如何设置ASP.. NET安全模拟

本文关键字：ASP NET 安全模拟设置何设置 | 更新日期: 2023-09-27 18:14:38

我正在浏览

http://www.codeassociate.com/caapi/html/T_CA_Common_Security_Impersonate.htm

我不想硬编码域'用户名和密码。

是否有可能获得当前Windows用户凭据并传递它?

如何设置ASP.. NET安全模拟

假设您在站点上使用Windows集成身份验证，您可以使用User. identity获取用户的凭据。

添加参考:

using System.Security.Principal;

用来模拟网络上的当前用户。

WindowsIdentity wi = (WindowsIdentity)User.Identity;
WindowsImpersonationContext wic = null;
try
{
    wic = wi.Impersonate();
    if (wi.IsAuthenticated)
    {
         //Do stuff here on network as Current User
         // i.e. asyncFileUpload.SaveAs(location);
    }
}
catch(Exception ex)
{
    //Log Error Here
    if (wic != null)
      wic.Undo();
    return;
}
finally
{
     if (wic != null)
         wic.Undo();
}

确保登录用户对他们将要访问的网络资源有权限

不，您无法在客户端检测用户并模拟他们的帐户。

一个可能的解决方案…

我不知道这是否有效，我并不是说这是一个好主意，但是如果您可以提示用户输入凭据，那么您可能可以使用编程模拟。这里有一个你可以使用的类:

/// <summary>
/// Leverages the Windows API (advapi32.dll) to programmatically impersonate a user.
/// </summary>
public class ImpersonationContext : IDisposable
{
    #region constants
    private const int LOGON32_LOGON_INTERACTIVE = 2;
    private const int LOGON32_PROVIDER_DEFAULT = 0;
    #endregion
    #region global variables
    private WindowsImpersonationContext impersonationContext;
    private bool impersonating;
    #endregion
    #region unmanaged code
    [DllImport("advapi32.dll")]
    private static extern int LogonUserA(String lpszUserName, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    private static extern int DuplicateToken(IntPtr hToken, int impersonationLevel, ref IntPtr hNewToken);
    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    private static extern bool RevertToSelf();
    [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
    private static extern bool CloseHandle(IntPtr handle);
    #endregion
    #region constructors
    public ImpersonationContext()
    {
        impersonating = false;
    }
    /// <summary>
    /// Overloaded constructor and begins impersonating.
    /// </summary>
    public ImpersonationContext(string userName, string password, string domain)
    {
        this.BeginImpersonationContext(userName, password, domain);
    }
    #endregion
    #region impersonation methods
    /// <summary>
    /// Begins the impersonation context for the specified user.
    /// </summary>
    /// <remarks>Don't call this method if you used the overloaded constructor.</remarks>
    public void BeginImpersonationContext(string userName, string password, string domain)
    {
        //initialize token and duplicate variables
        IntPtr token = IntPtr.Zero;
        IntPtr tokenDuplicate = IntPtr.Zero;
        if (RevertToSelf())
        {
            if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) != 0)
            {
                if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
                {
                    using (WindowsIdentity tempWindowsIdentity = new WindowsIdentity(tokenDuplicate))
                    {
                        //begin the impersonation context and mark impersonating true
                        impersonationContext = tempWindowsIdentity.Impersonate();
                        impersonating = true;
                    }
                }
            }
        }
        //close the handle to the account token
        if (token != IntPtr.Zero)
            CloseHandle(token);
        //close the handle to the duplicated account token
        if (tokenDuplicate != IntPtr.Zero)
            CloseHandle(tokenDuplicate);
    }
    /// <summary>
    /// Ends the current impersonation context.
    /// </summary>
    public void EndImpersonationContext()
    {
        //if the context exists undo it and dispose of the object
        if (impersonationContext != null)
        {
            //end the impersonation context and dispose of the object
            impersonationContext.Undo();
            impersonationContext.Dispose();
        }
        //mark the impersonation flag false
        impersonating = false;
    }
    #endregion
    #region properties
    /// <summary>
    /// Gets a value indicating whether the impersonation is currently active.
    /// </summary>
    public bool Impersonating
    {
        get
        {
            return impersonating;
        }
    }
    #endregion
    #region IDisposable implementation
    ~ImpersonationContext()
    {
        Dispose(false);
    }
    public void Dispose()
    {
        Dispose(true);               
    }
    protected virtual void Dispose(bool disposing)
    {
        if (disposing)
        {
            if (impersonationContext != null)
            {
                impersonationContext.Undo();
                impersonationContext.Dispose();
            }
        }
    }
    #endregion    
}

下面是你如何实现这个类:

using (ImpersonationContext context = new ImpersonationContext("user", "password", "domain")) 
{ 
    if (context.Impersonating) 
    { 
        //impersonating
    } 
}