1. ホーム
  2. 質問と答え
  3. コア2.0 - Windowsユーザーを偽装する最善の方法は?

コア2.0 - Windowsユーザーを偽装する最善の方法は?

2017-11-02 17 views
1
の.NET Webアプリケーションで

、私はこのクラスを使用して簡単に十分なWindowsユーザーを偽装することができています:コア2.0 - Windowsユーザーを偽装する最善の方法は?

/// <summary> 
/// TOOLS IMPERSONATION 
/// </summary> 
namespace Tools 
{ 
    #region Using directives. 
    // ---------------------------------------------------------------------- 

    using System; 
    using System.Security.Principal; 
    using System.Runtime.InteropServices; 
    using System.ComponentModel; 

    // ---------------------------------------------------------------------- 
    #endregion 

    ///////////////////////////////////////////////////////////////////////// 

    /// <summary> 
    /// Impersonation of a user. Allows to execute code under another 
    /// user context. 
    /// Please note that the account that instantiates the Impersonator class 
    /// needs to have the 'Act as part of operating system' privilege set. 
    /// </summary> 
    /// <remarks> 
    /// This class is based on the information in the Microsoft knowledge base 
    /// article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158 
    /// 
    /// Encapsulate an instance into a using-directive like e.g.: 
    /// 
    ///  ... 
    ///  using (new Impersonator("myUsername", "myDomainname", "myPassword")) 
    ///  { 
    ///   ... 
    ///   [code that executes under the new context] 
    ///   ... 
    ///  } 
    ///  ... 
    /// 
    /// Please contact the author Uwe Keim (mailto:[email protected]) 
    /// for questions regarding this class. 
    /// </remarks> 
    public class Impersonator : 
     IDisposable 
    { 
     #region Public methods. 
     // ------------------------------------------------------------------ 

     /// <summary> 
     /// Constructor. Starts the impersonation with the given credentials. 
     /// Please note that the account that instantiates the Impersonator class 
     /// needs to have the 'Act as part of operating system' privilege set. 
     /// </summary> 
     /// <param name="userName">The name of the user to act as.</param> 
     /// <param name="domainName">The domain name of the user to act as.</param> 
     /// <param name="password">The password of the user to act as.</param> 
     public Impersonator(
      string userName, 
      string domainName, 
      string password) 
     { 
      ImpersonateValidUser(userName, domainName, password); 
     } 

     // ------------------------------------------------------------------ 
     #endregion 

     #region IDisposable member. 
     // ------------------------------------------------------------------ 

     public void Dispose() 
     { 
      UndoImpersonation(); 
     } 

     // ------------------------------------------------------------------ 
     #endregion 

     #region P/Invoke. 
     // ------------------------------------------------------------------ 

     [DllImport("advapi32.dll", SetLastError = true)] 
     private static extern int LogonUser(
      string lpszUserName, 
      string lpszDomain, 
      string lpszPassword, 
      int dwLogonType, 
      int dwLogonProvider, 
      ref IntPtr phToken); 

     [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
     private static extern int DuplicateToken(
      IntPtr hToken, 
      int impersonationLevel, 
      ref IntPtr hNewToken); 

     [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] 
     private static extern bool RevertToSelf(); 

     [DllImport("kernel32.dll", CharSet = CharSet.Auto)] 
     private static extern bool CloseHandle(
      IntPtr handle); 

     private const int LOGON32_LOGON_INTERACTIVE = 2; 
     private const int LOGON32_PROVIDER_DEFAULT = 0; 

     // ------------------------------------------------------------------ 
     #endregion 

     #region Private member. 
     // ------------------------------------------------------------------ 

     /// <summary> 
     /// Does the actual impersonation. 
     /// </summary> 
     /// <param name="userName">The name of the user to act as.</param> 
     /// <param name="domainName">The domain name of the user to act as.</param> 
     /// <param name="password">The password of the user to act as.</param> 
     private void ImpersonateValidUser(
      string userName, 
      string domain, 
      string password) 
     { 
      WindowsIdentity tempWindowsIdentity = null; 
      IntPtr token = IntPtr.Zero; 
      IntPtr tokenDuplicate = IntPtr.Zero; 

