从C＃的Windows模拟 [英] Windows Impersonation from C#

问题描述

C＃程序作为本地系统运行怎么能冒充暂时另一个用户的登录身份？粗略地说我有一个Windows服务，我想作为本地系统运行，但有时模拟用户XYZ（连接到一个数据库使用Windows集成的安全性时）。

How can a C# program running as LocalSystem impersonate the login identity of another user temporarily? Roughly speaking I have a Windows Service that I'd like to run as LocalSystem but at times impersonate user XYZ (when connecting to a db using windows integrated security).

最重要的是：有没有办法做到这一点不知道其他用户的密码？

Most important of all: Is there a way to do this without knowing the other user's password?

请注意：如果密码是必须有用于存储密码安全地（C＃和/或VBScript）推荐的策略

Note: if a password is mandatory is there a recommended strategy for storing a password securely (c# and/or vbscript).

推荐答案

这是可能的，但它需要你做了很多code的。见<一href=\"http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Token/NtCreateToken.html\"相对=nofollow> NtCreateToken 和的 CreateToken 。你需要SeCreateTokenPrivilege，但因为你在NT AUTHORITY \\ SYSTEM运行将不会是一个问题。然后，您可以使用该令牌创建一个线程里面模仿。

It's possible, although it requires you to do a lot of code. See NtCreateToken and CreateToken. You need SeCreateTokenPrivilege, although that won't be a problem since you're running under NT AUTHORITY\SYSTEM. You can then use the created token to impersonate inside a thread.

这篇关于从C＃的Windows模拟的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！