C# 当dns或netbios不可用时,如何通过网络模拟用户的文件副本
可能重复:C# 当dns或netbios不可用时,如何通过网络模拟用户的文件副本,c#,impersonation,C#,Impersonation,可能重复: 我让DomainA上的ComputerA作为userA运行,需要将ip为192.168.10.2的WorkgroupB上的ComputerB复制到只有userB有写访问权的windows共享 没有netbios或dns解析,因此计算机必须被IP引用 我先试了一下 AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal); Windows
我让DomainA上的ComputerA作为userA运行,需要将ip为192.168.10.2的WorkgroupB上的ComputerB复制到只有userB有写访问权的windows共享 没有netbios或dns解析,因此计算机必须被IP引用 我先试了一下
AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
WindowsIdentity UserB = new WindowsIdentity("192.168.10.2\\UserB", "PasswordB"); //Execption
WindowsImpersonationContext contex = UserB.Impersonate()
File.Copy(@"d:\bigfile", @"\\192.168.10.2\bifgile");
contex.Undo();
但是我得到了一个System.Security.SecurityException
“提供的名称不是格式正确的帐户名。”
所以我试过了
AppDomain.CurrentDomain.SetPrincipalPolicy(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);
WindowsIdentity webinfinty = new WindowsIdentity("ComputerB\\UserB", "PasswordB"); //Execption
但我得到了“登录失败:未知用户名或错误密码”错误 于是我试着
IntPtr token;
bool succeded = LogonUser("UserB", "192.168.10.2", "PasswordB", LogonTypes.Network, LogonProviders.Default, out token);
if (!succeded)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
WindowsImpersonationContext contex = WindowsIdentity.Impersonate(token);
(...)
[DllImport("advapi32.dll", SetLastError = true)]
static extern bool LogonUser(
string principal,
string authority,
string password,
LogonTypes logonType,
LogonProviders logonProvider,
out IntPtr token);
但是
LogonUser
返回false,并显示win32错误“登录失败:未知用户名或错误密码”
我知道我的用户名和密码很好,我已经以该用户的身份登录到computerB
我脑子里有什么建议,你试过了吗
user@computer
而不是
computer\user
?我的答案是否适用于您的尝试
(链接答案副本) 把我带到了我需要很快进入的地方 同样的情况 下面是我如何修改代码的:
using System;
using System.Runtime.InteropServices;
/// <summary>
/// Implements P/Invoke Interop calls to the operating system.
/// </summary>
internal static class NativeMethods
{
/// <summary>
/// The type of logon operation to perform.
/// </summary>
internal enum LogonType : int
{
/// <summary>
/// This logon type is intended for users who will be interactively
/// using the computer, such as a user being logged on by a
/// terminal server, remote shell, or similar process.
/// This logon type has the additional expense of caching logon
/// information for disconnected operations; therefore, it is
/// inappropriate for some client/server applications, such as a
/// mail server.
/// </summary>
Interactive = 2,
/// <summary>
/// This logon type is intended for high performance servers to
/// authenticate plaintext passwords.
/// The LogonUser function does not cache credentials for this
/// logon type.
/// </summary>
Network = 3,
/// <summary>
/// This logon type is intended for batch servers, where processes
/// may be executing on behalf of a user without their direct
/// intervention. This type is also for higher performance servers
/// that process many plaintext authentication attempts at a time,
/// such as mail or Web servers.
/// The LogonUser function does not cache credentials for this
/// logon type.
/// </summary>
Batch = 4,
/// <summary>
/// Indicates a service-type logon. The account provided must have
/// the service privilege enabled.
/// </summary>
Service = 5,
/// <summary>
/// This logon type is for GINA DLLs that log on users who will be
/// interactively using the computer.
/// This logon type can generate a unique audit record that shows
/// when the workstation was unlocked.
/// </summary>
Unlock = 7,
/// <summary>
/// This logon type preserves the name and password in the
/// authentication package, which allows the server to make
/// connections to other network servers while impersonating the
/// client. A server can accept plaintext credentials from a
/// client, call LogonUser, verify that the user can access the
/// system across the network, and still communicate with other
/// servers.
/// NOTE: Windows NT: This value is not supported.
/// </summary>
NetworkCleartext = 8,
/// <summary>
/// This logon type allows the caller to clone its current token
/// and specify new credentials for outbound connections. The new
/// logon session has the same local identifier but uses different
/// credentials for other network connections.
/// NOTE: This logon type is supported only by the
/// LOGON32_PROVIDER_WINNT50 logon provider.
