使用模拟创建Windows文件夹

Question

我正在尝试使用加密的.config文件提供的受限管理员帐户的凭据创建文件夹 - 现在我的代码在假设用户无权访问这些目录的情况下运行，因此会抛出unauthorizedexception ，当给定访问时，代码否则有效，但我不能这样做，因为它会危及我们的安全性。我知道如何从加密文件中取出我的用户名/密码，我只是不确定我应该用什么库或语法来模仿;这是我的代码：

//set the cursor

string activeDir = "\\\\department\\shares\\users\\";

//create directory with userID as the folder name

string newPath = System.IO.Path.Combine(activeDir + userID);

System.IO.Directory.CreateDirectory(newPath);

所以我需要一种提供凭据的方法，但我不知所措 - 我一直在使用System.DirectoryServices.AccountManagement和pricipalcontext提供用户名/密码来更改活动目录...我做需要使用类似的库来更改文件系统吗？ 任何帮助将不胜感激，谢谢！

Answer 1

我认为您可以临时模拟执行此操作的线程的用户。似乎这只能通过P / Invoke来完成。看看this example。

using (var impersonation = new ImpersonatedUser(decryptedUser, decryptedDomain, decryptedPassword))
{
  Directory.CreateDirectory(newPath);
}

为了完整起见（如果某天链接停止工作），请找到下面的ImpersonatedUser课程（学分为Jon Cole）：

using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Security.Principal;

public class ImpersonatedUser : IDisposable
{
    IntPtr userHandle;

    WindowsImpersonationContext impersonationContext;

    public ImpersonatedUser(string user, string domain, string password)
    {
        userHandle = IntPtr.Zero;

        bool loggedOn = LogonUser(
            user,
            domain,
            password,
            LogonType.Interactive,
            LogonProvider.Default,
            out userHandle); 

        if (!loggedOn)
            throw new Win32Exception(Marshal.GetLastWin32Error());

        // Begin impersonating the user
        impersonationContext = WindowsIdentity.Impersonate(userHandle);
    } 

    public void Dispose()
    {
        if (userHandle != IntPtr.Zero)
        {
            CloseHandle(userHandle);

            userHandle = IntPtr.Zero;

            impersonationContext.Undo();
        }
    } 

    [DllImport("advapi32.dll", SetLastError = true)]
    static extern bool LogonUser(

        string lpszUsername,

        string lpszDomain,

        string lpszPassword,

        LogonType dwLogonType,

        LogonProvider dwLogonProvider,

        out IntPtr phToken

        );

    [DllImport("kernel32.dll", SetLastError = true)]
    static extern bool CloseHandle(IntPtr hHandle);

    enum LogonType : int
    {
        Interactive = 2,
        Network = 3,
        Batch = 4,
        Service = 5,
        NetworkCleartext = 8,
        NewCredentials = 9,
    }

    enum LogonProvider : int
    {
        Default = 0,
    }

}

Answer 2

使用Windows网络（WNet）功能。它们得到Windows 2000及更高版本的支持。包装器：

public class WNet
{
    public static void AddConnection(string resource, string username, string password)
    {
        NETRESOURCE nr = new NETRESOURCE();
        nr.RemoteName = resource;
        uint err = WNetAddConnection2W(ref nr, password, username, 0);
        if (err != 0)
            throw new RemoteDirectoryException(string.Format("WNetAddConnection2 failed with error: #{0}", err));
    }

    private struct NETRESOURCE
    {
        public uint Scope;
        public uint Type;
        public uint DisplayType;
        public uint Usage;
        public string LocalName;
        public string RemoteName;
        public string Comment;
        public string Provider;
    }

    [DllImport("mpr.dll", CharSet = CharSet.Unicode)]
    private extern static uint WNetAddConnection2W(ref NETRESOURCE lpNetResource, string lpPassword, string lpUsername, uint dwFlags);
}

添加与资源的连接并创建目录：

string activeDir = "\\\\department\\shares\\users\\";
string username = "username";
string password = "password";

WNet.AddConnection(activeDir, username, password);

string newPath = System.IO.Path.Combine(activeDir, userID);
System.IO.Directory.CreateDirectory(newPath);