I am trying to impersonate a domain user account in a WPF application so the application can write to a folder on the network. The domain user has sufficient rights to write to this location. I'm using some code found on the net to perform the impersonation.
我正在尝试模拟WPF应用程序中的域用户帐户,以便应用程序可以写入网络上的一个文件夹。域用户有足够的权限写入此位置。我正在使用在网络上找到的一些代码来执行模拟。
Basically, it calls the native LogonUser method which returns a security token, then create a new WindowsIdentity passing the token and finally calling the windowsIdentity.Impersonate() method. I get no exceptions executing above logic.
基本上,它调用本地LogonUser方法,该方法返回一个安全令牌,然后创建一个新的通过令牌的WindowsIdentity,最后调用windowsidentity.ate()方法。我没有执行上述逻辑的异常。
Calling WindowsIdentity.GetCurrent() -> returns impersonated identity.
调用WindowsIdentity.GetCurrent() ->返回模拟身份。
Writing to the UNC path -> UnauthorizedAccess exception.
写入UNC路径->未授权访问异常。
So, I inspect the Thread.CurrentPrincipal object before I try to write the file, this has a GenericPrincipal, and not a WindowsPrincipal with the impersonated WindowsIdentity.
我检查线程。在我尝试写这个文件之前,这里有一个GenericPrincipal,而不是一个带有模拟窗口的窗体。
So in the startup of the application I set the AppDomain.CurrentAppDomain.SetPrincipalPolicy to PrincipalPolicy.Impersonate.
在应用程序启动时,我设置了AppDomain.CurrentAppDomain。SetPrincipalPolicy PrincipalPolicy.Impersonate。
I restart my application...
我重启我的申请…
Before my call to impersonate, i can see my own credentials on Thread.CurrentPrincipal, the ones that i'm using to log onto my development machine and which is executing my WPF program.
在我调用模拟之前,我可以在线程上看到自己的凭证。CurrentPrincipal,我用来登录到我的开发机器,它正在执行我的WPF程序。
I again try to run the impersonation logic, again I see the impersonated identity on WindowsIdentity.GetCurrent, all seems fine, no exceptions
我再次尝试运行模拟逻辑,再次在WindowsIdentity上看到模拟的标识。GetCurrent,一切看起来都很好,没有例外
However on Thread.GetCurrentPrincipal I still see my own credentials, and if I look at the AuthenticationType property, there is an UnauthorizedException (which is only visible in the debugger, it is not being thrown in the application !!). I let the code run.
然而在线程。GetCurrentPrincipal我仍然会看到我自己的凭证,如果我查看AuthenticationType属性,会看到一个UnauthorizedException(只有在调试器中才能看到,它没有在应用程序中抛出!!)我让代码运行。
Again, UnauthorizedAccess when trying to write my file on the UNC location.
同样,在尝试在UNC位置上写我的文件时,未授权访问。
Last thing I tried is to create a new WindowsPrincipal with WindowsIdentity.GetCurrent() and I explicitly set it on Thread.Current, but same result.
最后我尝试创建一个带有WindowsIdentity.GetCurrent()的新的WindowsPrincipal,并在线程上显式地设置它。当前,但相同的结果。
UnauthorizedAccess when a write to the UNC location.
当对联合国军司令部所在地进行写操作时,未经授权的访问。
I'm out of ideas :)
我没有主意了。
1 个解决方案
#1
0
Does the machine with network share belong is in the domain? Did you try accessing network share using that domain account? For instance using "Run As...".
具有网络共享的机器属于域吗?您是否尝试使用该域帐户访问网络共享?例如使用“Run As…”。
In LogonUser function try to use LOGON32_LOGON_NETWORK flag, when doing logon. Also to see if impersonation actually took place try to enable auditing of Logon/Logoff events from security policy (info link)
在LogonUser函数中,尝试在登录时使用LOGON32_LOGON_NETWORK标志。还要查看模拟是否实际发生,请尝试从安全策略(info链接)中启用登录/注销事件的审计。
#1
0
Does the machine with network share belong is in the domain? Did you try accessing network share using that domain account? For instance using "Run As...".
具有网络共享的机器属于域吗?您是否尝试使用该域帐户访问网络共享?例如使用“Run As…”。
In LogonUser function try to use LOGON32_LOGON_NETWORK flag, when doing logon. Also to see if impersonation actually took place try to enable auditing of Logon/Logoff events from security policy (info link)
在LogonUser函数中,尝试在登录时使用LOGON32_LOGON_NETWORK标志。还要查看模拟是否实际发生,请尝试从安全策略(info链接)中启用登录/注销事件的审计。