Imitator Benutzer in Codebehind

Question

Ich möchte einen bestimmten Benutzer in Code imitieren, um einige Dateimanipulation auf einem Remotecomputer durchzuführen. Das Problem, das ich habe, ist, dass ich nicht imitieren kann, um zu arbeiten. Ich verwende den Code aus dem Microsoft-Artikel hier gefunden: How to implement impersonation in an ASP.NET application

Ich möchte Richtung auf, wie/wo der Debugging-Prozess zu starten. Hier sind meine Dateien:

Test.aspx:

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Test.aspx.vb" Inherits="TraceFile_Test" %> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 

<html xmlns="http://www.w3.org/1999/xhtml"> 
<head runat="server"> 
    <title></title> 
</head> 
<body> 
    <form id="form1" runat="server"> 
    <div> 
    This is the test page!<br /> 
    <br /> 
    Result: <asp:Label ID="lblResult" runat="server"></asp:Label><br /> 
    <br /> 
    <asp:Button ID="btnRunTest" Text="Run Test" runat="server" /> 
    </div> 
    </form> 
</body> 
</html> 

Test.aspx.vb:

Imports System.Web 
Imports System.Web.Security 
Imports System.Security.Principal 
Imports System.Runtime.InteropServices 

Partial Class TraceFile_Test 
    Inherits System.Web.UI.Page 


    Dim LOGON32_LOGON_INTERACTIVE As Integer = 2 
    Dim LOGON32_PROVIDER_DEFAULT As Integer = 0 

    Dim impersonationContext As WindowsImpersonationContext 

    Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _ 
          ByVal lpszDomain As String, _ 
          ByVal lpszPassword As String, _ 
          ByVal dwLogonType As Integer, _ 
          ByVal dwLogonProvider As Integer, _ 
          ByRef phToken As IntPtr) As Integer 

    Declare Auto Function DuplicateToken Lib "advapi32.dll" (_ 
          ByVal ExistingTokenHandle As IntPtr, _ 
          ByVal ImpersonationLevel As Integer, _ 
          ByRef DuplicateTokenHandle As IntPtr) As Integer 

    Declare Auto Function RevertToSelf Lib "advapi32.dll"() As Long 
    Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long 


    Public Sub Page_Load(ByVal s As Object, ByVal e As EventArgs) 
     lblResult.Text = "Hit button to run test, please." 
    End Sub 

    Private Function impersonateValidUser(ByVal userName As String, _ 
    ByVal domain As String, ByVal password As String) As Boolean 

     Dim tempWindowsIdentity As WindowsIdentity 
     Dim token As IntPtr = IntPtr.Zero 
     Dim tokenDuplicate As IntPtr = IntPtr.Zero 
     impersonateValidUser = False 

     If RevertToSelf() Then 
      If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then 
       If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then 
        tempWindowsIdentity = New WindowsIdentity(tokenDuplicate) 
        impersonationContext = tempWindowsIdentity.Impersonate() 
        If Not impersonationContext Is Nothing Then 
         impersonateValidUser = True 
        End If 
       End If 
      End If 
     End If 
     If Not tokenDuplicate.Equals(IntPtr.Zero) Then 
      CloseHandle(tokenDuplicate) 
     End If 
     If Not token.Equals(IntPtr.Zero) Then 
      CloseHandle(token) 
     End If 
    End Function 

    Private Sub undoImpersonation() 
     impersonationContext.Undo() 
    End Sub 


    Protected Sub btnRunTest_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnRunTest.Click 
     If impersonateValidUser("myUserName", "myDomain", "myPassword") Then 
      'Insert your code that runs under the security context of a specific user here. 
      Trace.Write("impersonation successful!") 
      lblResult.Text = "success" 
      undoImpersonation() 
     Else 
      'Your impersonation failed. Therefore, include a fail-safe mechanism here. 
      Trace.Write("impersonation failed!") 
      lblResult.Text = "fail" 
     End If 
    End Sub 
End Class 

ich echte Anmeldeinformationen mit myUserName ersetzt, myDomain und myPassword für die Post.

