1. Zuhause
  2. Frage und Antwort
  3. Core 2.0 - beste Möglichkeit, sich als Windows-Benutzer auszugeben?

Core 2.0 - beste Möglichkeit, sich als Windows-Benutzer auszugeben?

2017-11-02 2 views
1

Mit .NET Web-Anwendungen, ich bin einfach ein Windows-Benutzer verkörpern können genug, um diese Klasse verwenden: dieseCore 2.0 - beste Möglichkeit, sich als Windows-Benutzer auszugeben?

/// <summary> 
/// TOOLS IMPERSONATION 
/// </summary> 
namespace Tools 
{ 
    #region Using directives. 
    // ---------------------------------------------------------------------- 

    using System; 
    using System.Security.Principal; 
    using System.Runtime.InteropServices; 
    using System.ComponentModel; 

    // ---------------------------------------------------------------------- 
    #endregion 

    ///////////////////////////////////////////////////////////////////////// 

    /// <summary> 
    /// Impersonation of a user. Allows to execute code under another 
    /// user context. 
    /// Please note that the account that instantiates the Impersonator class 
    /// needs to have the 'Act as part of operating system' privilege set. 
    /// </summary> 
    /// <remarks> 
    /// This class is based on the information in the Microsoft knowledge base 
    /// article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158 
    /// 
    /// Encapsulate an instance into a using-directive like e.g.: 
    /// 
    ///  ... 
    ///  using (new Impersonator("myUsername", "myDomainname", "myPassword")) 
    ///  { 
    ///   ... 
    ///   [code that executes under the new context] 
    ///   ... 
    ///  } 
    ///  ... 
    /// 
    /// Please contact the author Uwe Keim (mailto:[email protected]) 
    /// for questions regarding this class. 
    /// </remarks> 
    public class Impersonator : 
     IDisposable 
    { 
     #region Public methods. 
     // ------------------------------------------------------------------ 

     /// <summary> 
     /// Constructor. Starts the impersonation with the given credentials. 
     /// Please note that the account that instantiates the Impersonator class 
     /// needs to have the 'Act as part of operating system' privilege set. 
     /// </summary> 
     /// <param name="userName">The name of the user to act as.</param> 
     /// <param name="domainName">The domain name of the user to act as.</param> 
     /// <param name="password">The password of the user to act as.</param> 
     public Impersonator(
      string userName, 
      string domainName, 
      string password) 
     { 
      ImpersonateValidUser(userName, domainName, password); 
     } 

     // ------------------------------------------------------------------ 
     #endregion 

     #region IDisposable member. 
     // ------------------------------------------------------------------ 

     public void Dispose() 
     { 
      UndoImpersonation(); 
     } 

     // ------------------------------------------------------------------ 
     #endregion 

     #region P/Invoke. 
     // ------------------------------------------------------------------ 

     [DllImport("advapi32.dll", SetLastError = true)] 
     private static extern int LogonUser(
      string lpszUserName, 
      string lpszDomain, 
      string lpszPassword, 
      int dwLogonType, 
      int dwLogonProvider, 
      ref IntPtr phToken); 

     [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
     private static extern int DuplicateToken(
      IntPtr hToken, 
      int impersonationLevel, 
      ref IntPtr hNewToken); 

     [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
     private static extern bool RevertToSelf(); 

     [DllImport("kernel32.dll", CharSet = CharSet.Auto)] 
     private static extern bool CloseHandle(
      IntPtr handle); 

     private const int LOGON32_LOGON_INTERACTIVE = 2; 
     private const int LOGON32_PROVIDER_DEFAULT = 0; 

     // ------------------------------------------------------------------ 
     #endregion 

     #region Private member. 
     // ------------------------------------------------------------------ 

     /// <summary> 
     /// Does the actual impersonation. 
     /// </summary> 
     /// <param name="userName">The name of the user to act as.</param> 
     /// <param name="domainName">The domain name of the user to act as.</param> 
     /// <param name="password">The password of the user to act as.</param> 
     private void ImpersonateValidUser(
      string userName, 
      string domain, 
      string password) 
     { 
      WindowsIdentity tempWindowsIdentity = null; 
      IntPtr token = IntPtr.Zero; 
      IntPtr tokenDuplicate = IntPtr.Zero; 

