我想在另一个用户名的凭据下启动一个进程.这就是我现在拥有的:
/// <summary>
/// Do actions under another username's credentials
/// </summary>
/// <param name="username">Username to inpersonate</param>
/// <param name="domain">Domain/Machine</param>
/// <param name="password">Password </param>
public static void Action(string username,string domain, string password )
{
try
{
if (LogonUser(username, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref hToken))
{
if (DuplicateToken(hToken, 2, ref hTokenDuplicate))
{
WindowsIdentity windowsIdentity = new WindowsIdentity(hTokenDuplicate);
WindowsImpersonationContext impersonationContext = windowsIdentity.Impersonate();
// Check the identity but it could do any other action under given username credentials
try
{
ProcessStartInfo info = new ProcessStartInfo("cmd.exe");
info.UseShellExecute = false;
info.RedirectStandardInput = true;
info.RedirectStandardError = true;
info.RedirectStandardOutput = true;
info.UserName = "dummy"; // see the link mentioned at the top
// Define the string value to assign to a new secure string.
char[] chars = { 'p', 'a', 's', 's','1','2','3','4','/' };
// Instantiate the secure string.
SecureString testString = new SecureString();
// Assign the character array to the secure string.
foreach (char ch in chars)
testString.AppendChar(ch);
info.Password = testString;
Process.Start(info);
}
catch (Exception ex)
{
Console.WriteLine("Exception Occurred :{0},{1}",ex.Message, ex.StackTrace.ToString());
}
// Stop impersonating the user
impersonationContext.Undo();
}
}
// Free the tokens
if (hToken != IntPtr.Zero)
CloseHandle(hToken);
if (hTokenDuplicate != IntPtr.Zero)
CloseHandle(hTokenDuplicate);
}catch(Exception ex)
{
Console.WriteLine("Exception occurred. " + ex);
}
它似乎不起作用,我得到"访问被拒绝".有什么想法怎么做?如果我们要求提供凭据,我们会获得正确的凭据,因此它应该根据该凭据执行任何程序.即:
if (DuplicateToken(hToken, 2, ref hTokenDuplicate))
{
WindowsIdentity windowsIdentity = new WindowsIdentity(hTokenDuplicate);
WindowsImpersonationContext impersonationContext = windowsIdentity.Impersonate();
// Check the identity but it could do any other action under given username credentials
Console.WriteLine("After impersonation: {0}", WindowsIdentity.GetCurrent().Name);
// Stop impersonating the user
impersonationContext.Undo();
}
答案是对的,我们得到"虚拟".
我们可以使它更简单:
public static void Run()
{
try
{
const string file = "cmd.exe";
var sspw = new SecureString();
foreach (var c in "pass1234/")
sspw.AppendChar(c);
var proc = new Process();
proc.StartInfo.UseShellExecute = false;
proc.StartInfo.WorkingDirectory = Path.GetDirectoryName(file);
proc.StartInfo.FileName = Path.GetFileName(file);
proc.StartInfo.Domain = "WIN08";
proc.StartInfo.Arguments = "";
proc.StartInfo.UserName = "dummy";
proc.StartInfo.Password = sspw;
proc.StartInfo.LoadUserProfile = false;
proc.Start();
}catch(Exception e)
{
Console.WriteLine(e);
}
但是,我仍然有例外......
我认为您不需要登录用户并复制句柄.您需要做的就是在ProcessStartInfo对象中设置用户名,域和密码.如果我没记错的话,自.NET 3.0以来就可以使用它.
编辑:
另外,有关更多信息,当您向ProcessStartInfo提供用户名/域/密码时,会发生这种情况:http://support.microsoft.com/kb/165194.拒绝访问的原因可能是您无法访问用户的桌面或windowstation.只是调用LoginUser是不够的.
对某些人来说可能很奇怪,我很抱歉,我是Linux开发人员...经过测试:
/// <summary>
/// Class that deals with another username credentials
/// </summary>
class Credentials
{
/// <summary>
/// Constructor of SecureString password, to be used by RunAs
/// </summary>
/// <param name="text">Plain password</param>
/// <returns>SecureString password</returns>
private static SecureString MakeSecureString(string text)
{
SecureString secure = new SecureString();
foreach (char c in text)
{
secure.AppendChar(c);
}
return secure;
}
/// <summary>
/// Run an application under another user credentials.
/// Working directory set to C:\Windows\System32
/// </summary>
/// <param name="path">Full path to the executable file</param>
/// <param name="username">Username of desired credentials</param>
/// <param name="password">Password of desired credentials</param>
public static void RunAs(string path, string username, string password)
{
try
{
ProcessStartInfo myProcess = new ProcessStartInfo(path);
myProcess.UserName = username;
myProcess.Password = MakeSecureString(password);
myProcess.WorkingDirectory = @"C:\Windows\System32";
myProcess.UseShellExecute = false;
Process.Start(myProcess);
}
catch (Win32Exception w32E)
{
// The process didn't start.
Console.WriteLine(w32E);
}
}
}
| 归档时间: |
|
| 查看次数: |
45776 次 |
| 最近记录: |