win2000下模拟用户不成功.该怎么解决
win2000下模拟用户不成功.
在win2000下用logonUserA函数总是返回0,在XP和WIN2003就没问题.据说是需要得到一个SE_TCB_NAME特权,我在组策略中给了这个特权,结果还是一样.不知道怎么回事,有人做过WIN2000下的模拟用户成功过吗,给个意见.
------解决方案--------------------
试一下这个类,以前写的:
using System;
using System.Security.Principal;
using System.Runtime.InteropServices;
//Reference: http://blogcsdn.net/zhzuo
namespace Zhengzuo.Security
{
/// <summary>
/// 身份模拟辅助类
/// </summary>
public class ImpersonationHelper
{
private const int LOGON32_LOGON_INTERACTIVE = 2;
private const int LOGON32_PROVIDER_DEFAULT = 0;
private static WindowsImpersonationContext impersonationContext;
[DllImport( "advapi32.dll ")]
private static extern int LogonUserA(String lpszUserName,String lpszDomain,String lpszPassword,int dwLogonType,int dwLogonProvider,ref IntPtr phToken);
[DllImport( "advapi32.dll ", CharSet = CharSet.Auto, SetLastError = true)]
private static extern int DuplicateToken(IntPtr hToken,int impersonationLevel,ref IntPtr hNewToken);
[DllImport( "advapi32.dll ", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool RevertToSelf();
[DllImport( "kernel32.dll ", CharSet = CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);
/// <summary>
/// 身份模拟
/// </summary>
/// <param name= "userName "> 用户名称 </param>
/// <param name= "domain "> 用户所在域 </param>
/// <param name= "password "> 验证密码 </param>
/// <returns> 返还模拟是否成功 </returns>
public static bool Impersonate(String userName, String domain, String password)
{
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if (RevertToSelf())
{
if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
WindowsIdentity tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if (token != IntPtr.Zero)
CloseHandle(token);
if (tokenDuplicate != IntPtr.Zero)
CloseHandle(tokenDuplicate);
return false;
}
/// <summary>
/// 取消身份模拟
/// </summary>
public static void EndImpersonate()
{
impersonationContext.Undo();
}
}
}
------解决方案--------------------
调用:
using System;
using System.Collections.Generic;
using System.Text;
using Zhengzuo.Security;
namespace Zhengzuo.ImpersonationTest
{
class ClientCaller
{
// /// <summary>
/// 测试方法
/// </summary>
在win2000下用logonUserA函数总是返回0,在XP和WIN2003就没问题.据说是需要得到一个SE_TCB_NAME特权,我在组策略中给了这个特权,结果还是一样.不知道怎么回事,有人做过WIN2000下的模拟用户成功过吗,给个意见.
------解决方案--------------------
试一下这个类,以前写的:
using System;
using System.Security.Principal;
using System.Runtime.InteropServices;
//Reference: http://blogcsdn.net/zhzuo
namespace Zhengzuo.Security
{
/// <summary>
/// 身份模拟辅助类
/// </summary>
public class ImpersonationHelper
{
private const int LOGON32_LOGON_INTERACTIVE = 2;
private const int LOGON32_PROVIDER_DEFAULT = 0;
private static WindowsImpersonationContext impersonationContext;
[DllImport( "advapi32.dll ")]
private static extern int LogonUserA(String lpszUserName,String lpszDomain,String lpszPassword,int dwLogonType,int dwLogonProvider,ref IntPtr phToken);
[DllImport( "advapi32.dll ", CharSet = CharSet.Auto, SetLastError = true)]
private static extern int DuplicateToken(IntPtr hToken,int impersonationLevel,ref IntPtr hNewToken);
[DllImport( "advapi32.dll ", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool RevertToSelf();
[DllImport( "kernel32.dll ", CharSet = CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);
/// <summary>
/// 身份模拟
/// </summary>
/// <param name= "userName "> 用户名称 </param>
/// <param name= "domain "> 用户所在域 </param>
/// <param name= "password "> 验证密码 </param>
/// <returns> 返还模拟是否成功 </returns>
public static bool Impersonate(String userName, String domain, String password)
{
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if (RevertToSelf())
{
if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
WindowsIdentity tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if (token != IntPtr.Zero)
CloseHandle(token);
if (tokenDuplicate != IntPtr.Zero)
CloseHandle(tokenDuplicate);
return false;
}
/// <summary>
/// 取消身份模拟
/// </summary>
public static void EndImpersonate()
{
impersonationContext.Undo();
}
}
}
------解决方案--------------------
调用:
using System;
using System.Collections.Generic;
using System.Text;
using Zhengzuo.Security;
namespace Zhengzuo.ImpersonationTest
{
class ClientCaller
{
// /// <summary>
/// 测试方法
/// </summary>