如何使用的LogonUser正确地从工作组客户端模拟域用户 [英] How to use LogonUser properly to impersonate domain user from workgroup client
问题描述
<一个href="http://stackoverflow.com/questions/278132/asp-net-impersonate-against-a-domain-on-vmware">ASP.NET:冒充反对在VMWare
域这个问题是什么,我问,但答案并不提供对_token是如何得出的详细信息。它似乎只能用 WindowsIdentity.GetCurrent()。令牌所以没有模拟发生。
<一个href="http://stackoverflow.com/questions/997001/can-i-impersonate-a-user-on-a-different-active-directory-domain-in-net">Can我冒充一个不同的Active Directory域中的用户在.NET?
这下一个问题有矛盾的答案,所接受的一个轴承评论我开始怀疑,我的问题出在其它地方。没有帮助的。
这下一个问题似乎在暗示这是不可能的,但它有2个域处理,所以我不知道这是否是相关的。
我的真正的问题是:
- 这可能吗?如果是这样,
- 如何?或我上哪儿去了?
我已经试过到目前为止,使用code从<一个href="http://msdn.microsoft.com/en-us/library/chf6fbt4%28v=VS.80%29.aspx">http://msdn.microsoft.com/en-us/library/chf6fbt4%28v=VS.80%29.aspx
布尔的returnValue = LogonUser的(用户,域,密码,
LOGON32_LOGON_NETWORK,LOGON32_PROVIDER_DEFAULT,
裁判tokenHandle);
//这点之后,的returnValue = FALSE
Win32错误是
登录失败:未知的用户名或密码错误
很少帖建议使用 LOGON_TYPE_NEW_CREDENTIALS 而不是 LOGON_TYPE_NETWORK 或 LOGON_TYPE_INTERACTIVE 。我有一个问题,假冒一体机连接到域,一个没有了,这个固定。
在最后code段这个帖子表明,跨林冒充做的工作,但它并没有具体说有关信任任何正在建立。因此,这可能是值得一试:
const int的LOGON_TYPE_NEW_CREDENTIALS = 9;
const int的LOGON32_PROVIDER_WINNT50 = 3;
布尔的returnValue = LogonUser的(用户,域,密码,
LOGON_TYPE_NEW_CREDENTIALS,LOGON32_PROVIDER_WINNT50,
裁判tokenHandle);
MSDN说的 LOGON_TYPE_NEW_CREDENTIALS 仅在使用适用 LOGON32_PROVIDER_WINNT50 。
ASP.NET: Impersonate against a domain on VMWare
This question is what I am asking, but the answer does not provide details on how the _token is derived. It seems to only use WindowsIdentity.GetCurrent().Token so there's no impersonation happening.
Can I impersonate a user on a different Active Directory domain in .NET?
This next question has conflicting answers, with the accepted one bearing a comment "I'm beginning to suspect that my problem lies elsewhere." Not helpful.
LogonUser works only for my domain
This next question seems to imply it is not possible, but it deals with 2 domains so I am not sure if it is relevant.
My real question is:
- Is it possible? And if so,
- How? or Where did I go wrong?
What I have tried so far is, using the code from http://msdn.microsoft.com/en-us/library/chf6fbt4%28v=VS.80%29.aspx
bool returnValue = LogonUser(user, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT,
ref tokenHandle);
// after this point, returnValue = false
The Win32 error is
Logon failure: unknown user name or bad password
Very few posts suggest using LOGON_TYPE_NEW_CREDENTIALS instead of LOGON_TYPE_NETWORK or LOGON_TYPE_INTERACTIVE. I had an impersonation issue with one machine connected to a domain and one not, and this fixed it.
The last code snippet in this post suggests that impersonating across a forest does work, but it doesn't specifically say anything about trust being set up. So this may be worth trying:
const int LOGON_TYPE_NEW_CREDENTIALS = 9;
const int LOGON32_PROVIDER_WINNT50 = 3;
bool returnValue = LogonUser(user, domain, password,
LOGON_TYPE_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50,
ref tokenHandle);
MSDN says that LOGON_TYPE_NEW_CREDENTIALS only works when using LOGON32_PROVIDER_WINNT50.
这篇关于如何使用的LogonUser正确地从工作组客户端模拟域用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
