錯誤消息或頁面
[英]ASP.NET MVC Show Error Message or Page When User's Access Level is Denied
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.