C# 模拟和目录条目
我正在成功模拟用户帐户,但我无法使用模拟帐户绑定到AD并下拉C# 模拟和目录条目,c#,impersonation,directoryentry,C#,Impersonation,Directoryentry,我正在成功模拟用户帐户,但我无法使用模拟帐户绑定到AD并下拉DirectoryEntry 以下代码输出: 在模拟之前,我是:域\用户 模拟后我是:域\管理员 错误:C:\Users\user\ADSI\u模拟\bin\Debug\ADSI\u模拟.exe samaccountname: 我的问题似乎类似于: 我正在获得一个主要代币。我知道我需要使用委派在远程计算机上使用模拟令牌。我确认该帐户没有选中“帐户敏感且无法委派”的标志。我还确认本地组策略和域组策略不会阻止委派: 计算机配置\ Wi
DirectoryEntry
以下代码输出:
- 在模拟之前,我是:域\用户
- 模拟后我是:域\管理员
- 错误:C:\Users\user\ADSI\u模拟\bin\Debug\ADSI\u模拟.exe samaccountname:
using System;
using System.DirectoryServices;
using System.Security;
using System.Security.Principal;
using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles;
using System.Runtime.ConstrainedExecution;
namespace ADSI_Impersonation
{
class Program
{
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
static void Main(string[] args)
{
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_INTERACTIVE = 2;
string userName = "admin@domain.com";
string password = "password";
Console.WriteLine("Before impersonation I am: " + WindowsIdentity.GetCurrent().Name);
SafeTokenHandle safeTokenHandle;
try
{
bool returnValue = LogonUser(userName, null, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeTokenHandle);
if (returnValue)
{
WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle());
WindowsImpersonationContext impersonatedUser = newId.Impersonate();
}
else
{
Console.WriteLine("Unable to create impersonatedUser.");
return;
}
}
catch (Exception e)
{
Console.WriteLine("Authentication error.\r\n" + e.Message);
}
Console.WriteLine("After impersonation I am: " + WindowsIdentity.GetCurrent().Name);
string OU = "LDAP://dc=domain,dc=com";
DirectoryEntry entry = new DirectoryEntry(OU);
entry.AuthenticationType = AuthenticationTypes.Secure;
DirectorySearcher mySearcher = new DirectorySearcher();
mySearcher.SearchRoot = entry;
mySearcher.SearchScope = System.DirectoryServices.SearchScope.Subtree;
mySearcher.PropertiesToLoad.Add("cn");
mySearcher.PropertiesToLoad.Add("samaccountname");
string cn = "fistname mi. lastname";
string samaccountname = "";
try
{
// Create the LDAP query and send the request
mySearcher.Filter = "(cn=" + cn + ")";
SearchResultCollection searchresultcollection = mySearcher.FindAll();
DirectoryEntry ADentry = searchresultcollection[0].GetDirectoryEntry();
Console.WriteLine("samaccountname: " + ADentry.Properties["samaccountname"].Value.ToString());
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.Message);
}
Console.WriteLine("samaccountname: " + samaccountname);
Console.ReadLine();
}
}
public sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid
{
private SafeTokenHandle()
: base(true)
{
}
[DllImport("kernel32.dll")]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
[SuppressUnmanagedCodeSecurity]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CloseHandle(IntPtr handle);
protected override bool ReleaseHandle()
{
return CloseHandle(handle);
}
}
}
许多.NETAPI没有考虑您的手动模拟,例如您注意到的LDAP查询。因此,您需要使用DirectoryEntry的重载构造函数 错误(0x80004005):未指定的错误 我在连接到远程windows时遇到了一些问题,通过了身份验证,出现了错误(0x80004005):未指定的错误。我决定如下:
//Define path
//This path uses the full path of user authentication
String path = string.Format("WinNT://{0}/{1},user", server_address, username);
DirectoryEntry deBase = null;
try
{
//Try to connect with secure connection
deBase = new DirectoryEntry(path, username, _passwd, AuthenticationTypes.Secure);
//Connection test
//After test define the deBase with the parent of user (root container)
object nativeObject = deBase.NativeObject;
deBase = deBase.Parent;
}
catch (Exception ex)
{
//If an error occurred try without Secure Connection
try
{
deBase = new DirectoryEntry(path, username, _passwd);
//Connection test
//After test define the deBase with the parent of user (root container)
object nativeObject = deBase.NativeObject;
deBase = deBase.Parent;
nativeObject = deBase.NativeObject;
}
catch (Exception ex2)
{
//If an error occurred throw the error
throw ex2;
}
}
希望有帮助。
小海尔维奥
www.helviojunior.com.br感谢您确认这是唯一的方法。我想既然我将拥有用户的用户名/密码,那么没有理由不起作用。@Lex Li我问了一个相关的问题,请检查一下: