3

我有一个应用程序,用户在其中输入凭据,我使用它创建一个 WindowsIdentity 对象,随后我使用该对象模拟与输入的凭据对应的用户并进行 CredWrite 调用。然而,它正在回归

ERROR_NO_SUCH_LOGON_SESSION 1312 (0x520) 指定的登录会话不存在。它可能已经被终止。

当我取出模拟代码时,一切都按预期工作。但是,即使我冒充自己(当前登录用户),也会返回相同的 1312 错误。

我对自己做错了什么感到困惑。任何指针表示赞赏。

IntPtr token = new IntPtr(0);
securityUtils = new Security.Utility();
string user = "someuser";
string pass = "somepassword";
token = securityUtils.GetToken(user, "somedomain", pass.ConvertToSecureString());
var newId = new WindowsIdentity(token);
string currentUser1 = WindowsIdentity.GetCurrent().Name;
Impersonation.Impersonate(newId);
string currentUser2 = WindowsIdentity.GetCurrent().Name;
int result = WriteCredential("dummykey", user.ConvertToSecureString(), pass.ConvertToSecureString());
Impersonation.UnImpersonate();
string currentUser3 = WindowsIdentity.GetCurrent().Name;

GetToken 方法进行 LogonUser 调用。我通过查看 currentUser1/2/3 验证了模拟是否有效。

WriteCredential 方法如下所示:

public static int WriteCredential(string key, SecureString userName, SecureString password)
{
    if (string.IsNullOrEmpty(key))
    {
        throw new ArgumentNullException("key is null or empty");
    }

    if (userName == null || userName.Length == 0)
    {
        throw new ArgumentNullException("userName is null or empty");
    }

    if (password == null || password.Length == 0)
    {
        throw new ArgumentNullException("password is null or empty");
    }

    string passwordAsString = password.ConvertToUnsecureString();
    byte[] byteArray = Encoding.Unicode.GetBytes(passwordAsString);

    if (byteArray.Length > MaximumCredentialBlobSize)
    {
        throw new ArgumentOutOfRangeException(string.Format("The password message has exceeded {0} bytes.", MaximumCredentialBlobSize));
    }

    Credential cred = new Credential();
    cred.TargetName = System.Runtime.InteropServices.Marshal.StringToCoTaskMemUni(key);
    cred.CredentialBlob = System.Runtime.InteropServices.Marshal.StringToCoTaskMemUni(passwordAsString);
    cred.CredentialBlobSize = (uint)Encoding.Unicode.GetBytes(passwordAsString).Length;
    cred.AttributeCount = 0;
    cred.Attributes = IntPtr.Zero;
    cred.Comment = IntPtr.Zero;
    cred.TargetAlias = System.Runtime.InteropServices.Marshal.StringToCoTaskMemUni(key);
    cred.Type = CredentialType.CRED_TYPE_GENERIC;
    cred.Persist = Persistance.CRED_PERSIST_ENTERPRISE;
    cred.UserName = System.Runtime.InteropServices.Marshal.StringToCoTaskMemUni(userName.ConvertToUnsecureString());

    bool written = CredWrite(ref cred, 0);
    int lastError = Marshal.GetLastWin32Error();

    if (!written)
    {
        return lastError;
    }

    return 0;
}

凭证结构:

[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
private struct Credential
{
    public uint Flags;
    public CredentialType Type;
    public IntPtr TargetName;
    public IntPtr Comment;
    public System.Runtime.InteropServices.ComTypes.FILETIME LastWritten;
    public uint CredentialBlobSize;
    public IntPtr CredentialBlob;
    public Persistance Persist;
    public uint AttributeCount;
    public IntPtr Attributes;
    public IntPtr TargetAlias;
    public IntPtr UserName;
}

DLL导入:

[DllImport("Advapi32.dll", EntryPoint = "CredWriteW", CharSet = CharSet.Unicode, SetLastError = true)]
private static extern bool CredWrite([In] ref Credential userCredential, [In] uint flags);
4

1 回答 1

4

解决方案是在进行 WriteCredential 调用之前为被模拟的用户显式加载配置文件。在模拟该用户之前进行 LoadProfile 调用很重要。

于 2013-08-29T18:16:14.937 回答