Iis 7 通过登录共享文件夹访问(&A);密码模拟-W2K8 IIS7
希望能在这里得到一些帮助 我使用模拟登录到一个共享文件夹,所有东西都在本地工作(WIN8)。它在Win2K8 IIS7服务器上不起作用 以下代码用于模拟:Iis 7 通过登录共享文件夹访问(&A);密码模拟-W2K8 IIS7,iis-7,directory,windows-server-2008,impersonation,shared,Iis 7,Directory,Windows Server 2008,Impersonation,Shared,希望能在这里得到一些帮助 我使用模拟登录到一个共享文件夹,所有东西都在本地工作(WIN8)。它在Win2K8 IIS7服务器上不起作用 以下代码用于模拟: public sealed class WrappedImpersonation { public enum LogonType : int { Interactive = 2, Network = 3, Batch = 4, Service = 5,
public sealed class WrappedImpersonation
{
public enum LogonType : int
{
Interactive = 2,
Network = 3,
Batch = 4,
Service = 5,
Unlock = 7,
NetworkClearText = 8,
NewCredentials = 9
}
public enum LogonProvider : int
{
Default = 0, // LOGON32_PROVIDER_DEFAULT
WinNT35 = 1,
WinNT40 = 2, // Use the NTLM logon provider.
WinNT50 = 3 // Use the negotiate logon provider.
}
public enum ImpersonationLevel
{
SecurityAnonymous = 0,
SecurityIdentification = 1,
SecurityImpersonation = 2,
SecurityDelegation = 3
}
[DllImport("advapi32.dll", EntryPoint = "LogonUserW", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, LogonType dwLogonType, LogonProvider dwLogonProvider, ref IntPtr phToken);
[DllImport("kernel32.dll")]
public extern static bool CloseHandle(IntPtr handle);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken(IntPtr hToken, int impersonationLevel, ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();
private string _domain, _password, _username;
private IntPtr _token;
private WindowsImpersonationContext _context;
private IntPtr _duplicateToken;
private bool IsInContext
{
get { return _context != null; }
}
public WrappedImpersonation(string domain, string username, string password)
{
_domain = String.IsNullOrEmpty(domain) ? "." : domain;
_username = username;
_password = password;
_token = IntPtr.Zero;
}
// Changes the Windows identity of this thread. Make sure to always call Leave() at the end.
[PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
public void Enter()
{
if (IsInContext)
return;
_token = IntPtr.Zero;
bool logonSuccessfull = LogonUser(_username, _domain, _password, LogonType.NewCredentials, LogonProvider.WinNT50, ref _token);
if (!logonSuccessfull)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
DuplicateToken(_token, (int)ImpersonationLevel.SecurityImpersonation, ref _duplicateToken);
WindowsIdentity identity = new WindowsIdentity(_duplicateToken);
_context = identity.Impersonate();
Debug.WriteLine(WindowsIdentity.GetCurrent().Name);
}
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
public void Leave()
{
if (!IsInContext)
return;
_context.Undo();
if (_token != IntPtr.Zero)
{
CloseHandle(_token);
}
_context = null;
}
用法:
var impersonationContext = new WrappedImpersonation(_url, _login, _password);
impersonationContext.Enter();
List<string> files = Directory.GetFiles(_dataSet.TransferMethod.URL).ToList();
impersonationContext.Leave();
var-impersonationContext=new-WrappedImpersonation(\u-url,\u-login,\u-password);
impersonationContext.Enter();
List files=Directory.GetFiles(_dataSet.TransferMethod.URL).ToList();
impersonationContext.Leave();
服务器设置:
本地安全策略->本地策略->用户权限分配->身份验证后模拟客户端:是否需要在此处添加我的AppPool标识
辅助登录服务已启动
服务器上的错误代码:System.UnauthorizedAccessException:对路径“\MyServer\MySharedFolder”的访问被拒绝
我尝试了WNetAddConnection2方法,但是如果您想在共享之间切换,这些方法是不够的,因为这会在一段时间后阻塞
应用程序:MVC.NET
.NET版本:4.5
是否有人在Win2K8 IIS7机器上使用此功能?使用管理员帐户更改应用程序池标识,使应用程序池具有管理员权限,从而使其正常工作。还有本地系统帐户。我和你有同样的问题,然后我将应用程序池的标识更改为自定义帐户(本地管理帐户),然后它工作得很好。