仅在运行代码的特定部分时模拟特定用户
2006-04-20 14:31
281 查看
本文引用下面的 Microsoft .NET Framework 类库命名空间:
Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
Dim impersonationContext As WindowsImpersonationContext
Declare Function LogonUserA()Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken()Function DuplicateToken Lib "advapi32.dll" ( _
ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As Integer
Declare Auto Function RevertToSelf()Function RevertToSelf Lib "advapi32.dll" () As Long
Declare Auto Function CloseHandle()Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long
Public Sub Page_Load()Sub Page_Load(ByVal s As Object, ByVal e As EventArgs)
If impersonateValidUser("username", "domain", "password") Then
'Insert your code that runs under the security context of a specific user here.
undoImpersonation()
Else
'Your impersonation failed. Therefore, include a fail-safe mechanism here.
End If
End Sub
Private Function impersonateValidUser()Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False
If RevertToSelf() Then
If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
End Function
Private Sub undoImpersonation()Sub undoImpersonation()
impersonationContext.Undo()
End Sub
以前用 Web.config 文件的 <identity> 标记,还是改成这种比较安全。
原文地址:http://support.microsoft.com/default.aspx?scid=kb;zh-cn;306158#4
| • | System.Web.Security |
| • | System.Security.Principal |
| • | System.Runtime.InteropServices |
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
Dim impersonationContext As WindowsImpersonationContext
Declare Function LogonUserA()Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken()Function DuplicateToken Lib "advapi32.dll" ( _
ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As Integer
Declare Auto Function RevertToSelf()Function RevertToSelf Lib "advapi32.dll" () As Long
Declare Auto Function CloseHandle()Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long
Public Sub Page_Load()Sub Page_Load(ByVal s As Object, ByVal e As EventArgs)
If impersonateValidUser("username", "domain", "password") Then
'Insert your code that runs under the security context of a specific user here.
undoImpersonation()
Else
'Your impersonation failed. Therefore, include a fail-safe mechanism here.
End If
End Sub
Private Function impersonateValidUser()Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False
If RevertToSelf() Then
If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
End Function
Private Sub undoImpersonation()Sub undoImpersonation()
impersonationContext.Undo()
End Sub
以前用 Web.config 文件的 <identity> 标记,还是改成这种比较安全。
原文地址:http://support.microsoft.com/default.aspx?scid=kb;zh-cn;306158#4
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- iphone 代码在真机上可以运行但在模拟其上不可运行
- 代码模拟用户登陆
- 浅谈思路严谨的管理软件中的用户在线状态控制【附部分C#参考代码】
- 编写代码实现,模拟用户登录情景,并且只能登录三次。 只允许输入三次密码,如果密码正确则提示登录成,如果三次均输入错误,则退出程序。
- 删除特定位置前面的字符串c++代码实例及运行结果
- crontab 中的指定特定的用户身份来运行相关的命令或者脚本
- Ubuntu下不能以根用户身份运行 Google Chrome 浏览器(部分转载)
- 应用程序-特定 权限设置并未向在应用程序容器 不可用 SID (不可用)中运行的地址 LocalHost (使用 LRPC) 中的用户
- Flask Web开发-用户认证部分代码分析(一)
- 在MAC下调试运行暗黑世界客户端及部分代码注解(基于Firefly)(转)
- vb的winio模拟键盘鼠标部分参考代码
- 浅谈思路严谨的管理软件中的用户在线状态控制【附部分C#参考代码】
- 模拟登陆网站 之 C#版(内含两种版本的完整的可运行的代码)
- 浅谈思路严谨的管理软件中的用户在线状态控制【附部分C#参考代码】
- SSM各部分代码运行流程-未完成
- [置顶] 恶意代码--联通营业厅APP与合作商泰合佳通TESCOMM上传手机用户部分隐私
- 浅谈思路严谨的管理软件中的用户在线状态控制【附部分C#参考代码】
- 删除特定位置前面的字符串c++代码实例及运行结果
- :让一个运行在SYSTEM权限下的进程与当前用户的桌面进行交互 代码:
- 在线用户和访问记录管理项目(代码部分)