/// NOTE: Windows NT: This value is not supported.
/// </summary>
NewCredentials = 9
}
/// <summary>
/// Specifies the logon provider.
/// </summary>
internal enum LogonProvider : int
{
/// <summary>
/// Use the standard logon provider for the system.
/// The default security provider is negotiate, unless you pass
/// NULL for the domain name and the user name is not in UPN format.
/// In this case, the default provider is NTLM.
/// NOTE: Windows 2000/NT: The default security provider is NTLM.
/// </summary>
Default = 0,
/// <summary>
/// Use this provider if you'll be authenticating against a Windows
/// NT 3.51 domain controller (uses the NT 3.51 logon provider).
/// </summary>
WinNT35 = 1,
/// <summary>
/// Use the NTLM logon provider.
/// </summary>
WinNT40 = 2,
/// <summary>
/// Use the negotiate logon provider.
/// </summary>
WinNT50 = 3
}
/// <summary>
/// The type of logon operation to perform.
/// </summary>
internal enum SecurityImpersonationLevel : int
{
/// <summary>
/// The server process cannot obtain identification information
/// about the client, and it cannot impersonate the client. It is
/// defined with no value given, and thus, by ANSI C rules,
/// defaults to a value of zero.
/// </summary>
Anonymous = 0,
/// <summary>
/// The server process can obtain information about the client,
/// such as security identifiers and privileges, but it cannot
/// impersonate the client. This is useful for servers that export
/// their own objects, for example, database products that export
/// tables and views. Using the retrieved client-security
/// information, the server can make access-validation decisions
/// without being able to use other services that are using the
/// client's security context.
/// </summary>
Identification = 1,
/// <summary>
/// The server process can impersonate the client's security
/// context on its local system. The server cannot impersonate the
/// client on remote systems.
/// </summary>
Impersonation = 2,
/// <summary>
/// The server process can impersonate the client's security
/// context on remote systems.
/// NOTE: Windows NT: This impersonation level is not supported.
/// </summary>
Delegation = 3
}
/// <summary>
/// Logs on the user.
/// </summary>
/// <param name="userName">Name of the user.</param>
/// <param name="domain">The domain.</param>
/// <param name="password">The password.</param>
/// <param name="logonType">Type of the logon.</param>
/// <param name="logonProvider">The logon provider.</param>
/// <param name="token">The token.</param>
/// <returns>True if the function succeeds, false if the function fails.
/// To get extended error information, call GetLastError.</returns>
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
internal static extern bool LogonUser(
string userName,
string domain,
string password,
LogonType logonType,
LogonProvider logonProvider,
out IntPtr token);
/// <summary>
/// Duplicates the token.
/// </summary>
/// <param name="existingTokenHandle">The existing token
/// handle.</param>
/// <param name="securityImpersonationLevel">The security impersonation
/// level.</param>
/// <param name="duplicateTokenHandle">The duplicate token
/// handle.</param>
/// <returns>True if the function succeeds, false if the function fails.
/// To get extended error information, call GetLastError.</returns>
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
internal static extern bool DuplicateToken(
IntPtr existingTokenHandle,
SecurityImpersonationLevel securityImpersonationLevel,
out IntPtr duplicateTokenHandle);
/// <summary>
/// Closes the handle.
/// </summary>
/// <param name="handle">The handle.</param>
/// <returns>True if the function succeeds, false if the function fails.
/// To get extended error information, call GetLastError.</returns>
[DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
internal static extern bool CloseHandle(IntPtr handle);
}
此参数应在以下情况下工作:
if ( LogonUser(userName,
domain,
password,
**LOGON32_LOGON_TYPE,
LOGON32_PROVIDER_DEFAULT,**
ref token ) != 0 )
{
登录失败:未知用户名或错误密码。看来我的第三种方式(与您的方式非常接近)是正确的方式。使用您的代码,效果很好。虽然此链接可以回答问题,但最好在此处包含答案的基本部分,并提供链接以供参考。如果链接页面更改,只有链接的答案可能无效。你是我的英雄!我在这个问题上工作了很长时间,可能有很多不同的方法。没有人与IP合作。伟大的非常感谢。
private const int LOGON32_LOGON_TYPE = 9;
private const int LOGON32_PROVIDER_DEFAULT = 3;
if ( LogonUser(userName,
domain,
password,
**LOGON32_LOGON_TYPE,
LOGON32_PROVIDER_DEFAULT,**
ref token ) != 0 )
{