无论是需要模拟级别未提供,或提供的模拟级别无效 [英] Either a required impersonation level was not provided, or the provided impersonation level is invalid
问题描述
我有一个WCF服务,并模拟了一些问题,我这蒸馏水下面的简单方法。 WCF服务目前在自我一个exe主办。是要么所需的模拟级别未提供,或提供的模拟级别无效的异常消息。检查时,抛出的错误,身份ImpersonationLevel设置为代表团,我的客户端上的规定,并通过Kerberos身份验证它。
我有点疑惑,因为它在我看来,ImpersonationLevel和Authenticaiton的要求已得到满足。我的想法是,这个问题很可能与域设置,我已经设置并认为设置正确的事情。所以,我有两个问题:
- 如果操作成功,以下? (或者是有缺陷的?)
- 需要哪些设置要在一个Win2k8域配置,使其工作?我工作了两箱属于同一Win2k8域的成员(它的一个新的领域和漂亮的香草,以测试模拟的意图)。
代码如下:
[OperationBehavior(模拟= ImpersonationOption.Required)]
公共字符串测试()
{
的WindowsIdentity身份= ServiceSecurityContext.Current.WindowsIdentity;使用
(identity.Impersonate())
{
的ProcessStartInfo PI =新的ProcessStartInfo(@C:\temp\test.bat);
pi.UseShellExecute = FALSE;
pi.RedirectStandardOutput = TRUE;
进程p =的Process.Start(PI); //这里异常抛出!
p.WaitForExit();
串O = p.StandardOutput.ReadToEnd();
返回O;
}
}
异常详细信息:
Win32Exception发生:要么所需的模拟级别未提供,或提供的模拟级别在System.Diagnostics.Process.CreatePipeWithSecurityAttributes(SafeFileHandle&安培无效
; hReadPipe,SafeFileHandle&安培; hWritePipe,SECURITY_ATTRIBUTES lpPipeAttributes,n大小的Int32)
在System.Diagnostics.Process.CreatePipe(SafeFileHandle&安培; parentHandle,SafeFileHandle&安培; childHandle,布尔parentInputs)
在System.Diagnostics.Process.StartWithCreateProcess(的ProcessStartInfo StartInfo的)
在System.Diagnostics.Process.Start()
在System.Diagnostics.Process.Start(的ProcessStartInfo的StartInfo)
在MonetEnterprise.Service.SecurityService.Test()
TEST.BAT文件内容
回声%的用户名%
解决方案
据只要你使用.NET Process类是有缺陷的,它总是与父进程的标识开始。根据另外一个身份,它看起来像你必须使用Win32 API的CreateProcessAsUser(我已经没有了还工作)运行它。
我需要运行它升高(即Visual Studio中以管理员身份)。
I'm having some issues with a WCF service and Impersonation, I've distilled this to a simple method below. The WCF service is currently self hosted in an exe. The exception message is "Either a required impersonation level was not provided, or the provided impersonation level is invalid". Checking when the error is thrown, the Identity ImpersonationLevel is set to delegation, as specified on my client and its authenticated through Kerberos.
I'm a bit puzzled, as it seems to me that the requirements of ImpersonationLevel and Authenticaiton have been met. My thinking is that the issue is probably to do with domain settings, which I've set and think are set correctly. So I have two questions:
- Should the operation below succeed? (or is it flawed?)
- What settings needs to be configured on a Win2k8 domain to make it work? I'm working of two boxes that are members of the same Win2k8 domain (its a new domain and pretty vanilla, with the intention of testing Impersonation).
Code as follows:
[OperationBehavior(Impersonation = ImpersonationOption.Required)] public string Test() { WindowsIdentity identity = ServiceSecurityContext.Current.WindowsIdentity; using (identity.Impersonate()) { ProcessStartInfo pi = new ProcessStartInfo(@"c:\temp\test.bat"); pi.UseShellExecute = false; pi.RedirectStandardOutput = true; Process p = Process.Start(pi); // exception thrown here! p.WaitForExit(); string o = p.StandardOutput.ReadToEnd(); return o; } }Exception details:
Win32Exception occurred: Either a required impersonation level was not provided, or the provided impersonation level is invalid at System.Diagnostics.Process.CreatePipeWithSecurityAttributes(SafeFileHandle& hReadPipe, SafeFileHandle& hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, Int32 nSize) at System.Diagnostics.Process.CreatePipe(SafeFileHandle& parentHandle, SafeFileHandle& childHandle, Boolean parentInputs) at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at System.Diagnostics.Process.Start(ProcessStartInfo startInfo) at MonetEnterprise.Service.SecurityService.Test()Test.bat file contents
echo %username%
解决方案
It is flawed as long as you're using the .NET Process class, it will always start with the identity of the parent process. To run it under another identity it looks like you've got to use the win32 api CreateProcessAsUser (which I've not got working yet).
I needed to run it elevated (i.e. Visual Studio as Administrator).
这篇关于无论是需要模拟级别未提供,或提供的模拟级别无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
