模拟无法正常工作 [英] Impersonation not working
问题描述
我有一个桌面应用程序,该应用程序使用Win32 TaskScheduler创建计划任务.创建任务的代码称为
当当前登录的用户注销时.该用户在PC上将不是管理员(仅域用户),因此,由于该代码正在用户的配置文件下运行,因此该代码必须具有适当的特权才能创建计划任务(我正在
调用 RegisterTaskDefinition 时访问被拒绝的异常).
我说没问题;我可以通过使用模拟来解决此问题(请参见下面的代码)并模拟该用户.我在名为TaskScheduler的域上创建了一个用户,并使其成为域管理员(该用户有权创建计划任务).
代码是definitley,因为我输入的消息框在模拟后出现,并显示用户名"TaskScheduler". (代码现在认为" TaskScheduler是已登录的用户)
I have a desktop app that uses Win32 TaskScheduler to create scheduled tasks. The code which creates the task is called
when the currently logged in user logs off. This user will not be admin on the PC (only domain user) so seeing as the code is running under the user's profile, the code must have the proper priveleges to create Scheduled Tasks (I was getting
an access denied exception when RegisterTaskDefinition was called).
No problem I said; I can get around this by using Impersonations (see code below) and impersonate this user. I created a user on the domain called TaskScheduler and made it domain admin (this user has rights to create scheduled tasks).
The code is definitley working as the message boxes I have put in that appear after impersonation show the user name "TaskScheduler" (the code now "thinks" TaskScheduler is the logged in user)
从下面的代码中可以看到
As you can see from the code below
1.我使用 LogonUser (以 TaskScheduler user登录) 令牌
1. I use LogonUser (logging on as the TaskScheduler user) to get a token
2.我使用 WindowsIdentity 创建一个新的 WindowsIdentity .我将我创建的令牌传递到该新令牌中 WindowsIdentity.
2. I use WindowsIdentity to create a new WindowsIdentity . I pass the token I have created into that new WindowsIdentity.
3.然后,我使用该 WindowsIdentity 调用CreateProcessAsUser.
3. I then use that WindowsIdentity to call CreateProcessAsUser.
下面的变量 returnValue 为"true";在消息框中,当
LogonUser 已执行,当我调用 CreateProcessAsUser 时,变量 result
也是如此.
The variable returnValue below is "true" in the messagebox when the call to
LogonUser is executed and when I call CreateProcessAsUser the variable result
is true also.
但是即使在模拟情况下,我仍然会收到拒绝访问错误.
有人可以帮忙吗?
However I still get an access denied error even under impersonation.
Can anyone help?
try
{
TaskDefinition tdall = ts.NewTask();
DailyTrigger dtall = new DailyTrigger();
string userName, domainName;
domainName = "domain.com";
userName = "TaskScheduler";
const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_BATCH = 4;
const int LOGON32_LOGON_NETWORK = 3;
IntPtr token = IntPtr.Zero;
bool returnValue = LogonUser(userName, domainName, "password", LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, out token);
WindowsIdentity ID = new WindowsIdentity(token);
MessageBox.Show("returnValue is " + returnValue.ToString());
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
//MessageBox.Show("FAILED");
throw new System.ComponentModel.Win32Exception(ret);
}
else
{
//MessageBox.Show("Did LogonUser Succeed? " + returnValue.ToString());
bool result = false;
//MessageBox.Show("Before impersonation: " + WindowsIdentity.GetCurrent().Name.ToString());
CloseHandle(token);
/*Now impersonate the ID.*/
ID.Impersonate();
SECURITY_ATTRIBUTES procAttrs = new SECURITY_ATTRIBUTES();
SECURITY_ATTRIBUTES threadAttrs = new SECURITY_ATTRIBUTES();
IntPtr pNewEnvironmentBlock = new IntPtr();
STARTUPINFO startupInfo = new STARTUPINFO();
PROCESS_INFORMATION _processInfo = new PROCESS_INFORMATION();
using (ID)
{
// MessageBox.Show(@"C:\Program Files\ApplicationPath\Application.exe");
result = CreateProcessAsUser(token, @"C:\Program Files\ApplicationPath\Application.exe", null,
ref procAttrs, ref threadAttrs, false, 0x00000400,
pNewEnvironmentBlock, null, ref startupInfo, ref _processInfo);
if (!result)
{
Logger.append("Marshal " + Marshal.GetLastWin32Error().ToString(), Logger.ALL);
}
else
{
MessageBox.Show("marshal is " + result.ToString());
}
MessageBox.Show("After impersonation: " + WindowsIdentity.GetCurrent().Name.ToString());
tdall.RegistrationInfo.Description = schtask.ToString() + i.ToString();
// tdall.Principal.LogonType = TaskLogonType.;
tdall.Principal.UserId = WindowsIdentity.GetCurrent().Name;
// Add a trigger that will fire the task at this time every day
dtall = (DailyTrigger)tdall.Triggers.Add(new DailyTrigger { DaysInterval = 1 });
dtall.StartBoundary = schtime;
tdall.Actions.Add(new ExecAction("psshutdown.exe", "-d -accepteula", @"C:\folder\App_Files\"));
i++;
try
{
string taskName = "EWITSchedSleepAll" + schtask.ToString() + i.ToString();
ts.RootFolder.RegisterTaskDefinition(taskName, tdall, TaskCreation.Create, System.Security.Principal.WindowsIdentity.GetCurrent().Name, null, TaskLogonType.InteractiveToken);
}
catch (Exception t)
{
Logger.append("t is " + t.Message + Environment.NewLine + t.StackTrace, Logger.ALL);
MessageBox.Show("t is : " + t.Message.ToString() + t.StackTrace.ToString());
}
}
}
}
catch (Exception j)
{
Logger.append("j is " + j.Message + Environment.NewLine + j.StackTrace, Logger.ALL);
// MessageBox.Show("j is " + j.ToString());
}
推荐答案
膀胱口气好,
欢迎使用MSDN论坛支持.
Welcome to MSDN Forum Support.
我们正在对此问题进行研究.我们可能需要一些时间才能与您联系.
We're doing research on this issue.It might take some time before we get back to you.
真诚的
贾森·王(Jason Wang)
Jason Wang
这篇关于模拟无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
