提升进程后，如何获取非提升会话的Windows身份验证ID [英] When a process is elevated how can I get the windows authentication ID of the non elevated session

问题描述

无论我是否被提升，我都需要获取登录到工作站的用户的TokenStatistics类的GetTokenInformation返回的AuthenticationID.

I need to get the AuthenticationID as returned by GetTokenInformation with the TokenStatistics class for the user that logged in on the station whether I'm elevated or not.

Lemme给您更多信息.假设我做过:

Lemme give you some more info. Suppose I do :

var Result = GetTokenInformation(WindowsIdentity.GetCurrent().Token, TOKEN_INFORMATION_CLASS.TokenStatistics, TokenInformation, TokenInfLength, out TokenInfLength);

这将允许我从TokenInformation结构中获取AuthenticationID，而不会出现问题.假设所得的authenticationID为"00000000-00001234"

This will allow me to get the AuthenticationID from the TokenInformation structure without problem. Let's say the resulting authenticationID is "00000000-00001234"

现在，如果我右键单击Visual Studio并单击以管理员身份运行"，再次启动我的代码，结果将是其他内容，例如"00000000-00001289".但我需要"00000000-00001234"

Now if I right click Visual Studio and click "Run as administrator", launch my code a second time, the result will be something else, for example "00000000-00001289". But I need "00000000-00001234"

无论当前进程是否提升，如何获取"00000000-00001234"?

How can I get "00000000-00001234" whether the current process is elevated or not ?

我想这只是找到要提供给GetTokenInformation的正确令牌的问题，但是我在这里绕圈跑...

I suppose it's just a matter of finding the right Token to give to GetTokenInformation, but I'm running in circles here ...

注意:我的代码基于如何获取在C#中登录SID 以实现GetTokenInformation，然后对其进行修改以能够获取TokenStatistics.

Note : I based my code on How to get the logon SID in C# to implement GetTokenInformation and then adapted it to be able to get TokenStatistics.

推荐答案

好的，我终于可以使用它了.这些是步骤(不发布完整的代码，这很长):

OK, I finally got it to work. These are the steps (not posting the full code, it's quite long) :

1. 在win32_process类+托管Process类上使用WMI(ManagementObject)递归创建当前进程的祖先
2. 在我的特定情况下，当我找到"explorer"进程或遇到异常时，我停止了算法，因为很有可能没有提升资源管理器.
3. P/在步骤2返回的ProcessId上从advapi32.dll调用OpenProcessToken函数.这将为您提供一个userToken，该用户令牌可用于构建可在步骤4中使用的新WindowsIdentity.
4. 然后您可以将该WindowsIdentity Token属性提供给GetTokenInformation来获取您的AuthenticationID.

这已经过测试并且可以正常工作.

This is tested and working.

参考:

• GetTokenInformation:如何在C#中获取登录SID (将函数更改为调用TokenStatistics)
• 获取流程的父项: http://bytes. com/topic/c-sharp/answers/255642-enumerataing-processes-c
• 获取进程的WindowsIdentity: http ://dotbay.blogspot.fr/2009/06/finding-owner-of-process-in-c.html

• GetTokenInformation : How to get the logon SID in C# (change the function to call TokenStatistics)
• Get parent of process : http://bytes.com/topic/c-sharp/answers/255642-enumerataing-processes-c
• Get WindowsIdentity of a process : http://dotbay.blogspot.fr/2009/06/finding-owner-of-process-in-c.html

如果您发现此过程有任何问题，请立即发表评论或发表自己的答案！

If you see any problem with this procedure don't hesitate to comment or post your own answer !

注意:如果父进程之一已被杀死，则存在问题:WMI将为您提供不再存在的进程的ID.我正在使用的产品的性质使我不时地重启资源管理器(仅在开发期间)，这就是我看到问题的方式.对我来说这不是真正的问题，但很高兴知道.

Note : there is a problem if one of the parent process has been killed : WMI will give you the id of a process that does not exist anymore. The nature of the product I'm working has me rebooting explorer from time to time (only during dev), this is how I saw the problem. It's not really an issue for me, but good to know.

谢谢

这篇关于提升进程后，如何获取非提升会话的Windows身份验证ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！