Windows Server 2008 中的模拟

Posted

技术标签:

【中文标题】Windows Server 2008 中的模拟【英文标题】:Impersonation in Windows Server 2008 【发布时间】:2012-11-29 19:54:40 【问题描述】:

我正在尝试模拟特定用户在我们的服务器中执行一些 sql 操作。这不是 ASP.Net 应用程序。我之前使用了提供的代码并且它有效。但是,最近我们已经将我们的环境从 windows server 2000 升级到 windows server 2008 R2。升级后,此代码对我不起作用。我需要一些帮助来理解这个问题并帮助解决它。任何帮助将不胜感激。谢谢。

提供的代码是伪代码,试图写入文件并执行sql操作。

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Runtime.InteropServices;
using System.Text;
using System.IO;
using System.Security.Principal;
using System.Security.Permissions;

[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode = true)]
[assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Name = "FullTrust")]
public class Test

    const int LOGON32_LOGON_INTERACTIVE = 2;
    const int LOGON32_LOGON_NETWORK = 3;
    const int LOGON32_LOGON_BATCH = 4;
    const int LOGON32_LOGON_SERVICE = 5;
    const int LOGON32_LOGON_UNLOCK = 7;
    const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
    const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
    const int LOGON32_PROVIDER_DEFAULT = 0;
    const int SecurityImpersonation = 2;

    [DllImport("advapi32.dll", SetLastError = true)]
    public static extern int LogonUser(
        string lpszUsername,
        string lpszDomain,
        string lpszPassword,
        int dwLogonType,
        int dwLogonProvider,
        out IntPtr phToken
        );

    [DllImport("advapi32.dll", SetLastError = true)]
    public static extern int ImpersonateLoggedOnUser(
        IntPtr hToken
    );

    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
      int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);

    [DllImport("advapi32.dll", SetLastError = true)]
    static extern int RevertToSelf();

    [DllImport("kernel32.dll", SetLastError = true)]
    static extern int CloseHandle(IntPtr hObject);

    public void TestImpersonation()
                
        IntPtr lnToken = new IntPtr(0);
        IntPtr dupeTokenHandle = new IntPtr(0);
        StringBuilder sb = new StringBuilder();

        int TResult = LogonUser("itservices", "DFC", "St4hls345t", LOGON32_LOGON_NETWORK,
                LOGON32_PROVIDER_DEFAULT, out lnToken);
        if (TResult > 0)
        
            bool retVal = DuplicateToken(lnToken, SecurityImpersonation, ref dupeTokenHandle);
            if (false == retVal)
            
                CloseHandle(lnToken);
                Console.WriteLine("Exception thrown in trying to duplicate token.");
                return;
            

            WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
            WindowsImpersonationContext impersonatedUser = newId.Impersonate();

            writeLog(DateTime.Now.ToString(@"MM-dd-yyyy HH:mm:ss") + " - Impersonation Applied" + Environment.NewLine);
            runQuery();
            impersonatedUser.Undo();
            writeLog(DateTime.Now.ToString(@"MM-dd-yyyy HH:mm:ss") + " - Impersonation Reverted" + Environment.NewLine);
            runQuery();
            CloseHandle(lnToken);
        
        else
        
            writeLog(DateTime.Now.ToString(@"MM-dd-yyyy HH:mm:ss") + " - Impersonation not Applied" + Environment.NewLine);
        

        return;
    

    void writeLog(string message)
    
        try
        
            string filePath = @"E:\Impersonate\Testlog.txt";
            File.AppendAllText(filePath, message);
        
        catch
        
            Console.WriteLine();
        
    

    void runQuery()
    
        SQLOperations sqlUtill = new SQLOperations();
        string cmdTxt = "SELECT * FROM [tblChildOrder] where [StahlsWorkOrderID] = 'DREAMFUL0015799'";
        DataTable dt = sqlUtill.executeQuery(cmdTxt);
        if (dt != null)
        
            Console.WriteLine();
        
        else
        
            Console.WriteLine();
        
    

【问题讨论】:

【参考方案1】:

大多数破坏我的代码的升级通常是由升级更改用户权限引起的。仔细检查用户,他们拥有的权限,您应该会发现问题。

【讨论】:

以上是关于Windows Server 2008 中的模拟的主要内容,如果未能解决你的问题,请参考以下文章

基于Windows Server 2008 R2架设站点到站点的×××连接

windows server 2008 R2 安装SQL SERVER 2012

windows server 2008 R2/7 KMS激活

Visual Studio 2012 与 Windows Server 2008 的高级兼容性

Windows Server 2008 多站点部署HTTPS

windows server 2008 r2服务器上怎么搭建ftp连不上