      try 
      { 
       if (RevertToSelf()) 
       { 
        if (LogonUser(
         userName, 
         domain, 
         password, 
         LOGON32_LOGON_INTERACTIVE, 
         LOGON32_PROVIDER_DEFAULT, 
         ref token) != 0) 
        { 
         if (DuplicateToken(token, 2, ref tokenDuplicate) != 0) 
         { 
          tempWindowsIdentity = new WindowsIdentity(tokenDuplicate); 
          impersonationContext = tempWindowsIdentity.Impersonate(); 
         } 
         else 
         { 
          throw new Win32Exception(Marshal.GetLastWin32Error()); 
         } 
        } 
        else 
        { 
         throw new Win32Exception(Marshal.GetLastWin32Error()); 
        } 
       } 
       else 
       { 
        throw new Win32Exception(Marshal.GetLastWin32Error()); 
       } 
      } 
      finally 
      { 
       if (token != IntPtr.Zero) 
       { 
        CloseHandle(token); 
       } 
       if (tokenDuplicate != IntPtr.Zero) 
       { 
        CloseHandle(tokenDuplicate); 
       } 
      } 
     } 

     /// <summary> 
     /// Reverts the impersonation. 
     /// </summary> 
     private void UndoImpersonation() 
     { 
      if (impersonationContext != null) 
      { 
       impersonationContext.Undo(); 
      } 
     } 

     private WindowsImpersonationContext impersonationContext = null; 

     // ------------------------------------------------------------------ 
     #endregion 
    } 

    ///////////////////////////////////////////////////////////////////////// 
}

しかし、私は、ASPネットコア2.0でこれを使用することはできません、私はWindowsIdentity does not contain a definition for 'Impersonate'

エラーが出ます誰もがこれを修正する方法を知っている(または簡単に動作する代替を使用する)aspのネットコア2.0のために?

何か助けていただければ幸いです。実用例が見つかり

(ポストは、私が質問を提出することができるように、テキストを追加し、主にコードです/// 。)

出典

2017-11-02 R. StackUser

+0

はこれを見てください。コアは同じ方法でなりすましでは機能しません。 https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?tabs=aspnetcore2x –

答えて

-1 

// The following example demonstrates the use of the WindowsIdentity class to impersonate a user. 
// IMPORTANT NOTE: 
// This sample asks the user to enter a password on the console screen. 
// The password will be visible on the screen, because the console window 
// does not support masked input natively. 


using System; 
using System.Runtime.InteropServices; 
using System.Security; 
using System.Security.Principal; 
using Microsoft.Win32.SafeHandles; 

public class ImpersonationDemo 
{ 
    [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] 
    public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, 
     int dwLogonType, int dwLogonProvider, out SafeAccessTokenHandle phToken); 

    public static void Main() 
    { 
     // Get the user token for the specified user, domain, and password using the 
     // unmanaged LogonUser method. 
     // The local machine name can be used for the domain name to impersonate a user on this machine. 
     Console.Write("Enter the name of the domain on which to log on: "); 
     string domainName = Console.ReadLine(); 

     Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName); 
     string userName = Console.ReadLine(); 

     Console.Write("Enter the password for {0}: ", userName); 

     const int LOGON32_PROVIDER_DEFAULT = 0; 
     //This parameter causes LogonUser to create a primary token. 
     const int LOGON32_LOGON_INTERACTIVE = 2; 

     // Call LogonUser to obtain a handle to an access token. 
     SafeAccessTokenHandle safeAccessTokenHandle; 
     bool returnValue = LogonUser(userName, domainName, Console.ReadLine(), 
      LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, 
      out safeAccessTokenHandle); 

     if (false == returnValue) 
     { 
      int ret = Marshal.GetLastWin32Error(); 
      Console.WriteLine("LogonUser failed with error code : {0}", ret); 
      throw new System.ComponentModel.Win32Exception(ret); 
     } 

     Console.WriteLine("Did LogonUser Succeed? " + (returnValue ? "Yes" : "No")); 
     // Check the identity. 
     Console.WriteLine("Before impersonation: " + WindowsIdentity.GetCurrent().Name); 

     // Note: if you want to run as unimpersonated, pass 
     //  'SafeAccessTokenHandle.InvalidHandle' instead of variable 'safeAccessTokenHandle' 
     WindowsIdentity.RunImpersonated(
      safeAccessTokenHandle, 
      // User action 
      () => 
      { 
       // Check the identity. 
       Console.WriteLine("During impersonation: " + WindowsIdentity.GetCurrent().Name); 
      } 
      ); 

     // Check the identity again. 
     Console.WriteLine("After impersonation: " + WindowsIdentity.GetCurrent().Name); 
    } 
}

https://msdn.microsoft.com/en-us/library/dn906220(v=vs.110).aspx

出典

2017-11-02 21:13:29

関連する問題

 関連する問題