使用SSPLogonUser进行模拟 [英] Impersonate with SSPLogonUser
问题描述
嗨!
我使用C#创建了一个使用模拟的Web服务。
WS在WinXP和Win2003Server上工作正常,但是我有问题
让它在Win2000上运行。
问题是为了在Win2000上使用LogonUser,你必须要有
SE_TCB_NAME特权。
因此我正在使用SSPLogonUser
( http ://support.microsoft.com/default...NoWebContent=1 )
来验证用户身份。
这是有效的。
为了能够模仿,我使用了DuplicateToken API函数。
这个函数将一个标记作为参数,我不知道如何获取
那个令牌。
当使用LogonUser函数时,你得到一个令牌作为回报,所以在WinXP上$>
和Win2003Server问题不会出现。
我在调用SSPLogonUser后尝试使用WindowsIdentity.GetCurrent(),但
it似乎我得到的令牌是错误的。
有没有人知道如何获得这个令牌?
提前致谢!
问候,
Nils Magne Lunde
< blockquote>您应该调用QuerySecurityContextToken从
安全包中获取令牌。
但请注意,此令牌没有网络凭据。
Willy。
" Nils M. Lunde" < NI **** @ nospam.options.no>在消息中写道
news:op ************** @ news.microsoft.com ...
嗨!
我使用C#进行了一次使用模拟的Web服务。
WS在WinXP和Win2003Server上工作正常,但我遇到问题
让它工作Win2000。
问题是,为了在Win2000上使用LogonUser,你必须拥有SE_TCB_NAME特权。
因此我正在使用SSPLogonUser
( http:/ /support.microsoft.com/default....microsoft.com
:80 / support / kb / articles / Q180 / 5 / 48.asp& NoWebContent = 1)进行身份验证用户。
这是有效的。
为了能够模仿,我使用DuplicateToken API函数。
这个函数以令牌作为参数,我不是知道如何获得那个令牌。
使用LogonUser功能时n,你得到一个令牌作为回报,所以在WinXP
和Win2003Server上没有出现问题。
我在调用SSPLogonUser后尝试使用WindowsIdentity.GetCurrent(),但是
似乎我得到的令牌是错误的。
有没有人知道如何获得这个令牌?
提前致谢!
问候,Nils Magne Lunde
好的,我明白了。
是有一个简单的方法让我获得用作
输入到此函数的安全上下文,或者我是否必须让SSPLogonUser返回此
上下文?
-Nils Magne
周五,2004年1月9日14:11:14 +0100,Willy Denoyette [MVP]
< wi ************* @ pandora.be>写道:
您应该调用QuerySecurityContextToken从
安全包中获取令牌。
请注意,此令牌没有网络凭据。
<威利。
" Nils M. Lunde" < NI **** @ nospam.options.no>在消息中写道
新闻:op ************** @ news.microsoft.com ...嗨!
我使用正在使用模拟的C#创建了一个Web服务。
WS在WinXP和Win2003Server上工作正常,但是我有问题
让它工作Win2000。
问题是,为了在Win2000上使用LogonUser,你必须拥有SE_TCB_NAME特权。
因此我正在使用SSPLogonUser
( http://support.microsoft.com/default....microsoft.com
:80 / support / kb / articles / Q180 / 5 / 48.asp& NoWebContent = 1)来验证用户。
这是有效的。
为了能够模仿,我使用DuplicateToken API函数。
这个函数需要一个令牌作为参数,我不知道如何获得那个tok en。
当使用LogonUser函数时,你得到一个令牌作为回报,所以在WinXP
和Win2003Server上没有出现问题。
我试过了在调用SSPLogonUser之后使用WindowsIdentity.GetCurrent(),
但似乎我得到的令牌是错误的。
有没有人知道如何我可以获得这个令牌吗?
提前致谢!