      try 
      { 
       if (RevertToSelf()) 
       { 
        if (LogonUser(
         userName, 
         domain, 
         password, 
         LOGON32_LOGON_INTERACTIVE, 
         LOGON32_PROVIDER_DEFAULT, 
         ref token) != 0) 
        { 
         if (DuplicateToken(token, 2, ref tokenDuplicate) != 0) 
         { 
          tempWindowsIdentity = new WindowsIdentity(tokenDuplicate); 
          impersonationContext = tempWindowsIdentity.Impersonate(); 
         } 
         else 
         { 
          throw new Win32Exception(Marshal.GetLastWin32Error()); 
         } 
        } 
        else 
        { 
         throw new Win32Exception(Marshal.GetLastWin32Error()); 
        } 
       } 
       else 
       { 
        throw new Win32Exception(Marshal.GetLastWin32Error()); 
       } 
      } 
      finally 
      { 
       if (token != IntPtr.Zero) 
       { 
        CloseHandle(token); 
       } 
       if (tokenDuplicate != IntPtr.Zero) 
       { 
        CloseHandle(tokenDuplicate); 
       } 
      } 
     } 

     /// <summary> 
     /// Reverts the impersonation. 
     /// </summary> 
     private void UndoImpersonation() 
     { 
      if (impersonationContext != null) 
      { 
       impersonationContext.Undo(); 
      } 
     } 

     private WindowsImpersonationContext impersonationContext = null; 

     // ------------------------------------------------------------------ 
     #endregion 
    } 

    ///////////////////////////////////////////////////////////////////////// 
}

Allerdings kann ich nicht Netz mit asp verwenden Core 2.0, erhalte ich die Fehler WindowsIdentity does not contain a definition for 'Impersonate'

Kann jemand das reparieren (oder eine Alternative verwenden, die so einfach funktioniert) für asp net core 2.0?

Jede Hilfe wird geschätzt.

(Post ist in erster Linie Code, das Hinzufügen von Text, so kann ich Frage einreichen /// .)

Quelle

2017-11-02 R. StackUser

+0

Werfen Sie einen Blick auf diese. Core funktioniert nicht auf die gleiche Weise mit Identitätswechsel. https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?tabs=aspnetcore2x –

Antwort

-1

ein funktionierendes Beispiel gefunden:

// The following example demonstrates the use of the WindowsIdentity class to impersonate a user. 
// IMPORTANT NOTE: 
// This sample asks the user to enter a password on the console screen. 
// The password will be visible on the screen, because the console window 
// does not support masked input natively. 


using System; 
using System.Runtime.InteropServices; 
using System.Security; 
using System.Security.Principal; 
using Microsoft.Win32.SafeHandles; 

public class ImpersonationDemo 
{ 
    [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] 
    public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, 
     int dwLogonType, int dwLogonProvider, out SafeAccessTokenHandle phToken); 

    public static void Main() 
    { 
     // Get the user token for the specified user, domain, and password using the 
     // unmanaged LogonUser method. 
     // The local machine name can be used for the domain name to impersonate a user on this machine. 
     Console.Write("Enter the name of the domain on which to log on: "); 
     string domainName = Console.ReadLine(); 

     Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName); 
     string userName = Console.ReadLine(); 

     Console.Write("Enter the password for {0}: ", userName); 

     const int LOGON32_PROVIDER_DEFAULT = 0; 
     //This parameter causes LogonUser to create a primary token. 
     const int LOGON32_LOGON_INTERACTIVE = 2; 

     // Call LogonUser to obtain a handle to an access token. 
     SafeAccessTokenHandle safeAccessTokenHandle; 
     bool returnValue = LogonUser(userName, domainName, Console.ReadLine(), 
      LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, 
      out safeAccessTokenHandle); 

     if (false == returnValue) 
     { 
      int ret = Marshal.GetLastWin32Error(); 
      Console.WriteLine("LogonUser failed with error code : {0}", ret); 
      throw new System.ComponentModel.Win32Exception(ret); 
     } 

     Console.WriteLine("Did LogonUser Succeed? " + (returnValue ? "Yes" : "No")); 
     // Check the identity. 
     Console.WriteLine("Before impersonation: " + WindowsIdentity.GetCurrent().Name); 

     // Note: if you want to run as unimpersonated, pass 
     //  'SafeAccessTokenHandle.InvalidHandle' instead of variable 'safeAccessTokenHandle' 
     WindowsIdentity.RunImpersonated(
      safeAccessTokenHandle, 
      // User action 
      () => 
      { 
       // Check the identity. 
       Console.WriteLine("During impersonation: " + WindowsIdentity.GetCurrent().Name); 
      } 
      ); 

     // Check the identity again. 
     Console.WriteLine("After impersonation: " + WindowsIdentity.GetCurrent().Name); 
    } 
}

https://msdn.microsoft.com/en-us/library/dn906220(v=vs.110).aspx

Quelle

2017-11-02 21:13:29

Verwandte Themen

 Verwandte Themen