您可以使用 Windows 的系统事件通知服务技术。它具有提供登录/注销事件(以及其他事件,如远程会话连接)的ISensLogon2 接口。
这是一段代码(示例控制台应用程序),演示了如何执行此操作。例如,您可以使用来自另一台计算机的远程桌面会话对其进行测试,这将触发例如 SessionDisconnect、SessionReconnect 事件。
此代码应支持从 XP 到 Windows 8 的所有 Windows 版本。
添加对名为COM+ 1.0 Admin Type Library aka COMAdmin 的 COM 组件的引用。
注意请务必将 Embed Interop Types 设置为 'False',否则会出现以下错误:“Interop type 'COMAdminCatalogClass' cannot be embedded。请改用适用的接口。”
与您在 Internet 上找到的有关在 .NET 中使用此技术的其他文章相反,它没有引用 Sens.dll,因为...它似乎在 Windows 8 上不存在(我不知道为什么)。然而,该技术似乎受支持,并且 SENS 服务确实已安装并在 Windows 8 上运行良好,因此您只需要手动声明接口和 guid(如本示例中所示),或引用在早期版本的 Windows 上创建的互操作程序集(它应该可以正常工作,因为指南和各种界面没有改变)。
class Program
{
static SensEvents SensEvents { get; set; }
static void Main(string[] args)
{
SensEvents = new SensEvents();
SensEvents.LogonEvent += OnSensLogonEvent;
Console.WriteLine("Waiting for events. Press [ENTER] to stop.");
Console.ReadLine();
}
static void OnSensLogonEvent(object sender, SensLogonEventArgs e)
{
Console.WriteLine("Type:" + e.Type + ", UserName:" + e.UserName + ", SessionId:" + e.SessionId);
}
}
public sealed class SensEvents
{
private static readonly Guid SENSGUID_EVENTCLASS_LOGON2 = new Guid("d5978650-5b9f-11d1-8dd2-00aa004abd5e");
private Sink _sink;
public event EventHandler<SensLogonEventArgs> LogonEvent;
public SensEvents()
{
_sink = new Sink(this);
COMAdminCatalogClass catalog = new COMAdminCatalogClass(); // need a reference to COMAdmin
// we just need a transient subscription, for the lifetime of our application
ICatalogCollection subscriptions = (ICatalogCollection)catalog.GetCollection("TransientSubscriptions");
ICatalogObject subscription = (ICatalogObject)subscriptions.Add();
subscription.set_Value("EventCLSID", SENSGUID_EVENTCLASS_LOGON2.ToString("B"));
subscription.set_Value("SubscriberInterface", _sink);
// NOTE: we don't specify a method name, so all methods may be called
subscriptions.SaveChanges();
}
private void OnLogonEvent(SensLogonEventType type, string bstrUserName, uint dwSessionId)
{
EventHandler<SensLogonEventArgs> handler = LogonEvent;
if (handler != null)
{
handler(this, new SensLogonEventArgs(type, bstrUserName, dwSessionId));
}
}
private class Sink : ISensLogon2
{
private SensEvents _events;
public Sink(SensEvents events)
{
_events = events;
}
public void Logon(string bstrUserName, uint dwSessionId)
{
_events.OnLogonEvent(SensLogonEventType.Logon, bstrUserName, dwSessionId);
}
public void Logoff(string bstrUserName, uint dwSessionId)
{
_events.OnLogonEvent(SensLogonEventType.Logoff, bstrUserName, dwSessionId);
}
public void SessionDisconnect(string bstrUserName, uint dwSessionId)
{
_events.OnLogonEvent(SensLogonEventType.SessionDisconnect, bstrUserName, dwSessionId);
}
public void SessionReconnect(string bstrUserName, uint dwSessionId)
{
_events.OnLogonEvent(SensLogonEventType.SessionReconnect, bstrUserName, dwSessionId);
}
public void PostShell(string bstrUserName, uint dwSessionId)
{
_events.OnLogonEvent(SensLogonEventType.PostShell, bstrUserName, dwSessionId);
}
}
[ComImport, Guid("D597BAB4-5B9F-11D1-8DD2-00AA004ABD5E")]
private interface ISensLogon2
{
void Logon([MarshalAs(UnmanagedType.BStr)] string bstrUserName, uint dwSessionId);
void Logoff([In, MarshalAs(UnmanagedType.BStr)] string bstrUserName, uint dwSessionId);
void SessionDisconnect([In, MarshalAs(UnmanagedType.BStr)] string bstrUserName, uint dwSessionId);
void SessionReconnect([In, MarshalAs(UnmanagedType.BStr)] string bstrUserName, uint dwSessionId);
void PostShell([In, MarshalAs(UnmanagedType.BStr)] string bstrUserName, uint dwSessionId);
}
}
public class SensLogonEventArgs : EventArgs
{
public SensLogonEventArgs(SensLogonEventType type, string userName, uint sessionId)
{
Type = type;
UserName = userName;
SessionId = sessionId;
}
public string UserName { get; private set; }
public uint SessionId { get; private set; }
public SensLogonEventType Type { get; private set; }
}
public enum SensLogonEventType
{
Logon,
Logoff,
SessionDisconnect,
SessionReconnect,
PostShell
}
注意:通过右键单击您的 Visual Studio 快捷方式并单击 ,确保 Visual Studio 以管理员权限运行run as administrator
,否则System.UnauthorizedAccessException
在程序运行时会抛出一个。