在另一个用户的凭据下启动进程

时间:2011-06-20 15:46:17

标签: c# windows

我想在其他用户名的凭据下启动流程。 这就是我现在所拥有的:

        /// <summary>
        /// Do actions under another username's credentials
        /// </summary>
        /// <param name="username">Username to inpersonate</param>
        /// <param name="domain">Domain/Machine</param>
        /// <param name="password">Password </param>
        public static void Action(string username,string domain, string password )
        {
            try
            {
                if (LogonUser(username, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref hToken))
                {
                    if (DuplicateToken(hToken, 2, ref hTokenDuplicate))
                    {

                        WindowsIdentity windowsIdentity = new WindowsIdentity(hTokenDuplicate);

                        WindowsImpersonationContext impersonationContext = windowsIdentity.Impersonate();

                        // Check the identity but it could do any other action under given username credentials
                      try
                        {
                            ProcessStartInfo info = new ProcessStartInfo("cmd.exe");
                            info.UseShellExecute = false;
                            info.RedirectStandardInput = true;
                            info.RedirectStandardError = true;
                            info.RedirectStandardOutput = true;
                            info.UserName = "dummy"; // see the link mentioned at the top
                            // Define the string value to assign to a new secure string.
                            char[] chars = { 'p', 'a', 's', 's','1','2','3','4','/' };
                            // Instantiate the secure string.
                            SecureString testString = new SecureString();
                            // Assign the character array to the secure string.
                            foreach (char ch in chars)
                                testString.AppendChar(ch);

                            info.Password = testString;

                            Process.Start(info);

                        }
                        catch (Exception ex)
                        {
                            Console.WriteLine("Exception Occurred :{0},{1}",ex.Message, ex.StackTrace.ToString());
                        }

                        // Stop impersonating the user
                        impersonationContext.Undo();
                    }
                }
                // Free the tokens
                if (hToken != IntPtr.Zero) 
                    CloseHandle(hToken);
                if (hTokenDuplicate != IntPtr.Zero)
                    CloseHandle(hTokenDuplicate);

        }catch(Exception ex)
         {
             Console.WriteLine("Exception occurred. " + ex);
          }

它似乎不起作用,我得到“访问被拒绝”。有什么想法怎么做? 如果我们要求提供凭据,我们会获得正确的凭据,因此它应该根据该凭据执行任何程序。即:

               if (DuplicateToken(hToken, 2, ref hTokenDuplicate))
                    {

                        WindowsIdentity windowsIdentity = new WindowsIdentity(hTokenDuplicate);                      
                        WindowsImpersonationContext impersonationContext = windowsIdentity.Impersonate();

                        // Check the identity but it could do any other action under given username credentials
                        Console.WriteLine("After impersonation: {0}", WindowsIdentity.GetCurrent().Name);

                        // Stop impersonating the user
                        impersonationContext.Undo();
                    }

答案是对的,我们得到“假”。

我们可以让它变得更简单:

 public static void Run()
        {
            try
            {
                const string file = "cmd.exe";

                var sspw = new SecureString();

                foreach (var c in "pass1234/")
                    sspw.AppendChar(c);

                var proc = new Process();

                proc.StartInfo.UseShellExecute = false;

                proc.StartInfo.WorkingDirectory = Path.GetDirectoryName(file);

                proc.StartInfo.FileName = Path.GetFileName(file);

                proc.StartInfo.Domain = "WIN08";
                proc.StartInfo.Arguments = "";
                proc.StartInfo.UserName = "dummy";
                proc.StartInfo.Password = sspw;
                proc.StartInfo.LoadUserProfile = false;
                proc.Start();
            }catch(Exception e)
            {
                Console.WriteLine(e);
             }

但是,我仍然有例外......

3 个答案:

答案 0 :(得分:6)

我认为您不需要登录用户并复制句柄。您需要做的就是在ProcessStartInfo对象中设置用户名,域和密码。如果我没记错的话,自.NET 3.0起就可以使用了。

编辑:

另外,有关更多信息,当您向ProcessStartInfo:http://support.microsoft.com/kb/165194提供用户名/域/密码时,会发生这种情况。拒绝访问的原因可能是您无法访问用户的桌面或windowstation。只是调用LoginUser是不够的。

答案 1 :(得分:5)

对某些人来说可能有点奇怪,道歉,我是Linux开发人员...... 测试:

    /// <summary>
    /// Class that deals with another username credentials
    /// </summary>
    class Credentials
    {
        /// <summary>
        /// Constructor of SecureString password, to be used by RunAs
        /// </summary>
        /// <param name="text">Plain password</param>
        /// <returns>SecureString password</returns>
        private static SecureString MakeSecureString(string text)
        {
            SecureString secure = new SecureString();
            foreach (char c in text)
            {
                secure.AppendChar(c);
            }

            return secure;
        }

        /// <summary>
        /// Run an application under another user credentials.
        /// Working directory set to C:\Windows\System32
        /// </summary>
        /// <param name="path">Full path to the executable file</param>
        /// <param name="username">Username of desired credentials</param>
        /// <param name="password">Password of desired credentials</param>
        public static void RunAs(string path, string username, string password)
        {
            try
            {
                ProcessStartInfo myProcess = new ProcessStartInfo(path);
                myProcess.UserName = username;
                myProcess.Password = MakeSecureString(password);
                myProcess.WorkingDirectory = @"C:\Windows\System32";
                myProcess.UseShellExecute = false;
                Process.Start(myProcess);
            }
            catch (Win32Exception w32E)
            {
                // The process didn't start.
                Console.WriteLine(w32E);
            }
        }

    }

答案 2 :(得分:3)

可能是你忘了制作只读安全字符串?我的方法适合我:

Process proc = new Process
        {
            StartInfo =
            {
                CreateNoWindow = true,
                UseShellExecute = false,
                RedirectStandardOutput = true,
                RedirectStandardInput = true,
                FileName = "cmd.exe",
                UserName = "user",
                Domain = "myDomain",
                Password = GetSecureString("Password"),
                Arguments = "/c ipconfig"                   
            }
        };
        proc.Start(); 

GetSecureString()函数:

public static SecureString GetSecureString(string str)
    {
        SecureString secureString = new SecureString();
        foreach (char ch in str)
        {
            secureString.AppendChar(ch);
        }
        secureString.MakeReadOnly();
        return secureString;
    }