来自 C# 的 Windows 模拟 [英] Windows Impersonation from C#

问题描述

以 LocalSystem 身份运行的 C# 程序如何临时模拟另一个用户的登录身份?粗略地说，我有一个 Windows 服务，我想作为 LocalSystem 运行，但有时会模拟用户 XYZ(使用 Windows 集成安全连接到数据库时).

How can a C# program running as LocalSystem impersonate the login identity of another user temporarily? Roughly speaking I have a Windows Service that I'd like to run as LocalSystem but at times impersonate user XYZ (when connecting to a db using windows integrated security).

最重要的是:有没有办法在不知道其他用户密码的情况下做到这一点?

Most important of all: Is there a way to do this without knowing the other user's password?

注意:如果密码是必需的，是否有安全存储密码的推荐策略(c# 和/或 vbscript).

Note: if a password is mandatory is there a recommended strategy for storing a password securely (c# and/or vbscript).

推荐答案

这是可能的，尽管它需要您编写大量代码.请参阅 NtCreateToken 和 CreateToken.您需要 SeCreateTokenPrivilege，尽管这不会成为问题，因为您在 NT AUTHORITYSYSTEM 下运行.然后，您可以使用创建的令牌在线程内部进行模拟.

It's possible, although it requires you to do a lot of code. See NtCreateToken and CreateToken. You need SeCreateTokenPrivilege, although that won't be a problem since you're running under NT AUTHORITYSYSTEM. You can then use the created token to impersonate inside a thread.

这篇关于来自 C# 的 Windows 模拟的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！