我使用DirectoryServices和WinNT://提供程序连接到远程计算机。然后,我检查一些组成员身份信息,并可能从指定的本地组添加或删除域用户。
我已经能够使用vb.net控制台应用程序以及与我的本地邮箱进行通信时,或者使用我登录的帐户具有管理权限的任何方框,使所有这些代码顺利运行。
代码:
string strUserPath = "WinNT://DomainName/someuser,user";
DirectoryEntry deComputer = new DirectoryEntry("WinNT://" + Computername + ",computer");
deComputer.RefreshCache();
DirectoryEntry deGroup = deComputer.Children.Find("administrators", "group");
IEnumerable members = deGroup.Invoke("members", null);
List<DirectoryEntry> r = new List<DirectoryEntry>();
foreach (object o in members)
{
DirectoryEntry deMember = new DirectoryEntry(o);
r.Add(deMember);
}
deGroup.Invoke("Add", strUserPath);
deGroup.CommitChanges();
deGroup.Invoke("Remove", strUserPath);
deGroup.CommitChanges();
所以我将代码移动到ASP.Net Web应用程序,该应用程序通过web.config的Impersonate部分模拟服务帐户。我冒充的帐户在任何工作站上都没有管理员权限,因此我将用户名/密码输入到计算机条目的构造函数中,如下所示:
DirectoryEntry deComputer = new DirectoryEntry("WinNT://" + Computername + ",computer", username, password);
用户名是域帐户的用户名,该帐户在每个工作站上具有本地管理员权限。如果我查看生成的deComputer对象的Username属性,我可以看到用户名与我输入的用户名相匹配。此外,如果我输入的密码无效,则会抛出错误,因此它会以某种方式进行身份验证。
但是,如果我现在尝试从远程工作站添加或删除用户,我会收到一般访问被拒绝错误。如果我添加ASP.Net在该工作站上作为本地管理员使用的服务帐户,它将添加并删除没有问题。
接下来,我尝试使用LogonAPI(advapi32.dll - &gt; LogonUser调用)作为所有工作站上的本地管理员的用户帐户登录,模拟生成的WindowsIdentitiy并尝试仅运行原始的deComputer实例化。当我这样做时,每个属性,例外路径,返回一个OLE异常......
我很想念下一步该尝试什么。任何帮助将不胜感激。
- 解决方法 -
要解决此问题,我们创建了一个在本地管理员帐户下运行的Windows服务,因此运行代码时没有任何问题。我们将所有更新推送到SQL数据库中的表中,然后服务将其选中并处理它们。但是,我仍然真的想知道为什么这不起作用,直接从网站推送更新会很好。
答案 0 :(得分:1)
您是否尝试在用户名和密码后使用AuthenticationTypes.Secure作为DirectoryEntry的附加参数?
顺便说一下,如果要连接到远程计算机,则不应使用LogonUser。正确的API是WNetAddConnection2(请参阅http://msdn.microsoft.com/en-us/library/aa385413.aspx)或NetUseAdd(请参阅http://msdn.microsoft.com/en-us/library/aa370645.aspx)
答案 1 :(得分:0)
由于这是一个很受欢迎的问题,我已将答案分开并将代码转换为C#
这是最适合我的代码。在使用DirectoryEntry之前,它首先使用WNetAddConnection2建立连接。
public static class CredentialSetter
{
public static void SetCredentials()
{
string Computername = "SomeComputer";
//Create connection to remote computer'
using (NetworkConnection nc = new NetworkConnection("\\\\" + Computername + "", new NetworkCredential("Domain\\Login", "Password")))
{
//try connecting using DirectoryEntry to the same machine and add me as a user'
string strUserPath = string.Format("WinNT://{0}/{1},user", "DOMAIN", "USER");
DirectoryEntry deGroup = new DirectoryEntry("WinNT://" + Computername + "/Administrators");
deGroup.RefreshCache();
//add and remove the user from the group'
deGroup.Invoke("Add", strUserPath);
deGroup.CommitChanges();
Console.WriteLine("User Added to computer " + Computername);
deGroup.Invoke("Remove", strUserPath);
deGroup.CommitChanges();
Console.WriteLine("User Removed from computer " + Computername);
deGroup.Close();
}
Console.ReadLine();
}
public class NetworkConnection : IDisposable
{
private string _networkName;
public NetworkConnection(string networkName, NetworkCredential credentials)
{
_networkName = networkName;
dynamic netResource = new NetResource
{
Scope = ResourceScope.GlobalNetwork,
ResourceType = ResourceType.Disk,
DisplayType = ResourceDisplaytype.Share,
RemoteName = networkName
};
dynamic result = WNetAddConnection2(netResource, credentials.Password, credentials.UserName, 0);
if (result != 0)
{
throw new IOException("Error connecting to remote share", result);
}
}
~NetworkConnection()
{
Dispose(false);
}
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
protected void Dispose(bool disposing)
{
WNetCancelConnection2(_networkName, 0, true);
}
[DllImport("mpr.dll")]
private static extern int WNetAddConnection2(NetResource netResource, string password, string username, int flags);
[DllImport("mpr.dll")]
private static extern int WNetCancelConnection2(string name, int flags, bool force);
}
[StructLayout(LayoutKind.Sequential)]
public class NetResource
{
public ResourceScope Scope;
public ResourceType ResourceType;
public ResourceDisplaytype DisplayType;
public int Usage;
public string LocalName;
public string RemoteName;
public string Comment;
public string Provider;
}
public enum ResourceScope : int
{
Connected = 1,
GlobalNetwork,
Remembered,
Recent,
Context
}
public enum ResourceType : int
{
Any = 0,
Disk = 1,
Print = 2,
Reserved = 8
}
public enum ResourceDisplaytype : int
{
Generic = 0x0,
Domain = 0x1,
Server = 0x2,
Share = 0x3,
File = 0x4,
Group = 0x5,
Network = 0x6,
Root = 0x7,
Shareadmin = 0x8,
Directory = 0x9,
Tree = 0xa,
Ndscontainer = 0xb
}
}
答案 2 :(得分:-1)
错误(0x80004005):未指定错误
我遇到了一些问题,连接到远程窗口时出现错误错误(0x80004005):未指定错误。我解决如下:
//Define path
//This path uses the full path of user authentication
String path = string.Format("WinNT://{0}/{1},user", server_address, username);
DirectoryEntry deBase = null;
try
{
//Try to connect with secure connection
deBase = new DirectoryEntry(path, username, _passwd, AuthenticationTypes.Secure);
//Connection test
//After test define the deBase with the parent of user (root container)
object nativeObject = deBase.NativeObject;
deBase = deBase.Parent;
}
catch (Exception ex)
{
//If an error occurred try without Secure Connection
try
{
deBase = new DirectoryEntry(path, username, _passwd);
//Connection test
//After test define the deBase with the parent of user (root container)
object nativeObject = deBase.NativeObject;
deBase = deBase.Parent;
nativeObject = deBase.NativeObject;
}
catch (Exception ex2)
{
//If an error occurred throw the error
throw ex2;
}
}
希望有所帮助。 Helvio Junior www.helviojunior.com.br