模拟用户在另一个域,单向信任 [英] Impersonate a user on another domain, one way trust
问题描述
我试图模拟用户在另一站点上查询该域名的目的。请参阅<一href="http://stackoverflow.com/questions/11004574/accessing-user-info-from-a-one-way-trust">Accessing从单向信任了解一些背景用户信息。
I am attempting to impersonate a user on another domain, for the purpose of querying that domain. See Accessing user info from a one way trust for some background.
我的模拟正常工作时,我使用的是本地域用户。当我指定的目标域,这也是在LDAPS端口636,这是行不通的。我的模拟返回null。
My impersonation works correctly when I'm using a local domain user. When I specify the target domain, which is also over LDAPS port 636, it doesn't work. My impersonation returns null.
我的模拟code
public static WindowsImpersonationContext ImpersonateUser(ConnectionCredentials user)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if (RevertToSelf())
{
if (LogonUser(user.UserName, user.Domain, user.Password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return impersonationContext;
}
}
}
}
if (token != IntPtr.Zero)
CloseHandle(token);
if (tokenDuplicate != IntPtr.Zero)
CloseHandle(tokenDuplicate);
return impersonationContext;
}
任何想法? 谢谢你。
Any ideas? Thanks.
推荐答案
我的问题是,我是在发送的用户名作为用户名@域名,并指定域名。在用户名包含域名的事件,LogonUser的域名必须是空
My issue was that I was sending in the user name as username@domain, AND specifying the domain name. In the event the user name contains the domain name, the domain name for LogonUser needs to be null
if (LogonUser(user.UserName, null, user.Password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
谢谢!
这篇关于模拟用户在另一个域,单向信任的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!