Der Webserver ist ein Windows 2008-Server, auf dem IIS 7 ausgeführt wird. Ich bin kein Server-Typ, daher weiß ich nicht, wo der Fehlerbehebungsprozess sein soll. Ist das Problem mit der Code- oder Serverseite?

Wie immer, vielen Dank im Voraus für die Zeit zu helfen!

Answer 1

Hier ist der Code, den ich in der Produktion verwende.

Zuerst wird die Klasse, sehr ähnlich wie bei Ihnen:

Imports System.Security.Principal 
Imports System.Security.Permissions 
Imports System.Diagnostics 
Imports System.Runtime.InteropServices 
Imports System.Security 

Public Class LogonAPI 
    Public Const SECURITY_IMPERSONATION_LEVEL_SecurityAnonymous As Integer = 0 
    Public Const SECURITY_IMPERSONATION_LEVEL_SecurityIdentification As Integer = 1 
    Public Const SECURITY_IMPERSONATION_LEVEL_SecurityImpersonation As Integer = 2 
    Public Const SECURITY_IMPERSONATION_LEVEL_SecurityDelegation As Integer = 3 

    Public Const LOGON32_PROVIDER_DEFAULT As Integer = 0 
    Public Const LOGON32_PROVIDER_WINNT35 As Integer = 1 
    Public Const LOGON32_PROVIDER_WINNT40 As Integer = 2 
    Public Const LOGON32_PROVIDER_WINNT50 As Integer = 3 

    Public Const LOGON32_LOGON_INTERACTIVE As Integer = 2 
    Public Const LOGON32_LOGON_NETWORK As Integer = 3 
    Public Const LOGON32_LOGON_BATCH As Integer = 4 
    Public Const LOGON32_LOGON_SERVICE As Integer = 5 
    Public Const LOGON32_LOGON_UNLOCK As Integer = 7 
    Public Const LOGON32_LOGON_NETWORK_CLEARTEXT As Integer = 8 
    Public Const LOGON32_LOGON_NEW_CREDENTIALS As Integer = 9 

    Public Const ERROR_LOGON_FAILURE As Integer = 1326 

    <DllImport("advapi32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _ 
    Public Shared Function LogonUser(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, ByRef phToken As IntPtr) As Boolean 
    End Function 

    <DllImport("advapi32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _ 
    Public Shared Function RevertToSelf() As Boolean 
    End Function 

    <DllImport("kernel32.dll", CharSet:=CharSet.Auto)> _ 
    Public Shared Function CloseHandle(ByVal handle As IntPtr) As Boolean 
    End Function 

    <DllImport("advapi32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _ 
    Public Shared Function DuplicateToken(ByVal hToken As IntPtr, ByVal impersonationLevel As Integer, ByRef hNewToken As IntPtr) As Integer 
    End Function 

    Public Shared Function Login(ByVal Username As String, ByVal Domain As String, ByVal Password As String) As WindowsIdentity 
     Dim secPerm As New SecurityPermission(SecurityPermissionFlag.UnmanagedCode) 
     secPerm.Assert() 

     Dim user As WindowsIdentity = Nothing 

     Dim refToken As IntPtr = IntPtr.Zero 
     Dim loggedIn As Boolean 

     loggedIn = LogonAPI.LogonUser(Username, Domain, Password, LogonAPI.LOGON32_LOGON_NETWORK_CLEARTEXT, LogonAPI.LOGON32_PROVIDER_DEFAULT, refToken) 

     If loggedIn = True Then 
      user = New WindowsIdentity(refToken, "NTLM", WindowsAccountType.Normal, True) 
     End If 
     CodeAccessPermission.RevertAssert() 

     Return user 
    End Function 
End Class 

ich es testen, indem Sie anrufen:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load 
    Dim ident As WindowsIdentity = LogonAPI.Login("user", "Domain", "password") 

    Dim imp = ident.Impersonate() 

    'impersonation code 
    Response.Write("Impersonating") 

    imp.Undo() 
End Sub