在vb.net中以其他用户身份运行新进程 [英] Run new process as different user in vb.net
问题描述
我目前正在使用本地方法在Vista中以其他用户的身份运行进程,但我无法逃脱那种感觉有些黑和不理想的感觉(除了它会淘汰UAC的事实) ,使我的应用因安全异常而崩溃,并迫使我完全禁用UAC).我的过程由两个项目(因此有两个EXE文件)组成-一个接口"和一个启动存根"-这是过程:
I'm currently using a homegrown method to run a process as a different user in Vista, and I can't escape the feeling that's it hack-ish and less than ideal (in addition to the fact that it craps out UAC, crashing my app with a security exception, and forcing me to disable UAC altogether). My process consists of two projects (so two EXE files) - an "interface" and a "launch stub" - and here's the process:
- 用户具有启动"Interface.exe notepad.exe"的快捷方式
- Interface.exe的格式要求他们想要使用的凭据
- Interace.exe使用ProcessStartInfo作为新用户创建LaunchStub.exe(LS)的实例
- LS使用ProcessStartInfo(将ShellExecute设置为true)启动请求的文件,并且由于该文件已经作为请求的用户运行,因此新进程也是如此.
我需要执行两步操作,原因是我希望用户能够右键单击操作系统具有默认操作(.EXE,.SQL,.MSC等)的任何文件,然后启动它,并且ProcessStartInfo仅支持启用了"UseShellExecute"的功能,但是该开关阻止我使用新的凭据,因此我一次只能做一个.
The reason I have a two-step process is that I want users to be able to right-click on any file the OS has a default action for (.EXE, .SQL, .MSC, etc) and launch it, and ProcessStartInfo only supports that with "UseShellExecute" enabled, but that switch prevents me from using new credentials, so I can only do one at a time.
这会导致一些问题-首先,用户必须已经在计算机上存在,这意味着他们必须先在本地登录.如果该用户没有本地配置文件,则有时会启动请求的应用程序,但我会遇到注册表和配置文件异常,因为该应用程序希望存在尚不存在的内容(例如注册表中的HKCU配置单元,而用户不知道)因为他们从未登录过.)
This causes a few problems - first, the user has to already exist on the computer, meaning they have to have logged in locally before. If there's no local profile for that user, the requested app will sometimes launch, but I get registry and profile exceptions because the application expects things to exist that don't yet (like an HKCU hive in the registry, which the user doesn't have because they've never logged in).
我知道我应该能够向他们所请求的用户提升"我的应用程序的权限,启动我的新流程,然后撤消该提升,但是我找不到适合的代码示例那,我不确定它是否允许以完全不同的用户身份运行.这一切有意义吗?我只是忍不住觉得有一种更好的方法可以做到这一点.
I know I should be able to just "Elevate" the rights of my application to the user they're requesting, launch my new process, and then undo the elevation, but I'm unable to find a good code sample for that, and I'm not sure that it would allow running as a completely different user. Does this all make sense? I just can't help feel like there's a better way to do this.
更新:我刚刚尝试了我在网上找到了一些模拟代码,但无济于事.与ProcessStartInfo结合使用时,即使我已使用提供的凭据激活了模拟功能,它似乎仍会使用当前登录名(而不是我提供的登录名)启动进程.
UPDATE: I just tried some Impersonation code I found online, but to no avail. When used in conjunction with ProcessStartInfo, it still seems to launch processes using my current login, not the one I've provided, even though I've activated impersonation using the provided credentials.
推荐答案
可能是您必须使用Win32 API创建自己的外壳"函数.
Chances are that you have to create your own "shell" function using the Win32 API.
使用CreateProcessWithLogonW API,您可以在不同的凭据下创建新进程,并可以选择加载用户个人资料信息.
Using the CreateProcessWithLogonW API you can create new processes under different credentials and optionally load user profile information.
在下面的代码段中,如果您替换
In the code snippet below if you replace
- 用户名-使用您的用户名
- 域-使用您的域或"vbNullString"
- 密码-使用您的密码
- 参数4-用'LOGON WITH PROFILE'替换0以加载指定的用户配置文件.
请参见
See the documentation for the CreateProcessWithLogonW API for further specifics. Going this route you have full control and full responsibility for launching the application.
同样,这只是一个示例,您可能需要花一点时间才能使它完成您想要的事情.
Again this is just a sample and you may have to play with it a little to get it to do what you want.
Imports System.Runtime.InteropServices
Public Module modShell
<StructLayout(LayoutKind.Sequential)> _
Public Structure STARTUPINFO
Public cb As Integer
Public lpReserved As String
Public lpDesktop As String
Public lpTitle As String
Public dwX As Integer
Public dwY As Integer
Public dwXSize As Integer
Public dwYSize As Integer
Public dwXCountChars As Integer
Public dwYCountChars As Integer
Public dwFillAttribute As Integer
Public dwFlags As Integer
Public wShowWindow As Short
Public cbReserved2 As Short
Public lpReserved2 As Integer
Public hStdInput As Integer
Public hStdOutput As Integer
Public hStdError As Integer
End Structure
<StructLayout(LayoutKind.Sequential)> _
Public Structure PROCESS_INFORMATION
Public hProcess As IntPtr
Public hThread As IntPtr
Public dwProcessId As Integer
Public dwThreadId As Integer
End Structure
Public Declare Unicode Function CreateProcessWithLogonW Lib "Advapi32" (ByVal lpUsername As String, ByVal lpDomain As String, ByVal lpPassword As String, ByVal dwLogonFlags As Int32, ByVal lpApplicationName As String, ByVal lpCommandLine As String, ByVal dwCreationFlags As Int32, ByVal lpEnvironment As IntPtr, ByVal lpCurrentDirectory As String, ByRef si As STARTUPINFO, ByRef pi As PROCESS_INFORMATION) As Integer
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As IntPtr) As Integer
Public Const LOGON_WITH_PROFILE As Int32 = &H1
Public Const NORMAL_PRIORITY_CLASS As Int32 = &H20&
Public Const STARTF_USESHOWWINDOW As Int32 = &H1
Public Const SW_HIDE As Int16 = 0
Public Const SW_SHOW As Int16 = 5
Public Function Shell(ByVal strCmdLine As String, ByVal strCurrentDirectory As String) As Boolean
Dim pi As PROCESS_INFORMATION
Dim si As New STARTUPINFO
si.cb = Marshal.SizeOf(si)
si.dwFlags = STARTF_USESHOWWINDOW
si.wShowWindow = SW_SHOW
Dim result As Integer = CreateProcessWithLogonW("username", "domain", "password", 0, vbNullString, strCmdLine, NORMAL_PRIORITY_CLASS, IntPtr.Zero, strCurrentDirectory, si, pi)
If result <> 0 Then
Call CloseHandle(pi.hThread)
Call CloseHandle(pi.hProcess)
Else
Return False
End If
Return True
End Function
End Module
这篇关于在vb.net中以其他用户身份运行新进程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!