我一直在研究一些通过本地域复制文件的应用程序。当我尝试使用Windows XP上的应用程序复制文件时,使用完全没有权利的帐户可以模仿帐户,一切都完美无缺。但是,当我在Windows 7上冒充与上述帐户相同的帐户时,应用程序在第一行返回“拒绝访问”
我在Impersonate msdn上使用了相同的代码段代码,但这是我的fileSeeker函数:
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
// Test harness.
// If you incorporate this code into a DLL, be sure to demand FullTrust.
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
public impersonateSetting(string userName, string domainName, string password, string pathToSeek)
{
SafeTokenHandle safeTokenHandle;
try
{
const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 2;
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(userName, domainName, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeTokenHandle);
Console.WriteLine("LogonUser called.");
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
Console.WriteLine("LogonUser failed with error code : {0}", ret);
throw new System.ComponentModel.Win32Exception(ret);
}
using (safeTokenHandle)
{
Console.WriteLine("Did LogonUser Succeed? " + (returnValue ? "Yes" : "No"));
Console.WriteLine("Value of Windows NT token: " + safeTokenHandle);
// Check the identity.
Console.WriteLine("Before impersonation: "
+ WindowsIdentity.GetCurrent().Name);
// Use the token handle returned by LogonUser.
using (WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()))
{
using (WindowsImpersonationContext impersonatedUser = newId.Impersonate())
{
// Check the identity.
Console.WriteLine("After impersonation: "
+ WindowsIdentity.GetCurrent().Name);
fileRunner.fileSeeker(pathToSeek, true);
}
}
// Releasing the context object stops the impersonation
// Check the identity.
Console.WriteLine("After closing the context: " + WindowsIdentity.GetCurrent().Name);
}
}
catch (Exception ex)
{
Console.WriteLine("Exception occurred. " + ex.Message);
}
}
}
public sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid
{
private SafeTokenHandle()
: base(true)
{
}
[DllImport("kernel32.dll")]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
[SuppressUnmanagedCodeSecurity]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CloseHandle(IntPtr handle);
protected override bool ReleaseHandle()
{
return CloseHandle(handle);
}
fileSeeker函数:
public static void fileSeeker(string paramFrom, bool copySub)
{
DirectoryInfo dir = new DirectoryInfo(paramFrom);
DirectoryInfo[] dirs = dir.GetDirectories();
try
{
FileInfo[] files = dir.GetFiles();
foreach (FileInfo file in files)
{
string temppath = Path.Combine(paramFrom, file.Name);
try
{
Console.WriteLine("Accessing: " + temppath);
}
catch
{
Console.WriteLine("Cant Access to " + temppath);
}
}
if (copySub)
{
foreach (DirectoryInfo subdir in dirs)
{
string temppath = Path.Combine(paramFrom, subdir.Name);
fileSeeker(subdir.FullName, copySub);
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
}
}
}
感谢您的帮助!
答案 0 :(得分:0)
如果此处失败,FileInfo[] files = dir.GetFiles();,您模拟的帐户可能无权访问运行此帐户的Win7计算机上的dir路径,请确保此帐户可以访问首先是源路径,模拟代码似乎很好