Good Day,
My web app is set to use Windows Authentication and Impersontation is set to true.
我的Web应用程序设置为使用Windows身份验证,并且Impersontation设置为true。
I wan't to launch a process using the logged-in user account. However, when I tried to launch notepad.exe, it was run as a NETWORK SERVICE.
我不想使用登录的用户帐户启动进程。但是,当我尝试启动notepad.exe时,它作为NETWORK SERVICE运行。
I've tried different impersonation techniques, but none of them worked.
我尝试了不同的模仿技术,但没有一个能够奏效。
Please help.
1 个解决方案
#1
Simple impersonation won't allow you to start a process as another user. You would have to use CreateProcessAsUser from the Windows API together with the appropriate privileges
简单模拟不允许您以其他用户身份启动进程。您必须使用Windows API中的CreateProcessAsUser以及相应的权限
The CreateProcessAsUser function does not need the password of a user. It requires a primary token which can be obtained from the System.Security.Principal.WindowsIdentity object. Your ASP.NET process must have the Act as part of the operating system privilege to get an impersonation-level token.
CreateProcessAsUser函数不需要用户的密码。它需要一个可以从System.Security.Principal.WindowsIdentity对象获取的主令牌。您的ASP.NET进程必须将Act作为操作系统特权的一部分才能获取模拟级别令牌。
How To: Use Impersonation and Delegation in ASP.NET 2.0 has all the details on this topic.
如何:在ASP.NET 2.0中使用模拟和委派具有此主题的所有详细信息。
A related question which also might be relevant is this one: Using Process.Start() to start a process as a different user from within a Windows Service.
一个相关的问题也可能是相关的:使用Process.Start()从Windows服务中作为不同的用户启动进程。
#1
Simple impersonation won't allow you to start a process as another user. You would have to use CreateProcessAsUser from the Windows API together with the appropriate privileges
简单模拟不允许您以其他用户身份启动进程。您必须使用Windows API中的CreateProcessAsUser以及相应的权限
The CreateProcessAsUser function does not need the password of a user. It requires a primary token which can be obtained from the System.Security.Principal.WindowsIdentity object. Your ASP.NET process must have the Act as part of the operating system privilege to get an impersonation-level token.
CreateProcessAsUser函数不需要用户的密码。它需要一个可以从System.Security.Principal.WindowsIdentity对象获取的主令牌。您的ASP.NET进程必须将Act作为操作系统特权的一部分才能获取模拟级别令牌。
How To: Use Impersonation and Delegation in ASP.NET 2.0 has all the details on this topic.
如何:在ASP.NET 2.0中使用模拟和委派具有此主题的所有详细信息。
A related question which also might be relevant is this one: Using Process.Start() to start a process as a different user from within a Windows Service.
一个相关的问题也可能是相关的:使用Process.Start()从Windows服务中作为不同的用户启动进程。