CreateProcessAsUser在我的实验中无法正常工作

时间:2008-11-26 19:38:46

标签: createprocessasuser

我正在尝试执行以下操作: 1.我在运行VS.NET 2005的XP SP2机器上以管理员帐户登录 2.此机器还有另一个帐户user1,即访客帐户 3.我正在以管理员身份运行程序,从这个程序我要启动一个将在user1安全上下文下运行的notepad.exe进程 我特别想用CreateProcessasUser来做这件事。

这是代码片段,它将解释我一直在尝试的内容。

const string GRANTED_ALL = "10000000";

const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_BATCH = 4;
const int LOGON32_LOGON_SERVICE = 5;
const int LOGON32_LOGON_UNLOCK = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;

const int LOGON32_PROVIDER_DEFAULT = 0;
static IntPtr hToken = IntPtr.Zero;
static IntPtr hTokenDuplicate = IntPtr.Zero;

static void Main(string[] args)
{
    int last_error = 0;
    if(LogonUser("user1",null,"#welcome123",
        LOGON32_LOGON_INTERACTIVE, 
        LOGON32_PROVIDER_DEFAULT, out hToken))
    {
        last_error = Marshal.GetLastWin32Error();
        PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
        STARTUPINFO si = new STARTUPINFO();
        SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
        last_error = 0;
        last_error = Marshal.GetLastWin32Error();
        if(DuplicateTokenEx(hToken,UInt32.Parse(GRANTED_ALL,System.Globalization.NumberStyles.HexNumber),
            ref sa,SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation,
            TOKEN_TYPE.TokenPrimary,out hTokenDuplicate))
        {
            last_error = 0;
            last_error = Marshal.GetLastWin32Error();

            CreateProcessAsUser(hTokenDuplicate, "d:\\san\\notepad.exe", null,
            ref sa, ref sa, false, 0, IntPtr.Zero, "d:\\san", ref si, out pi);

            last_error = 0;
            last_error = Marshal.GetLastWin32Error();

        }
    }

    last_error = 0;
    last_error = Marshal.GetLastWin32Error();


    if (hToken != IntPtr.Zero) CloseHandle(hToken);
    if (hTokenDuplicate != IntPtr.Zero) CloseHandle(hTokenDuplicate);

}

出于某种原因,这不起作用.. DuplicateTokenEx函数返回错误代码1305,我似乎无法找出原因..

我还使用DuplicateTokenEx而不是DuplicateToken,现在CreateProcessAsUser返回错误代码1308.

有人可以请点亮这个问题..这似乎是一个非常简单的事情,但只是不能正确.. [请注意,我特别想LogonUser然后DuplicateToken然后CreateProcessAsUSer]

1 个答案:

答案 0 :(得分:-2)

请参阅CreateProcessAsUser() windowstations and desktops

但我建议以有管理的方式做到这一点:

...
using System.Diagnostics;
using System.Security;
...
...
string progPath = @"c:\WINNT\notepad.exe";
ProcessStartInfo startInfo = new ProcessStartInfo(progPath);
startInfo.WindowStyle = ProcessWindowStyle.Normal;
startInfo.UseShellExecute = false;
startInfo.UserName = "SomeUser";
SecureString password = new SecureString();

#region setting password
password.AppendChar('p');
password.AppendChar('a');
...
#endregion

startInfo.Password = password;
Process.Start(startInfo);
...
...
相关问题
最新问题