Question

我想要实现的是模拟特定用户的控制台应用程序。我已经研究过这个尝试找到解决方案，但我一直得到访问被拒绝的错误。这是我正在做的事情。请提供任何帮助，我已经为此工作了4天。

Imports System.Security
Imports System.Security.Principal

Imports System.Runtime.InteropServices
Imports System.Security.Permissions

Dim impersonationContext As WindowsImpersonationContext

Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
                        ByVal lpszDomain As String, _
                        ByVal lpszPassword As String, _
                        ByVal dwLogonType As Integer, _
                        ByVal dwLogonProvider As Integer, _
                        ByRef phToken As IntPtr) As Integer

Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
                        ByVal ExistingTokenHandle As IntPtr, _
                        ByVal ImpersonationLevel As Integer, _
                        ByRef DuplicateTokenHandle As IntPtr) As Integer

Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long

Public Sub Main(ByVal args As String())

    Dim w As StreamWriter
    Dim filepath As String = "C:\test_files\testFile.txt"

    Dim new_string As String
    new_string = ""

    Try
        If impersonateValidUser("USERNAME", "DOMAIN", "PASSWORD") Then
            'Insert your code that runs under the security context of a specific user here.
            'undoImpersonation()
        Else
            'Your impersonation failed. Therefore, include a fail-safe mechanism here.
        End If

        new_string = "Worked " & System.Security.Principal.WindowsIdentity.GetCurrent.Name

    Catch ex As Exception
        new_string = "Didnt work: " & ex.Message
    Finally

        If System.IO.File.Exists(filepath) Then
            File.Delete(filepath)
        End If

        w = File.CreateText(filepath)

        w.WriteLine(new_string)
        w.Flush()
        w.Close()

        'myConnection.Close()
    End Try

End Sub

Private Function impersonateValidUser(ByVal userName As String, ByVal domain As String, ByVal password As String) As Boolean

    Dim tempWindowsIdentity As WindowsIdentity
    Dim token As IntPtr = IntPtr.Zero
    Dim tokenDuplicate As IntPtr = IntPtr.Zero
    impersonateValidUser = False

    If RevertToSelf() Then
        If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
                     LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
            If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
                tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
                impersonationContext = tempWindowsIdentity.Impersonate()
                If Not impersonationContext Is Nothing Then
                    impersonateValidUser = True
                End If
            End If
        End If
    End If
    If Not tokenDuplicate.Equals(IntPtr.Zero) Then
        CloseHandle(tokenDuplicate)
    End If
    If Not token.Equals(IntPtr.Zero) Then
        CloseHandle(token)
    End If
End Function

Answer 1

除非您特别需要使用ANSI LogonUser版本，否则您应在声明中使用LogonUser而不是LogonUserA，即

Declare Function LogonUser Lib "advapi32.dll"

您还应该验证被模拟的用户是否具有本地计算机上的交互式登录权限。

尝试模拟用户时拒绝访问

1 个答案: