将密码保存到.rdp文件的问题

时间:2011-07-06 10:12:22

标签: asp.net

我创建了ASP.Net页面,它创建.rdp文件,然后按如下所示打开它:

 public static void Rdc(String server, String UserName, String password, out String filename)
{
    String ss= Environment.UserName;
    filename = @"c:\temp.rdp";
    if(File.Exists(filename))
        File.Delete(filename);
    if (!File.Exists(filename))
    {
        using (FileStream fs = File.Create(filename))

        using (StreamWriter sw = new StreamWriter(fs))
        {
            sw.WriteLine("screen mode id:i:2");
            sw.WriteLine("desktopwidth:i:1440");
            sw.WriteLine("desktopheight:i:900");
            sw.WriteLine("session bpp:i:32");
            sw.WriteLine("winposstr:s:0,1,4,12,1440,864");
            sw.WriteLine("compression:i:1");
            sw.WriteLine("keyboardhook:i:2");
            sw.WriteLine("administrative session:i:1");
            sw.WriteLine("displayconnectionbar:i:1");
            sw.WriteLine("disable wallpaper:i:1");
            sw.WriteLine("disable full window drag:i:1");
            sw.WriteLine("allow desktop composition:i:0");
            sw.WriteLine("allow font smoothing:i:0");
            sw.WriteLine("disable menu anims:i:1");
            sw.WriteLine("disable themes:i:0");
            sw.WriteLine("disable cursor setting:i:0");
            sw.WriteLine("bitmapcachepersistenable:i:1");
            sw.WriteLine("full address:s:" + server);
            sw.WriteLine("username:s:" + UserName);
            sw.WriteLine("password 51:b:" + rdpEncrypt(password));                
            sw.WriteLine("audiomode:i:0");
            sw.WriteLine("redirectprinters:i:1");
            sw.WriteLine("redirectcomports:i:0");
            sw.WriteLine("redirectsmartcards:i:1");
            sw.WriteLine("redirectclipboard:i:1");
            sw.WriteLine("redirectposdevices:i:0");
            sw.WriteLine("autoreconnection enabled:i:1");
            sw.WriteLine("authentication level:i:0");
            sw.WriteLine("prompt for credentials:i:0");
            sw.WriteLine("negotiate security layer:i:1");
            sw.WriteLine("remoteapplicationmode:i:0");
        }

    }
}

然后从网页上调用它:

  public static Boolean openrdp(string path)
{
    // Get the physical Path of the file 
    string filepath = path;

    // Create New instance of FileInfo class to get the properties of the file being downloaded 
    FileInfo file = new FileInfo(filepath);

    // Checking if file exists 
    if (file.Exists)
    {
        // Clear the content of the response 
        HttpContext.Current.Response.ClearContent();

        // LINE1: Add the file name and attachment, which will force the open/cance/save dialog to show, to the header 
        //Response.AddHeader("Content-Disposition", "attachment; filename=" + file.Name); 
        HttpContext.Current.Response.AddHeader("Content-Disposition", "inline; filename=" + file.Name);


        // Add the file size into the response header 
        HttpContext.Current.Response.AddHeader("Content-Length", file.Length.ToString());

        // Set the ContentType 
        HttpContext.Current.Response.ContentType = ReturnExtension(file.Extension.ToLower());

        // Write the file into the response (TransmitFile is for ASP.NET 2.0. In ASP.NET 1.1 you have to use WriteFile instead) 
        HttpContext.Current.Response.TransmitFile(file.FullName);

        // End the response 
        HttpContext.Current.Response.End();

        return true;
    }
    else
        return false;
}
public static string ReturnExtension(string fileExtension)
{
    switch (fileExtension)
    {
        case ".htm":
        case ".html":
        case ".log":
            return "text/HTML";
        case ".txt":
            return "text/plain";
        case ".docx":
            return "application/vnd.openxmlformats-officedocument.wordprocessingml.document";
        case ".doc":
            return "application/msword";
        case ".tiff":
        case ".tif":
            return "image/tiff";
        case ".asf":
            return "video/x-ms-asf";
        case ".avi":
            return "video/avi";
        case ".zip":
            return "application/zip";
        case ".xls":
        case ".csv":
            return "application/vnd.ms-excel";
        case ".gif":
            return "image/gif";
        case ".jpg":
        case "jpeg":
            return "image/jpeg";
        case ".bmp":
            return "image/bmp";
        case ".wav":
            return "audio/wav";
        case ".mp3":
            return "audio/mpeg3";
        case ".mpg":
        case "mpeg":
            return "video/mpeg";
        case ".rtf":
            return "application/rtf";
        case ".asp":
            return "text/asp";
        case ".pdf":
            return "application/pdf";
        case ".fdf":
            return "application/vnd.fdf";
        case ".ppt":
            return "application/mspowerpoint";
        case ".dwg":
            return "image/vnd.dwg";
        case ".msg":
            return "application/msoutlook";
        case ".xml":
        case ".sdxl":
            return "application/xml";
        case ".xdp":
            return "application/vnd.adobe.xdp+xml";
        case ".rdp":
            return "application/x-rdp";
        default:
            return "application/octet-stream";
    }

}

远程连接打开但只有用户名而没有密码的问题ID。 注意:我在.rdp文件中加密密码

任何想法?

1 个答案:

答案 0 :(得分:1)

我猜测RDP文件中的密码是由保存它的用户(即Web应用程序池用户)加密的。并在打开时动态解密。

因此,如果其他用户尝试打开它(即用户下载文件),则无法读取加密密码。

修改

查看此article about generating RDP files

看起来CryptProtectData函数用于加密信息。根据{{​​3}},这只能由具有相同用户凭据的人解密,并且通常在同一台计算机上执行加密。 msdn文章确实提到了使用漫游配置文件在其他计算机上解密。

因此,您可以使用Active Directory验证您的ASP.net并在进行加密时模拟用户,然后他们可以在本地计算机上解密。

我看到的另一件事是“Juniper”上的终端服务启动了远程桌面并自动登录。所以也许研究这个可能会给你另一种选择。您可以在serverfault.com上获得有关Juniper的更多详细信息

相关问题
最新问题