Nils Magne Lunde
-
使用M2,Opera的革命性电子邮件客户端: http://www.opera.com/m2/
调用QuerySecurityContextToken时,你必须通过
服务器上下文句柄(& asServer.hctxt)的地址,您可以在从SSPLogonUser返回
之前进行此调用,并返回通过调用
QuerySecurityContextToken,或者你可以补充另一个函数,
获取上下文句柄并返回令牌?这取决于你;-)
Willy。
" Nils M. Lunde" < NI **** @ nospam.options.no>在消息中写道
news:op ************** @ news.microsoft.com ...好的,我明白了。
是否有一种简单的方法可以获取用作此函数的输入的安全上下文,或者我是否必须让SSPLogonUser返回此上下文?
< -Nils Magne
周五,2004年1月9日14:11:14 +0100,Willy Denoyette [MVP]
< wi ********** ***@pandora.be>写道:
您应该调用QuerySecurityContextToken从
安全包中获取令牌。
请注意,此令牌没有网络凭据。
<威利。
" Nils M. Lunde" < NI **** @ nospam.options.no>在消息中写道
新闻:op ************** @ news.microsoft.com ...嗨!
我使用正在使用模拟的C#创建了一个Web服务。
WS在WinXP和Win2003Server上工作正常,但是我有问题
让它工作Win2000。
问题是,为了在Win2000上使用LogonUser,你必须拥有SE_TCB_NAME特权。
因此我正在使用SSPLogonUser
( http://support.microsoft.com/default....microsoft.com :80 / support / kb / articles / Q180 / 5 / 48.asp& NoWebContent = 1)来验证用户。
这是有效的。
为了能够模仿,我使用DuplicateToken API函数。
这个函数需要一个令牌作为参数,我不知道如何
获得该令牌。
当使用LogonUser功能时,你得到一个令牌作为回报,所以在WinXP
和Win2003Server上没有出现问题。
我试过用在调用SSPLogonUser之后的WindowsIdentity.GetCurrent(),
但似乎我得到的令牌是错误的。
有没有人知道我是怎么做的可以获得这个令牌吗?
提前致谢!
Nards Magne Lunde
-
使用M2,Opera的革命性电子邮件客户端: http://www.opera.com/m2/
Hi!
I''ve made a Web Service using C# that is using impersonation.
The WS is working fine on WinXP and Win2003Server, but I''m having problem
getting it to work on Win2000.
The problem is that in order to use LogonUser on Win2000, you have to have
the SE_TCB_NAME privilege.
Therefore I''m using the SSPLogonUser
(http://support.microsoft.com/default...NoWebContent=1)
to authenticate the user.
This is working.
To be able to impersonate, I use the DuplicateToken API function.
This function takes a token as parameter, and I don''t know how to obtain
that token.
When using the LogonUser function, you get a token in return, so on WinXP
and Win2003Server the problem doesn''t arise.
I tried using WindowsIdentity.GetCurrent() after calling SSPLogonUser, but
it seems as if the token I''m getting is the wrong one.
Does anyone have an idea on how I can obtain this token?
Thanks in advance!
Regards,
Nils Magne Lunde
You should call QuerySecurityContextToken to obtain a token from the
security package.
Note however that this token has no network credentials.
Willy.
"Nils M. Lunde" <ni****@nospam.options.no> wrote in message
news:op**************@news.microsoft.com...Hi!
I''ve made a Web Service using C# that is using impersonation.
The WS is working fine on WinXP and Win2003Server, but I''m having problem
getting it to work on Win2000.
The problem is that in order to use LogonUser on Win2000, you have to have
the SE_TCB_NAME privilege.
Therefore I''m using the SSPLogonUser
(http://support.microsoft.com/default....microsoft.com
:80/support/kb/articles/Q180/5/48.asp&NoWebContent=1) to authenticate the user.
This is working.
To be able to impersonate, I use the DuplicateToken API function.
This function takes a token as parameter, and I don''t know how to obtain
that token.
When using the LogonUser function, you get a token in return, so on WinXP
and Win2003Server the problem doesn''t arise.
