Windows Server 2008 中的模拟
Posted
技术标签:
【中文标题】Windows Server 2008 中的模拟【英文标题】:Impersonation in Windows Server 2008 【发布时间】:2012-11-29 19:54:40 【问题描述】:我正在尝试模拟特定用户在我们的服务器中执行一些 sql 操作。这不是 ASP.Net 应用程序。我之前使用了提供的代码并且它有效。但是,最近我们已经将我们的环境从 windows server 2000 升级到 windows server 2008 R2。升级后,此代码对我不起作用。我需要一些帮助来理解这个问题并帮助解决它。任何帮助将不胜感激。谢谢。
提供的代码是伪代码,试图写入文件并执行sql操作。
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Runtime.InteropServices;
using System.Text;
using System.IO;
using System.Security.Principal;
using System.Security.Permissions;
[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode = true)]
[assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Name = "FullTrust")]
public class Test
const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_BATCH = 4;
const int LOGON32_LOGON_SERVICE = 5;
const int LOGON32_LOGON_UNLOCK = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
const int LOGON32_PROVIDER_DEFAULT = 0;
const int SecurityImpersonation = 2;
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int LogonUser(
string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
out IntPtr phToken
);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int ImpersonateLoggedOnUser(
IntPtr hToken
);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
[DllImport("advapi32.dll", SetLastError = true)]
static extern int RevertToSelf();
[DllImport("kernel32.dll", SetLastError = true)]
static extern int CloseHandle(IntPtr hObject);
public void TestImpersonation()
IntPtr lnToken = new IntPtr(0);
IntPtr dupeTokenHandle = new IntPtr(0);
StringBuilder sb = new StringBuilder();
int TResult = LogonUser("itservices", "DFC", "St4hls345t", LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT, out lnToken);
if (TResult > 0)
bool retVal = DuplicateToken(lnToken, SecurityImpersonation, ref dupeTokenHandle);
if (false == retVal)
CloseHandle(lnToken);
Console.WriteLine("Exception thrown in trying to duplicate token.");
return;
WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
WindowsImpersonationContext impersonatedUser = newId.Impersonate();
writeLog(DateTime.Now.ToString(@"MM-dd-yyyy HH:mm:ss") + " - Impersonation Applied" + Environment.NewLine);
runQuery();
impersonatedUser.Undo();
writeLog(DateTime.Now.ToString(@"MM-dd-yyyy HH:mm:ss") + " - Impersonation Reverted" + Environment.NewLine);
runQuery();
CloseHandle(lnToken);
else
writeLog(DateTime.Now.ToString(@"MM-dd-yyyy HH:mm:ss") + " - Impersonation not Applied" + Environment.NewLine);
return;
void writeLog(string message)
try
string filePath = @"E:\Impersonate\Testlog.txt";
File.AppendAllText(filePath, message);
catch
Console.WriteLine();
void runQuery()
SQLOperations sqlUtill = new SQLOperations();
string cmdTxt = "SELECT * FROM [tblChildOrder] where [StahlsWorkOrderID] = 'DREAMFUL0015799'";
DataTable dt = sqlUtill.executeQuery(cmdTxt);
if (dt != null)
Console.WriteLine();
else
Console.WriteLine();
【问题讨论】:
【参考方案1】:大多数破坏我的代码的升级通常是由升级更改用户权限引起的。仔细检查用户,他们拥有的权限,您应该会发现问题。
【讨论】:
以上是关于Windows Server 2008 中的模拟的主要内容,如果未能解决你的问题,请参考以下文章
基于Windows Server 2008 R2架设站点到站点的×××连接
windows server 2008 R2 安装SQL SERVER 2012
windows server 2008 R2/7 KMS激活
Visual Studio 2012 与 Windows Server 2008 的高级兼容性