.NET Core
.NET Core也支持用PInvoke来调用操作系统底层的Win32函数
首先要在项目中下载Nuget包:System.Security.Principal.Windows
代码加注释:
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Principal; namespace NetCorePrincipal
{
public class WindowsLogin : IDisposable
{
protected const int LOGON32_PROVIDER_DEFAULT = ;
protected const int LOGON32_LOGON_INTERACTIVE = ; public WindowsIdentity Identity = null;
protected IntPtr m_accessToken; [DllImport("advapi32.dll", SetLastError = true)]
private static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private extern static bool CloseHandle(IntPtr handle); // AccessToken ==> this.Identity.AccessToken
//public Microsoft.Win32.SafeHandles.SafeAccessTokenHandle AT
//{
// get
// {
// var at = new Microsoft.Win32.SafeHandles.SafeAccessTokenHandle(this.m_accessToken);
// return at;
// }
//} public WindowsLogin(string username, string domain, string password)
{
Login(username, domain, password);
} public void Login(string username, string domain, string password)
{
if (this.Identity != null)
{
this.Identity.Dispose();
this.Identity = null;
} try
{
this.m_accessToken = new IntPtr();
Logout(); this.m_accessToken = IntPtr.Zero;
bool logonSuccessfull = LogonUser(
username,
domain,
password,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref this.m_accessToken); if (!logonSuccessfull)
{
int error = Marshal.GetLastWin32Error();
throw new System.ComponentModel.Win32Exception(error);
}
Identity = new WindowsIdentity(this.m_accessToken);
}
catch
{
throw;
} } public void Logout()
{
if (this.m_accessToken != IntPtr.Zero)
CloseHandle(m_accessToken); this.m_accessToken = IntPtr.Zero; if (this.Identity != null)
{
this.Identity.Dispose();
this.Identity = null;
} } // End Sub Logout public void Dispose()
{
Logout();
} // End Sub Dispose } // End Class WindowsLogin class Program
{
static void Main(string[] args)
{
Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}"); using (WindowsLogin wi = new WindowsLogin("uid", "serverdomain", "pwd"))
{
WindowsIdentity.RunImpersonated(wi.Identity.AccessToken, () =>
{
Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}"); //假定要操作的文件路径是10.0.250.11上的d:\txt.txt文件可以这样操作
FileInfo file = new FileInfo(@"\\10.0.250.11\d$\txt.txt");
//想做什么操作就可以做了
});
} Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}"); Console.WriteLine("Press any key to quit...");
Console.ReadKey();
}
}
}
.NET Framework
代码加注释:
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Principal; namespace NetFrameworkPrincipal
{
public class WindowsLogin : IDisposable
{
protected const int LOGON32_PROVIDER_DEFAULT = ;
protected const int LOGON32_LOGON_INTERACTIVE = ; public WindowsIdentity Identity = null;
protected IntPtr m_accessToken; [DllImport("advapi32.dll", SetLastError = true)]
private static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private extern static bool CloseHandle(IntPtr handle); // AccessToken ==> this.Identity.AccessToken
//public Microsoft.Win32.SafeHandles.SafeAccessTokenHandle AT
//{
// get
// {
// var at = new Microsoft.Win32.SafeHandles.SafeAccessTokenHandle(this.m_accessToken);
// return at;
// }
//} public WindowsLogin(string username, string domain, string password)
{
Login(username, domain, password);
} public void Login(string username, string domain, string password)
{
if (this.Identity != null)
{
this.Identity.Dispose();
this.Identity = null;
} try
{
this.m_accessToken = new IntPtr();
Logout(); this.m_accessToken = IntPtr.Zero;
bool logonSuccessfull = LogonUser(
username,
domain,
password,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref this.m_accessToken); if (!logonSuccessfull)
{
int error = Marshal.GetLastWin32Error();
throw new System.ComponentModel.Win32Exception(error);
}
Identity = new WindowsIdentity(this.m_accessToken);
}
catch
{
throw;
} } public void Logout()
{
if (this.m_accessToken != IntPtr.Zero)
CloseHandle(m_accessToken); this.m_accessToken = IntPtr.Zero; if (this.Identity != null)
{
this.Identity.Dispose();
this.Identity = null;
} } // End Sub Logout public void Dispose()
{
Logout();
} // End Sub Dispose } // End Class WindowsLogin class Program
{
static void Main(string[] args)
{
Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}"); using (WindowsLogin wi = new WindowsLogin("uid", "serverdomain", "pwd"))
{
//WindowsIdentity.RunImpersonated(wi.Identity.AccessToken, () =>
//{
// //假定要操作的文件路径是10.0.250.11上的d:\txt.txt文件可以这样操作
// FileInfo file = new FileInfo(@"\\10.0.250.11\d$\txt.txt");
// //想做什么操作就可以做了
//}); using (wi.Identity.Impersonate())
{
Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}"); //假定要操作的文件路径是10.0.250.11上的d:\txt.txt文件可以这样操作
FileInfo file = new FileInfo(@"\\10.0.250.11\d$\txt.txt");
//想做什么操作就可以做了
}
} Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}"); Console.WriteLine("Press any key to quit...");
Console.ReadKey();
}
}
}
模拟域帐户之后,就有了模拟用户的权限,这里千万要注意安全!
