C# CreateProcessAsUser以ImpersonalLoggeDonUser和DuplicateHandle all作为用户运行命令的逻辑工作流步骤？

来自

我正在尝试将Kerberos凭据从一个进程复制到另一个进程以调用远程命令。Steve帮了我很大的忙，但我对如何创建一个子进程、使用正确的凭证句柄加载它以及模拟，然后获取同一个子进程以执行实际命令有点困惑，因为对DuplicateHandles的调用要求首先存在子进程

我的问题是，如何让子进程执行我最初打算让它作为CreateProcessAsUser与模拟一起执行的命令

迄今为止的代码：

var CurrentIdentity = ((WindowsIdentity)User.Identity).Token;

IntPtr parentHandle = IntPtr.Zero;

CloneParentProcessToken.QuerySecurityContextToken(ref CurrentIdentity, out parentHandle);
IntPtr parentProcessHandle = Process.GetCurrentProcess().Handle;

currentUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

//Create Child Process as User
IntPtr childProcessHandle = CreateProcessAsUser();

IntPtr lpTargetHandle = IntPtr.Zero;

//Duplicate parent security handle into child
if (CloneParentProcessToken.DuplicateHandle(parentProcessHandle, parentHandle, childProcessHandle, out lpTargetHandle,
    ProcessUtility.TOKEN_IMPERSONATE, true, (uint)0x00000002))
{
    int childHandleProcessID = CloneParentProcessToken.GetProcessId(lpTargetHandle);

    IntPtr newChildProcess = ProcessUtility.OpenProcess(ProcessUtility.ProcessAccessFlags.All, true, childHandleProcessID);
    IntPtr newProcessAccessTokenHandle = IntPtr.Zero;
    if (ProcessUtility.OpenProcessToken(newChildProcess, ProcessUtility.TOKEN_IMPERSONATE, out newProcessAccessTokenHandle))
    {
        //Impersonate the user in the new child process
        if (CloneParentProcessToken.ImpersonateLoggedOnUser(newProcessAccessTokenHandle))
        {
            //newChildProcess is pointer to child process with token and impersonation
            Process child = Process.GetProcessById(childHandleProcessID);

            //Have child process execute???
        }
    }

因为对DuplicateHandles的调用要求子进程存在 首先

您可以将

hTargetProcessHandle

设置为当前进程，将

bInheritHandle

设置为true，以便目标进程创建的新进程可以继承重复的句柄。

---

然后通过IPC将新令牌传递给子进程。

谢谢@Drake Wu-MSFT。您知道如何从WindowsIdentity获取QuerySecurityTokenCkntext所需的phContext吗？