如何在.NET中启用SeCreateGlobalPrivilege而不使用P / Invoke或反射? [英] How to enable the SeCreateGlobalPrivilege in .NET without resorting to P/Invoke or reflection?
问题描述
我net.pipe WCF约束力不工作,当服务器运行不升高。此博客帮我找到了答案 - 的 http://weblogs.thinktecture.com/cweyer/2007/12/dealing-with-os-privilege-issues-in-wcf-named-pipes-scenarios.html
My net.pipe WCF binding does not work when the server runs non elevated. This blog helped me find the answer - http://weblogs.thinktecture.com/cweyer/2007/12/dealing-with-os-privilege-issues-in-wcf-named-pipes-scenarios.html
所以,我加入了SeCreateGlobalPrivilege特权相关的非管理员用户,但现在我必须启用以编程方式在.NET中的特权
So, I added the SeCreateGlobalPrivilege privilege to the relevant non admin user, but now I have to enable the privilege programmatically in .NET
现在,有互联网怎么做,在.NET上的几个例子,但他们基本上是重写普通的C代码,C#与的p / Invoke。
Now, there are several examples on the internet how to do it in .NET, but all of them essentially rewrite plain C code to C# with P/Invoke.
我想知道如何使用专用.NET系统类型,如ObjectSecurity,权限等等,让我的代码没有做任何p / Invoke来做到这一点 - 让系统的代码为我做的。
I wish to know how to do it using the dedicated .NET system types, like ObjectSecurity, Privilege and so on, so that my code does not do any P/Invoke - let the system code do it for me.
这可能吗?
感谢。
EDIT1
是什么让我觉得这有可能吗?好吧,我搜索了使用反射和发现.NET中的AdjustTokenPrivileges P / Inovke API的使用,有ObjectSecurity.Persist方法,最终调用此的P / Invoke。接着,此ObjectSecurity具有一个受保护的构造,这意味着它是可能的非MS代码从它派生和调用此方法
What makes me think it is possible? Well, I searched for the AdjustTokenPrivileges P/Inovke API usage in .NET using Reflector and found, that there is ObjectSecurity.Persist method , which ultimately invokes this P/Invoke. Next, this ObjectSecurity has one protected constructor, meaning it is possible for a non MS code to derive from it and invoke this method.
因此,使用类型 - 似乎是可行的安全.NET代码(即无反射)。
So, it seems feasible using type-safe .NET code (i.e. no reflection).
推荐答案
如果你不希望自己使用的p / Invoke,你仍然可以使用内部的 System.Security.AccessControl.Privilege
类,使用反射机制,是这样的:
If you don't want to use P/Invoke by yourself, you can still use the internal System.Security.AccessControl.Privilege
class, using Reflection mechanisms, like this:
// => privilege = new Privilege("SeCreateGlobalPrivilege");
Type privilegeType = Type.GetType("System.Security.AccessControl.Privilege");
object privilege = Activator.CreateInstance(privilegeType, "SeCreateGlobalPrivilege");
// => privilege.Enable();
privilegeType.GetMethod("Enable").Invoke(privilege, null);
// => privilege.Revert();
privilegeType.GetMethod("Revert").Invoke(privilege, null);
我不知道它是真是再好不过了,因为它或多或少地一劈,不支持等,但确定,很容易让懒惰的家伙: - )
I'm not sure it's really better, because it's more or less a hack, not supported et al., but ok, it's easy for lazy guys :-)
这篇关于如何在.NET中启用SeCreateGlobalPrivilege而不使用P / Invoke或反射?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!