Олицетворять пользователя в codebehind

Я хотел бы олицетворять конкретного пользователя в коде, чтобы выполнить некоторые манипуляции с файлами на удаленной машине. Проблема, с которой я сталкиваюсь, заключается в том, что я не могу заставить олицетворение работать. Я использую код из найденной здесь статьи Microsoft: Как реализовать олицетворение в ASP. NET

Я хотел бы указать, как/где начать процесс отладки. Вот мои файлы:

Test.aspx:

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Test.aspx.vb" Inherits="TraceFile_Test" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    This is the test page!<br />
    <br />
    Result: <asp:Label ID="lblResult" runat="server"></asp:Label><br />
    <br />
    <asp:Button ID="btnRunTest" Text="Run Test" runat="server" />
    </div>
    </form>
</body>
</html>

Test.aspx.vb:

Imports System.Web
Imports System.Web.Security
Imports System.Security.Principal
Imports System.Runtime.InteropServices

Partial Class TraceFile_Test
    Inherits System.Web.UI.Page


    Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
    Dim LOGON32_PROVIDER_DEFAULT As Integer = 0

    Dim impersonationContext As WindowsImpersonationContext

    Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
                            ByVal lpszDomain As String, _
                            ByVal lpszPassword As String, _
                            ByVal dwLogonType As Integer, _
                            ByVal dwLogonProvider As Integer, _
                            ByRef phToken As IntPtr) As Integer

    Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
                            ByVal ExistingTokenHandle As IntPtr, _
                            ByVal ImpersonationLevel As Integer, _
                            ByRef DuplicateTokenHandle As IntPtr) As Integer

    Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
    Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long


    Public Sub Page_Load(ByVal s As Object, ByVal e As EventArgs)
        lblResult.Text = "Hit button to run test, please."
    End Sub

    Private Function impersonateValidUser(ByVal userName As String, _
    ByVal domain As String, ByVal password As String) As Boolean

        Dim tempWindowsIdentity As WindowsIdentity
        Dim token As IntPtr = IntPtr.Zero
        Dim tokenDuplicate As IntPtr = IntPtr.Zero
        impersonateValidUser = False

        If RevertToSelf() Then
            If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
                If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
                    tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
                    impersonationContext = tempWindowsIdentity.Impersonate()
                    If Not impersonationContext Is Nothing Then
                        impersonateValidUser = True
                    End If
                End If
            End If
        End If
        If Not tokenDuplicate.Equals(IntPtr.Zero) Then
            CloseHandle(tokenDuplicate)
        End If
        If Not token.Equals(IntPtr.Zero) Then
            CloseHandle(token)
        End If
    End Function

    Private Sub undoImpersonation()
        impersonationContext.Undo()
    End Sub


    Protected Sub btnRunTest_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnRunTest.Click
        If impersonateValidUser("myUserName", "myDomain", "myPassword") Then
            'Insert your code that runs under the security context of a specific user here.
            Trace.Write("impersonation successful!")
            lblResult.Text = "success"
            undoImpersonation()
        Else
            'Your impersonation failed. Therefore, include a fail-safe mechanism here.
            Trace.Write("impersonation failed!")
            lblResult.Text = "fail"
        End If
    End Sub
End Class

Я заменил реальные учетные данные myUserName, myDomain и myPassword для сообщения.

Веб-сервер - это сервер под управлением Windows 2008 с IIS 7. Я не являюсь серверным парнем, поэтому я не знаю, где быть процессом устранения неполадок. Является ли проблема с кодом или сервером?

Как всегда, благодарю вас за то, что нашли время, чтобы помочь!

Ответы

Ответ 1

Вот код, который я использую в процессе производства.

Сначала класс, очень похожий на ваш:

Imports System.Security.Principal
Imports System.Security.Permissions
Imports System.Diagnostics
Imports System.Runtime.InteropServices
Imports System.Security

Public Class LogonAPI
    Public Const SECURITY_IMPERSONATION_LEVEL_SecurityAnonymous As Integer = 0
    Public Const SECURITY_IMPERSONATION_LEVEL_SecurityIdentification As Integer = 1
    Public Const SECURITY_IMPERSONATION_LEVEL_SecurityImpersonation As Integer = 2
    Public Const SECURITY_IMPERSONATION_LEVEL_SecurityDelegation As Integer = 3

    Public Const LOGON32_PROVIDER_DEFAULT As Integer = 0
    Public Const LOGON32_PROVIDER_WINNT35 As Integer = 1
    Public Const LOGON32_PROVIDER_WINNT40 As Integer = 2
    Public Const LOGON32_PROVIDER_WINNT50 As Integer = 3

    Public Const LOGON32_LOGON_INTERACTIVE As Integer = 2
    Public Const LOGON32_LOGON_NETWORK As Integer = 3
    Public Const LOGON32_LOGON_BATCH As Integer = 4
    Public Const LOGON32_LOGON_SERVICE As Integer = 5
    Public Const LOGON32_LOGON_UNLOCK As Integer = 7
    Public Const LOGON32_LOGON_NETWORK_CLEARTEXT As Integer = 8
    Public Const LOGON32_LOGON_NEW_CREDENTIALS As Integer = 9

    Public Const ERROR_LOGON_FAILURE As Integer = 1326

    <DllImport("advapi32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
    Public Shared Function LogonUser(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, ByRef phToken As IntPtr) As Boolean
    End Function

    <DllImport("advapi32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
    Public Shared Function RevertToSelf() As Boolean
    End Function

    <DllImport("kernel32.dll", CharSet:=CharSet.Auto)> _
    Public Shared Function CloseHandle(ByVal handle As IntPtr) As Boolean
    End Function

    <DllImport("advapi32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
    Public Shared Function DuplicateToken(ByVal hToken As IntPtr, ByVal impersonationLevel As Integer, ByRef hNewToken As IntPtr) As Integer
    End Function

    Public Shared Function Login(ByVal Username As String, ByVal Domain As String, ByVal Password As String) As WindowsIdentity
        Dim secPerm As New SecurityPermission(SecurityPermissionFlag.UnmanagedCode)
        secPerm.Assert()

        Dim user As WindowsIdentity = Nothing

        Dim refToken As IntPtr = IntPtr.Zero
        Dim loggedIn As Boolean

        loggedIn = LogonAPI.LogonUser(Username, Domain, Password, LogonAPI.LOGON32_LOGON_NETWORK_CLEARTEXT, LogonAPI.LOGON32_PROVIDER_DEFAULT, refToken)

        If loggedIn = True Then
            user = New WindowsIdentity(refToken, "NTLM", WindowsAccountType.Normal, True)
        End If
        CodeAccessPermission.RevertAssert()

        Return user
    End Function
End Class

Я тестирую его, вызывая:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    Dim ident As WindowsIdentity = LogonAPI.Login("user", "Domain", "password")

    Dim imp = ident.Impersonate()

    'impersonation code
    Response.Write("Impersonating")

    imp.Undo()
End Sub