0

我想要完成的是模拟控制台应用程序的特定用户。我对此进行了研究以尝试找到解决方案,但我不断收到拒绝访问错误。这是我在下面做的事情。请任何帮助将不胜感激,我已经为此工作了 4 天。

Imports System.Security
Imports System.Security.Principal

Imports System.Runtime.InteropServices
Imports System.Security.Permissions

Dim impersonationContext As WindowsImpersonationContext

Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
                        ByVal lpszDomain As String, _
                        ByVal lpszPassword As String, _
                        ByVal dwLogonType As Integer, _
                        ByVal dwLogonProvider As Integer, _
                        ByRef phToken As IntPtr) As Integer

Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
                        ByVal ExistingTokenHandle As IntPtr, _
                        ByVal ImpersonationLevel As Integer, _
                        ByRef DuplicateTokenHandle As IntPtr) As Integer

Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long

Public Sub Main(ByVal args As String())

    Dim w As StreamWriter
    Dim filepath As String = "C:\test_files\testFile.txt"

    Dim new_string As String
    new_string = ""

    Try
        If impersonateValidUser("USERNAME", "DOMAIN", "PASSWORD") Then
            'Insert your code that runs under the security context of a specific user here.
            'undoImpersonation()
        Else
            'Your impersonation failed. Therefore, include a fail-safe mechanism here.
        End If

        new_string = "Worked " & System.Security.Principal.WindowsIdentity.GetCurrent.Name

    Catch ex As Exception
        new_string = "Didnt work: " & ex.Message
    Finally

        If System.IO.File.Exists(filepath) Then
            File.Delete(filepath)
        End If

        w = File.CreateText(filepath)

        w.WriteLine(new_string)
        w.Flush()
        w.Close()

        'myConnection.Close()
    End Try

End Sub

Private Function impersonateValidUser(ByVal userName As String, ByVal domain As String, ByVal password As String) As Boolean

    Dim tempWindowsIdentity As WindowsIdentity
    Dim token As IntPtr = IntPtr.Zero
    Dim tokenDuplicate As IntPtr = IntPtr.Zero
    impersonateValidUser = False

    If RevertToSelf() Then
        If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
                     LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
            If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
                tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
                impersonationContext = tempWindowsIdentity.Impersonate()
                If Not impersonationContext Is Nothing Then
                    impersonateValidUser = True
                End If
            End If
        End If
    End If
    If Not tokenDuplicate.Equals(IntPtr.Zero) Then
        CloseHandle(tokenDuplicate)
    End If
    If Not token.Equals(IntPtr.Zero) Then
        CloseHandle(token)
    End If
End Function
4

1 回答 1

0

除非您特别需要使用 ANSI 版本的LogonUser,否则您应该在声明中使用 LogonUser 而不是 LogonUserA ,即

Declare Function LogonUser Lib "advapi32.dll"

您还应该验证被模拟的用户在本地计算机上是否具有交互式登录权限。

于 2013-07-01T17:15:48.537 回答