ASP.NET中的impersonation

转载

mb5ff40afd04638 2010-02-02 22:52:00

文章标签 ide asp.net 应用程序用户权限 microsoft 文章分类 代码人生

采用问答式, 快餐式获取要点.

如何查看当前线程正在什么用户权限上运行?

====================================

string currentUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

如何在ASP.NET应用程序中, 使用过了IIS验证的用户的权限来执行每一次请求?

====================================

在web.config文件中, 做如下修改:

<identity impersonate="true" />

如何在ASP.NET应用程序中指定一个用户, 然后让所有的请求都按照这个用户的权限来执行?

====================================

在web.config文件中, 做如下修改:

<identity impersonate="true" userName="accountname" password="password" />

如何在代码中进行impersonate?

====================================

System.Security.Principal.WindowsImpersonationContext impersonationContext; impersonationContext =     ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();  //Insert your code that runs under the security context of the authenticating user here.  impersonationContext.Undo();

一个具体的例子, 可以用在aspx中, 当然了用在cs中可以的.

public const int LOGON32_LOGON_INTERACTIVE = 2; public const int LOGON32_PROVIDER_DEFAULT = 0;  WindowsImpersonationContext impersonationContext;  [DllImport("advapi32.dll")] public static extern int LogonUserA(String lpszUserName,     String lpszDomain,     String lpszPassword,     int dwLogonType,     int dwLogonProvider,     ref IntPtr phToken); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern int DuplicateToken(IntPtr hToken,     int impersonationLevel,     ref IntPtr hNewToken);  [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern bool RevertToSelf();  [DllImport("kernel32.dll", CharSet = CharSet.Auto)] public static extern bool CloseHandle(IntPtr handle);  public void Page_Load(Object s, EventArgs e) {     if (impersonateValidUser("username", "domain", "password"))     {         //Insert your code that runs under the security context of a specific user here.         undoImpersonation();     }     else     {         //Your impersonation failed. Therefore, include a fail-safe mechanism here.     } }  private bool impersonateValidUser(String userName, String domain, String password) {     WindowsIdentity tempWindowsIdentity;     IntPtr token = IntPtr.Zero;     IntPtr tokenDuplicate = IntPtr.Zero;      if (RevertToSelf())     {         if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,             LOGON32_PROVIDER_DEFAULT, ref token) != 0)         {             if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)             {                 tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);                 impersonationContext = tempWindowsIdentity.Impersonate();                 if (impersonationContext != null)                 {                     CloseHandle(token);                     CloseHandle(tokenDuplicate);                     return true;                 }             }         }     }     if (token != IntPtr.Zero)         CloseHandle(token);     if (tokenDuplicate != IntPtr.Zero)         CloseHandle(tokenDuplicate);     return false; }  private void undoImpersonation() {     impersonationContext.Undo(); }

本文章为转载内容，我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题，欢迎原作者联系我们进行内容更正或删除文章。