ASP.NET PowerShell的模拟 [英] ASP.NET PowerShell Impersonation

问题描述

我已经开发了一个ASP.NET MVC Web应用程序来执行PowerShell脚本。

I have developed an ASP.NET MVC Web Application to execute PowerShell scripts.

我现在用的是VS的web服务器，可以执行脚本的罚款。

I am using the VS web server and can execute scripts fine.

然而，一个要求是，用户可以对广告执行脚本来执行的行动，他们自己的用户帐户不允许这样做。

However, a requirement is that users are able to execute scripts against AD to perform actions that their own user accounts are not allowed to do.

所以我使用的模拟之前创建的PowerShell运行空间切换身份：

Therefore I am using impersonation to switch the identity before creating the PowerShell runspace:

            Runspace runspace = RunspaceFactory.CreateRunspace(config);

        var currentuser = WindowsIdentity.GetCurrent().Name;

        if (runspace.RunspaceStateInfo.State == RunspaceState.BeforeOpen) {
            runspace.Open();
        }

我已经使用域管理员帐户进行测试，并呼吁runspace.Open（）时，我得到了以下异常：

I have tested using a domain admin account and I get the following exception when calling runspace.Open():

的安全例外
说明：应用程序试图执行不是由安全策略不允许的操作。要授予此应用程序所需的权限，请与系统管理员联系或更改配置文件中的应用程序的信任级别。
异常详细信息：System.Security.SecurityException：请求的注册表访问不允许的

Web应用程序在完全信任运行，我已经明确地加我使用模拟到本地管理员组机器（即使Domain Admins组已经在那里）的帐户。

The web application is running in full trust and I have explicitly added the account I am using for impersonation to the local administrators group of the machine (even though the domain admins group was already there).

我使用的LogonUser ADVAPI32.DLL调用执行一个类似的方式来模拟这个帖子（<一个href=\"http://blogs.msdn.com/webdav_101/archive/2008/09/25/howto-calling-exchange-powershell-from-an-impersonated-thead.aspx\" rel=\"nofollow\">http://blogs.msdn.com/webdav_101/archive/2008/09/25/howto-calling-exchange-powershell-from-an-impersonated-thead.aspx)

I'm using advapi32.dll LogonUser call to perform the impersonation in a similar way to this post (http://blogs.msdn.com/webdav_101/archive/2008/09/25/howto-calling-exchange-powershell-from-an-impersonated-thead.aspx)

pciated作为任何帮助AP $ P $是目前有点显示塞的。

Any help appreciated as this is a bit of a show stopper at the moment.

谢谢
本

推荐答案

请问这个博客帖子帮助？直接从开发者的PowerShell来。从本质上讲，PowerShell启动一个新的线程来运行的管道，而且由于.NET2.0不允许线程使用模拟从调用线程，它失败。

Does this blog post help? Comes straight from the PowerShell devs. Essentially, PowerShell starts a new thread to run the pipeline, and since .NET2.0 doesn't allow the thread to use the impersonation from the calling thread, it fails.

的http://blogs.msdn.com/powershell/archive/2007/09/10/impersonation-and-hosting-powershell.aspx

这篇关于ASP.NET PowerShell的模拟的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！