62,269
社区成员
发帖
与我相关
我的任务
分享To saucer(思归, .NET MVP) :如何在ASP.NET中取到AD用户,急死了
我按照你建议的方法用了伪装,可是却总是伪装不成功,帮忙看看吧,急死了
代码如下:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Security.Principal;
using System.Runtime.InteropServices;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.DirectoryServices;
using EBudgetLib;
namespace EBudgetWeb.UserPower
{
/// <summary>
/// UserAccount 的摘要说明。
/// </summary>
public class UserAccount : System.Web.UI.Page
{
protected System.Web.UI.WebControls.ListBox ListBoxADUser;
protected System.Web.UI.WebControls.LinkButton LinkButtonToRight;
protected System.Web.UI.WebControls.LinkButton LinkButtonToLeft;
protected System.Web.UI.WebControls.ListBox ListBoxSelectUser;
protected System.Web.UI.WebControls.TextBox tbUserName;
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
WindowsImpersonationContext impersonationContext;
[DllImport("advapi32.dll", CharSet=CharSet.Auto)]
public static extern int LogonUser(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet=System.Runtime.InteropServices.CharSet.Auto,
SetLastError=true)]
public extern static int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
private void Page_Load(object sender, System.EventArgs e)
{
if(impersonateValidUser("UserName", "DomainName", "UserPwd"))
{
string[] strDomainUser = EBudgetLib.CGetDomainUser.GetDomainUser();
undoImpersonation();
}
else
{
}
}
private bool impersonateValidUser(String userName, String domain, String password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
return true;
else
return false;
}
else
return false;
}
else
return false;
}
private void undoImpersonation()
{
impersonationContext.Undo();
}
代码如下:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Security.Principal;
using System.Runtime.InteropServices;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.DirectoryServices;
using EBudgetLib;
namespace EBudgetWeb.UserPower
{
/// <summary>
/// UserAccount 的摘要说明。
/// </summary>
public class UserAccount : System.Web.UI.Page
{
protected System.Web.UI.WebControls.ListBox ListBoxADUser;
protected System.Web.UI.WebControls.LinkButton LinkButtonToRight;
protected System.Web.UI.WebControls.LinkButton LinkButtonToLeft;
protected System.Web.UI.WebControls.ListBox ListBoxSelectUser;
protected System.Web.UI.WebControls.TextBox tbUserName;
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
WindowsImpersonationContext impersonationContext;
[DllImport("advapi32.dll", CharSet=CharSet.Auto)]
public static extern int LogonUser(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet=System.Runtime.InteropServices.CharSet.Auto,
SetLastError=true)]
public extern static int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
private void Page_Load(object sender, System.EventArgs e)
{
if(impersonateValidUser("UserName", "DomainName", "UserPwd"))
{
string[] strDomainUser = EBudgetLib.CGetDomainUser.GetDomainUser();
undoImpersonation();
}
else
{
}
}
private bool impersonateValidUser(String userName, String domain, String password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
return true;
else
return false;
}
else
return false;
}
else
return false;
}
private void undoImpersonation()
{
impersonationContext.Undo();
}
...全文
请发表友善的回复…
发表回复
saucer 2003-08-26
- 打赏
- 举报
you didn't see the small print from
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158
"....
NOTE: The identity of the process that impersonates a specific user on a thread must have the "Act as part of the operating system" privilege. By default, the Aspnet_wp.exe process runs under a computer account named ASPNET. However, this account does not have the required privileges to impersonate a specific user. You receive an error message if you try to impersonate a specific user.
To work around this problem, use one of the following methods:
Grant the "Act as part of the operating system" privilege to the ASPNET account.
Change the account that the Aspnet_wp.exe process runs under to the System account in the <processModel> configuration section of the Machine.config file.
..."
see the relevant part in
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158
"....
NOTE: The identity of the process that impersonates a specific user on a thread must have the "Act as part of the operating system" privilege. By default, the Aspnet_wp.exe process runs under a computer account named ASPNET. However, this account does not have the required privileges to impersonate a specific user. You receive an error message if you try to impersonate a specific user.
To work around this problem, use one of the following methods:
Grant the "Act as part of the operating system" privilege to the ASPNET account.
Change the account that the Aspnet_wp.exe process runs under to the System account in the <processModel> configuration section of the Machine.config file.
..."
see the relevant part in
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp
付长松_华为云MVP 2003-08-26
- 打赏
- 举报
Dim objDE As DirectoryServices.DirectoryEntry
Dim strPath As String = "WinNT://kfgs"
' Create a new DirectoryEntry with the given path.
objDE = New DirectoryServices.DirectoryEntry(strPath)
Dim objChildDE As DirectoryServices.DirectoryEntry
For Each objChildDE In objDE.Children
Response.Write(objChildDE.Name + "<BR>")
Next objChildDE
Dim strPath As String = "WinNT://kfgs"
' Create a new DirectoryEntry with the given path.
objDE = New DirectoryServices.DirectoryEntry(strPath)
Dim objChildDE As DirectoryServices.DirectoryEntry
For Each objChildDE In objDE.Children
Response.Write(objChildDE.Name + "<BR>")
Next objChildDE
gweidian 2003-08-25
- 打赏
- 举报
UP
legend-never-die 2003-08-25
- 打赏
- 举报
ding
legend-never-die 2003-08-25
- 打赏
- 举报
To:cyp503(谁怕?一蓑烟雨任平生)
该示例我看过了,与我的代码完全一样
我使用该代码在if(LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
处运行为0,即我扮演用户不能通过,不知为何???
该示例我看过了,与我的代码完全一样
我使用该代码在if(LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
处运行为0,即我扮演用户不能通过,不知为何???
alaisalaix 2003-08-25
- 打赏
- 举报
关注,up
菁菁报表 2003-08-25
- 打赏
- 举报
有一个ad的控件。
cyp503 2003-08-25
- 打赏
- 举报
参考:
http://www.aspcool.com/lanmu/browse1.asp?ID=965&bbsuser=csharp
http://www.aspcool.com/lanmu/browse1.asp?ID=965&bbsuser=csharp
