How to use LogonUser properly to impersonate domain user from workgroup client

ASP.NET: Impersonate against a domain on VMWare

This question is what I am asking, but the answer does not provide details on how the _token is derived. It seems to only use WindowsIdentity.GetCurrent().Token so there's no impersonation happening.

Can I impersonate a user on a different Active Directory domain in .NET?

This next question has conflicting answers, with the accepted one bearing a comment "I'm beginning to suspect that my problem lies elsewhere." Not helpful.

LogonUser works only for my domain

This next question seems to imply it is not possible, but it deals with 2 domains so I am not sure if it is relevant.

My real question is:

  • Is it possible? And if so,
  • How? or Where did I go wrong?
  • What I have tried so far is, using the code from http://msdn.microsoft.com/en-us/library/chf6fbt4%28v=VS.80%29.aspx

    bool returnValue = LogonUser(user, domain, password,
                LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT,
                ref tokenHandle);
    // after this point, returnValue = false
    

    The Win32 error is

    Logon failure: unknown user name or bad password


    Very few posts suggest using LOGON_TYPE_NEW_CREDENTIALS instead of LOGON_TYPE_NETWORK or LOGON_TYPE_INTERACTIVE . I had an impersonation issue with one machine connected to a domain and one not, and this fixed it. The last code snippet in this post suggests that impersonating across a forest does work, but it doesn't specifically say anything about trust being set up. So this may be worth trying:

    const int LOGON_TYPE_NEW_CREDENTIALS = 9;
    const int LOGON32_PROVIDER_WINNT50 = 3;
    bool returnValue = LogonUser(user, domain, password,
                LOGON_TYPE_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50,
                ref tokenHandle);
    

    MSDN says that LOGON_TYPE_NEW_CREDENTIALS only works when using LOGON32_PROVIDER_WINNT50 .


    这对我有用,完整的工作例子(我希望更多的人会这样做):

    //logon impersonation
    using System.Runtime.InteropServices; // DllImport
    using System.Security.Principal; // WindowsImpersonationContext
    using System.Security.Permissions; // PermissionSetAttribute
    
    ...
    
    class Program {
    
        // obtains user token
        [DllImport("advapi32.dll", SetLastError = true)]
        public static extern bool LogonUser(string pszUsername, string pszDomain, string pszPassword,
            int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
    
        // closes open handes returned by LogonUser
        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        public extern static bool CloseHandle(IntPtr handle);
    
        public void DoWorkUnderImpersonation() {
            //elevate privileges before doing file copy to handle domain security
            WindowsImpersonationContext impersonationContext = null;
            IntPtr userHandle = IntPtr.Zero;
            const int LOGON32_PROVIDER_DEFAULT = 0;
            const int LOGON32_LOGON_INTERACTIVE = 2;
            string domain = ConfigurationManager.AppSettings["ImpersonationDomain"];
            string user = ConfigurationManager.AppSettings["ImpersonationUser"];
            string password = ConfigurationManager.AppSettings["ImpersonationPassword"];
    
            try {
                Console.WriteLine("windows identify before impersonation: " + WindowsIdentity.GetCurrent().Name);
    
                // if domain name was blank, assume local machine
                if (domain == "")
                    domain = System.Environment.MachineName;
    
                // Call LogonUser to get a token for the user
                bool loggedOn = LogonUser(user,
                                            domain,
                                            password,
                                            LOGON32_LOGON_INTERACTIVE,
                                            LOGON32_PROVIDER_DEFAULT,
                                            ref userHandle);
    
                if (!loggedOn) {
                    Console.WriteLine("Exception impersonating user, error code: " + Marshal.GetLastWin32Error());
                    return;
                }
    
                // Begin impersonating the user
                impersonationContext = WindowsIdentity.Impersonate(userHandle);
    
                Console.WriteLine("Main() windows identify after impersonation: " + WindowsIdentity.GetCurrent().Name);
    
                //run the program with elevated privileges (like file copying from a domain server)
                DoWork();
    
            } catch (Exception ex) {
                Console.WriteLine("Exception impersonating user: " + ex.Message);
            } finally {
                // Clean up
                if (impersonationContext != null) {
                    impersonationContext.Undo();
                }
    
                if (userHandle != IntPtr.Zero) {
                    CloseHandle(userHandle);
                }
            }
        }
    
    
        private void DoWork() {
            //everything in here has elevated privileges
    
            //example access files on a network share through e$ 
            string[] files = System.IO.Directory.GetFiles(@"domainservere$images", "*.jpg");
        }
    }
    

    我在冒充另一个域中的用户方面取得了成功,但只有在这两个域之间建立了信任关系。

    var token = IntPtr.Zero;
    var result = LogonUser(userID, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token);
    if (result)
    {
        return WindowsIdentity.Impersonate(token);
    }
    
    链接地址: http://www.djcxy.com/p/36084.html

    上一篇: 将目录名递归追加到字符串

    下一篇: 如何正确使用LogonUser从工作组客户端模拟域用户