ASP.NET:以域用户身份访问网络资源
2020-12-13 01:22
标签:class code ext get int string using System; namespace
AD.Data public static class
FileOS
private static readonly String FileUploadUser =
"User"; public static void
Execute(FileOSExecution fileOSExecution, out Exception Error, params object[]
Data)
} /// ///
///
///
///
///
///
///
///
///
///
///
///
///
///
///
///
///
} ASP.NET:以域用户身份访问网络资源,搜素材,soscw.com ASP.NET:以域用户身份访问网络资源 标签:class code ext get int string 原文地址:http://www.cnblogs.com/sungang3225/p/3704764.html
using System.IO;
using
System.Security.Principal;
using System.ComponentModel;
using
System.Configuration;
using System.Runtime.InteropServices;
{
public delegate void FileOSExecution(params
object[] Data);
{
private static readonly
String FileUploadPassword =
"password";
private static
readonly String FileUploadUserDomain =
"domain";
{
Error =
null;
IntPtr token =
IntPtr.Zero;
IntPtr tokenDuplicate =
IntPtr.Zero;
try
{
if
(!NativeMethods.LogonUser(
FileUploadUser,
FileUploadUserDomain,
FileUploadPassword,
NativeMethods.LogonType.NewCredentials,
NativeMethods.LogonProvider.Default,
out
token))
{
Error = new Win32Exception("User Logon
Error");
return;
}
if
(!NativeMethods.DuplicateToken(
token,
NativeMethods.SecurityImpersonationLevel.Impersonation,
out
tokenDuplicate))
{
Error = new Win32Exception("Duplicate Token
Error");
return;
}
using (WindowsImpersonationContext impersonationContext
=
new
WindowsIdentity(tokenDuplicate).Impersonate())
{
try
{
fileOSExecution(Data);
}
catch (Exception
e)
{
Error =
e;
}
impersonationContext.Undo();
}
}
finally
{
if (tokenDuplicate !=
IntPtr.Zero)
NativeMethods.CloseHandle(tokenDuplicate);
if (token !=
IntPtr.Zero)
NativeMethods.CloseHandle(token);
}
}
///
Implements P/Invoke Interop calls to the operating system.
///
internal static class
NativeMethods
{
///
/// The type of
logon operation to perform.
///
internal enum
LogonType : int
{
///
/// This logon type is intended for users who will be
interactively
/// using the computer, such as a user being logged on by
a
///
terminal server, remote shell, or similar
process.
/// This logon type has the additional expense of caching
logon
///
information for disconnected operations; therefore, it
is
///
inappropriate for some client/server applications, such as
a
/// mail
server.
///
Interactive =
2,
/// This logon type is intended for high performance servers
to
///
authenticate plaintext
passwords.
/// The LogonUser function does not cache credentials for
this
///
logon
type.
///
Network =
3,
/// This logon type is intended for batch servers, where
processes
/// may be executing on behalf of a user without their
direct
///
intervention. This type is also for higher performance
servers
/// that process many plaintext authentication attempts at a
time,
///
such as mail or Web
servers.
/// The LogonUser function does not cache credentials for
this
///
logon
type.
///
Batch =
4,
/// Indicates a service-type logon. The account provided must
have
///
the service privilege
enabled.
///
Service =
5,
/// This logon type is for GINA DLLs that log on users who will
be
///
interactively using the
computer.
/// This logon type can generate a unique audit record that
shows
///
when the workstation was
unlocked.
///
Unlock =
7,
/// This logon type preserves the name and password in
the
///
authentication package, which allows the server to
make
///
connections to other network servers while impersonating
the
///
client. A server can accept plaintext credentials from
a
///
client, call LogonUser, verify that the user can access
the
///
system across the network, and still communicate with
other
///
servers.
/// NOTE: Windows NT: This value is not
supported.
///
NetworkCleartext =
8,
/// This logon type allows the caller to clone its current
token
///
and specify new credentials for outbound connections. The
new
///
logon session has the same local identifier but uses
different
/// credentials for other network
connections.
/// NOTE: This logon type is supported only by
the
///
LOGON32_PROVIDER_WINNT50 logon
provider.
/// NOTE: Windows NT: This value is not
supported.
///
NewCredentials = 9
}
/// Specifies the
logon provider.
///
internal enum
LogonProvider : int
{
///
/// Use the standard logon provider for the
system.
/// The default security provider is negotiate, unless you
pass
///
NULL for the domain name and the user name is not in UPN
format.
/// In this case, the default provider is
NTLM.
///
NOTE: Windows 2000/NT: The default security provider is
NTLM.
///
Default =
0,
/// Use this provider if you‘ll be authenticating against a
Windows
/// NT 3.51 domain controller (uses the NT 3.51 logon
provider).
///
WinNT35 =
1,
/// Use the NTLM logon
provider.
///
WinNT40 =
2,
/// Use the negotiate logon
provider.
///
WinNT50 = 3
}
/// The type of
logon operation to perform.
///
internal enum
SecurityImpersonationLevel : int
{
///
/// The server process cannot obtain identification
information
/// about the client, and it cannot impersonate the client. It
is
///
defined with no value given, and thus, by ANSI C
rules,
///
defaults to a value of
zero.
///
Anonymous =
0,
/// The server process can obtain information about the
client,
/// such as security identifiers and privileges, but it
cannot
///
impersonate the client. This is useful for servers that
export
///
their own objects, for example, database products that
export
///
tables and views. Using the retrieved
client-security
/// information, the server can make access-validation
decisions
/// without being able to use other services that are using
the
///
client‘s security
context.
///
Identification =
1,
/// The server process can impersonate the client‘s
security
/// context on its local system. The server cannot impersonate
the
///
client on remote
systems.
///
Impersonation =
2,
/// The server process can impersonate the client‘s
security
/// context on remote
systems.
/// NOTE: Windows NT: This impersonation level is not
supported.
///
Delegation = 3
}
/// Logs on the
user.
///
/// Name of the
user.
/// The
domain.
///
The
password.
///
Type of the
logon.
/// The logon
provider.
///
The
token.
///
/// To get extended error
information, call
GetLastError.
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError =
true)]
[return:
MarshalAs(UnmanagedType.Bool)]
internal static extern bool
LogonUser(
string
userName,
string
domain,
string
password,
LogonType
logonType,
LogonProvider
logonProvider,
out IntPtr token);
/// Duplicates the
token.
///
/// The existing
token
///
handle.
///
The security
impersonation
///
level.
/// The duplicate
token
///
handle.
///
/// To get extended error
information, call
GetLastError.
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError =
true)]
[return:
MarshalAs(UnmanagedType.Bool)]
internal static extern bool
DuplicateToken(
IntPtr
existingTokenHandle,
SecurityImpersonationLevel
securityImpersonationLevel,
out IntPtr
duplicateTokenHandle);
/// Closes the
handle.
///
/// The
handle.
///
/// To get extended error
information, call
GetLastError.
[DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError =
true)]
[return:
MarshalAs(UnmanagedType.Bool)]
internal static extern bool CloseHandle(IntPtr handle);
}
上一篇:初学HTML一些基本控件语句