SSPI / LSA认证

时间:2012-03-21 12:11:20

标签: .net sspi lsa

想法是获取公司域凭据,我正在尝试验证使用RAS卡和VPN加入网络的用户。我找到了一个类似的代码,但由于某种原因它只返回本地凭据。但我对用户使用VPN和RAS卡进行连接的公司凭证感兴趣。

您可以提供建议或者您有代码示例吗?

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace LSATest
{
using System;
using System.Text;
using System.Runtime.InteropServices;
using System.Security.Permissions;
using System.Security.Principal;
using System.Diagnostics;

// Forward declarations
using LUID = System.Int64;
using HANDLE = System.IntPtr;
class Tester
{
    public const int TOKEN_QUERY = 0X00000008;

    const int ERROR_NO_MORE_ITEMS = 259;

    enum TOKEN_INFORMATION_CLASS
    {
        TokenUser = 1,
        TokenGroups,
        TokenPrivileges,
        TokenOwner,
        TokenPrimaryGroup,
        TokenDefaultDacl,
        TokenSource,
        TokenType,
        TokenImpersonationLevel,
        TokenStatistics,
        TokenRestrictedSids,
        TokenSessionId
    }

    [StructLayout(LayoutKind.Sequential)]
    struct TOKEN_USER
    {
        public _SID_AND_ATTRIBUTES User;
    }

    [StructLayout(LayoutKind.Sequential)]
    public struct _SID_AND_ATTRIBUTES
    {
        public IntPtr Sid;
        public int Attributes;
    }
    [DllImport("advapi32")]
    static extern bool OpenProcessToken(
    HANDLE ProcessHandle, // handle to process
    int DesiredAccess, // desired access to process
    ref IntPtr TokenHandle // handle to open access token
    );

    [DllImport("kernel32")]
    static extern HANDLE GetCurrentProcess();

    [DllImport("advapi32", CharSet = CharSet.Auto)]
    static extern bool GetTokenInformation(
    HANDLE hToken,
    TOKEN_INFORMATION_CLASS tokenInfoClass,
    IntPtr TokenInformation,
    int tokeInfoLength,
    ref int reqLength);

    [DllImport("kernel32")]
    static extern bool CloseHandle(HANDLE handle);

    [DllImport("advapi32", CharSet = CharSet.Auto)]
    static extern bool LookupAccountSid
    (
    [In, MarshalAs(UnmanagedType.LPTStr)] string lpSystemName, // name of local or remote computer
    IntPtr pSid, // security identifier
    StringBuilder Account, // account name buffer
    ref int cbName, // size of account name buffer
    StringBuilder DomainName, // domain name
    ref int cbDomainName, // size of domain name buffer
    ref int peUse // SID type
        // ref _SID_NAME_USE peUse // SID type
    );

    [DllImport("advapi32", CharSet = CharSet.Auto)]
    static extern bool ConvertSidToStringSid(
    IntPtr pSID,
    [In, Out, MarshalAs(UnmanagedType.LPTStr)] ref string pStringSid);

    public static void Main()
    {
        string processName = Process.GetCurrentProcess().ProcessName;
        Process[] myProcesses = Process.GetProcessesByName(processName);
        if (myProcesses.Length == 0)
            Console.WriteLine("Could not find notepad processes on remote machine");
        foreach (Process myProcess in myProcesses)
        {
            Console.Write("Process Name : " + myProcess.ProcessName + " Process ID : "
            + myProcess.Id + " MachineName : " + myProcess.MachineName + "\n");
            DumpUserInfo(myProcess.Handle);
        }
        Console.ReadKey();
    }

    static void DumpUserInfo(HANDLE pToken)
    {
        int Access = TOKEN_QUERY;
        StringBuilder sb = new StringBuilder();
        sb.AppendFormat("\nToken dump performed on {0}\n\n", DateTime.Now);
        HANDLE procToken = IntPtr.Zero;
        if (OpenProcessToken(pToken, Access, ref procToken))
        {
            sb.Append("Process Token:\n");
            sb.Append(PerformDump(procToken));
            CloseHandle(procToken);
        }
        Console.WriteLine(sb.ToString());
    }
    static StringBuilder PerformDump(HANDLE token)
    {
        StringBuilder sb = new StringBuilder();
        TOKEN_USER tokUser;
        const int bufLength = 256;
        IntPtr tu = Marshal.AllocHGlobal(bufLength);
        int cb = bufLength;
        GetTokenInformation(token, TOKEN_INFORMATION_CLASS.TokenUser, tu, cb, ref cb);
        tokUser = (TOKEN_USER)Marshal.PtrToStructure(tu, typeof(TOKEN_USER));
        sb.Append(DumpAccountSid(tokUser.User.Sid));
        Marshal.FreeHGlobal(tu);
        return sb;
    }

    static string DumpAccountSid(IntPtr SID)
    {
        int cchAccount = 0;
        int cchDomain = 0;
        int snu = 0;
        StringBuilder sb = new StringBuilder();

        // Caller allocated buffer
        StringBuilder Account = null;
        StringBuilder Domain = null;
        bool ret = LookupAccountSid(null, SID, Account, ref cchAccount, Domain, ref cchDomain, ref snu);
        if (ret == true)
            if (Marshal.GetLastWin32Error() == ERROR_NO_MORE_ITEMS)
                return "Error";
        try
        {
            Account = new StringBuilder(cchAccount);
            Domain = new StringBuilder(cchDomain);
            ret = LookupAccountSid(null, SID, Account, ref cchAccount, Domain, ref cchDomain, ref snu);
            if (ret)
            {
                sb.Append(Domain);
                sb.Append(@"\\");
                sb.Append(Account);
            }
            else
                Console.WriteLine("logon account (no name) ");
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
        finally
        {
        }
        string SidString = null;
        ConvertSidToStringSid(SID, ref SidString);
        sb.Append("\nSID: ");
        sb.Append(SidString);
        return sb.ToString();
    }
}
// End of code sample

}

感谢!!!!!

0 个答案:

没有答案