模拟的域帐户是和线程绑定的
需要注意的一点是,模拟的域账户是和C#中的线程绑定的。
例如下面.NET Core控制台项目中,我们在Program类的Main方法中,模拟域账户UserB后,再启动一个新的线程去查看当前用户,还是显示的是UserB,代码如下所示:
using System;
using System.Security.Principal;
using System.Threading;
using System.Threading.Tasks; namespace NetCorePrincipal
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}");//输出当前用户为UserA //模拟域帐户UserB
using (WindowsLogin wi = new WindowsLogin("UserB", "Domain", "1qaz!QAZ"))
{
WindowsIdentity.RunImpersonated(wi.Identity.AccessToken, () =>
{
Console.WriteLine("Impersonation started.");
Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}");//输出当前用户为UserB //启动另一个线程查看当前用户
Task.Run(() =>
{
Console.WriteLine($"Current user in another thread is : {WindowsIdentity.GetCurrent().Name}");//输出当前用户为UserB
}).Wait();//等待启动的线程执行完毕 Console.WriteLine("Impersonation finished.");
});
} Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}");//输出当前用户为UserA Console.WriteLine("Press any key to quit...");
Console.ReadKey();
}
}
}
输出结果如下所示:
Current user is : Domain\UserA
Impersonation started.
Current user is : Domain\UserB
Current user in another thread is : Domain\UserB
Impersonation finished.
Current user is : Domain\UserA
Press any key to quit...
但是接下来我们更改Program类的Main方法代码,在模拟域账户UserB前先启动一个新的线程,然后模拟域账户UserB后,在新启动的线程中查看当前用户,会显示当前用户是UserA,代码如下所示:
using System;
using System.Security.Principal;
using System.Threading;
using System.Threading.Tasks; namespace NetCorePrincipal
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}");//输出当前用户为UserA //启动另一个线程查看当前用户
var newTask = Task.Run(() =>
{
Thread.Sleep();
Console.WriteLine($"Current user in another thread is : {WindowsIdentity.GetCurrent().Name}");//输出当前用户为UserA
}); //模拟域帐户UserB
using (WindowsLogin wi = new WindowsLogin("UserB", "Domain", "1qaz!QAZ"))
{
WindowsIdentity.RunImpersonated(wi.Identity.AccessToken, () =>
{
Console.WriteLine("Impersonation started.");
Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}");//输出当前用户为UserB newTask.Wait();//等待启动的线程执行完毕 Console.WriteLine("Impersonation finished.");
});
} Console.WriteLine($"Current user is : {WindowsIdentity.GetCurrent().Name}");//输出当前用户为UserA Console.WriteLine("Press any key to quit...");
Console.ReadKey();
}
}
}
输出结果如下所示:
Current user is : Domain\UserA
Impersonation started.
Current user is : Domain\UserB
Current user in another thread is : Domain\UserA
Impersonation finished.
Current user is : Domain\UserA
Press any key to quit...
由此可见模拟的域帐户实际上是和线程绑定的,新启动的线程会继承启动它的线程的域帐户。
- 如果线程A的当前域帐户是UserA,然后线程A启动了线程B,那么启动的线程B当前域帐户也会是UserA。
- 如果线程A的当前域帐户是UserA,然后线程A使用本文所述方法模拟域帐户UserB,再启动线程B,那么启动的线程B当前域帐户会是UserB。