I tried using WindowsIdentity.GetCurrent() after calling SSPLogonUser, but
it seems as if the token I''m getting is the wrong one.
Does anyone have an idea on how I can obtain this token?
Thanks in advance!
Regards,
Nils Magne Lunde
Ok, I see.
Is there an easy way for me to obtain the security context that is used as
input to this function, or do I have to make the SSPLogonUser return this
context?
-Nils Magne
On Fri, 9 Jan 2004 14:11:14 +0100, Willy Denoyette [MVP]
<wi*************@pandora.be> wrote:
You should call QuerySecurityContextToken to obtain a token from the
security package.
Note however that this token has no network credentials.
Willy.
"Nils M. Lunde" <ni****@nospam.options.no> wrote in message
news:op**************@news.microsoft.com...Hi!
I''ve made a Web Service using C# that is using impersonation.
The WS is working fine on WinXP and Win2003Server, but I''m having
problem
getting it to work on Win2000.
The problem is that in order to use LogonUser on Win2000, you have to
have
the SE_TCB_NAME privilege.
Therefore I''m using the SSPLogonUser
(http://support.microsoft.com/default....microsoft.com
:80/support/kb/articles/Q180/5/48.asp&NoWebContent=1)to authenticate the user.
This is working.
To be able to impersonate, I use the DuplicateToken API function.
This function takes a token as parameter, and I don''t know how to obtain
that token.
When using the LogonUser function, you get a token in return, so on
WinXP
and Win2003Server the problem doesn''t arise.
I tried using WindowsIdentity.GetCurrent() after calling SSPLogonUser,
but
it seems as if the token I''m getting is the wrong one.
Does anyone have an idea on how I can obtain this token?
Thanks in advance!
Regards,
Nils Magne Lunde
--
Using M2, Opera''s revolutionary e-mail client: http://www.opera.com/m2/
When calling QuerySecurityContextToken , you have to pass the adress of the
Server context handle (&asServer.hctxt), you could make this call before
returning from SSPLogonUser and return the access token obtained by calling
QuerySecurityContextToken, or you could implement another function that
takes the context handle and returns the token? it''s up to you ;-)
Willy.
"Nils M. Lunde" <ni****@nospam.options.no> wrote in message
news:op**************@news.microsoft.com...Ok, I see.
Is there an easy way for me to obtain the security context that is used as
input to this function, or do I have to make the SSPLogonUser return this
context?
-Nils Magne
On Fri, 9 Jan 2004 14:11:14 +0100, Willy Denoyette [MVP]
<wi*************@pandora.be> wrote:You should call QuerySecurityContextToken to obtain a token from the
security package.
Note however that this token has no network credentials.
Willy.
"Nils M. Lunde" <ni****@nospam.options.no> wrote in message
news:op**************@news.microsoft.com...Hi!
I''ve made a Web Service using C# that is using impersonation.
The WS is working fine on WinXP and Win2003Server, but I''m having
problem
getting it to work on Win2000.
The problem is that in order to use LogonUser on Win2000, you have to
have
the SE_TCB_NAME privilege.
Therefore I''m using the SSPLogonUser
(http://support.microsoft.com/default....microsoft.com :80/support/kb/articles/Q180/5/48.asp&NoWebContent=1)to authenticate the user.
This is working.
To be able to impersonate, I use the DuplicateToken API function.
This function takes a token as parameter, and I don''t know how to obtain that token.
When using the LogonUser function, you get a token in return, so on
WinXP
and Win2003Server the problem doesn''t arise.
I tried using WindowsIdentity.GetCurrent() after calling SSPLogonUser,
but
it seems as if the token I''m getting is the wrong one.
Does anyone have an idea on how I can obtain this token?
Thanks in advance!
Regards,
Nils Magne Lunde
--
Using M2, Opera''s revolutionary e-mail client: http://www.opera.com/m2/
这篇关于使用SSPLogonUser进行模拟的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
