六月婷婷综合激情-六月婷婷综合-六月婷婷在线观看-六月婷婷在线-亚洲黄色在线网站-亚洲黄色在线观看网站

明輝手游網(wǎng)中心:是一個免費提供流行視頻軟件教程、在線學習分享的學習平臺!

通過ASP.net程序創(chuàng)建域帳戶故障

發(fā)表時間:2024-05-31 來源:明輝站整理相關(guān)軟件相關(guān)文章人氣:

[摘要]我曾經(jīng)成功地使用windows程序成功的創(chuàng)建了一批帶郵箱的域帳戶,但是,當我把這段代碼交給我的一個同事(她負責開發(fā)Web應(yīng)用)遷移到asp.net中后,只能創(chuàng)建域帳戶,不能創(chuàng)建郵箱。為什么呢?我們咨詢了微軟的工程師,他告訴我們,這是由于asp.net的權(quán)限不夠,我們應(yīng)該在asp.net模擬用戶,這...

我曾經(jīng)成功地使用windows程序成功的創(chuàng)建了一批帶郵箱的域帳戶,但是,當我把這段代碼交給我的一個同事(她負責開發(fā)Web應(yīng)用)遷移到asp.net中后,只能創(chuàng)建域帳戶,不能創(chuàng)建郵箱。為什么呢?

我們咨詢了微軟的工程師,他告訴我們,這是由于asp.net的權(quán)限不夠,我們應(yīng)該在asp.net模擬用戶,這樣就可以成功創(chuàng)建。

我將微軟的相關(guān)文章摘錄下來:

 

模擬 IIS 驗證的帳戶或用戶

若要在收到 ASP.NET 應(yīng)用程序中每個頁的每個請求時模擬 Microsoft Internet 信息服務(wù) (IIS) 身份驗證用戶,必須在此應(yīng)用程序的 Web.config 文件中包含 <identity> 標記,并將 impersonate 屬性設(shè)置為 true。例如:

<identity impersonate="true" />


為 ASP.NET 應(yīng)用程序的所有請求模擬特定用戶

若要為 ASP.NET 應(yīng)用程序的所有頁面上的所有請求模擬特定用戶,可以在該應(yīng)用程序的 Web.config 文件的 <identity> 標記中指定 userName 和 password 屬性。例如:

<identity impersonate="true" userName="accountname" password="password" />


注意:在線程上模擬特定用戶的進程的標識必須具有“作為操作系統(tǒng)的一部分”權(quán)限。默認情況下,Aspnet_wp.exe 進程在名為 ASPNET 的計算機帳戶下運行。不過,此帳戶沒有模擬特定用戶所需的權(quán)限。如果您嘗試模擬特定用戶,則會出現(xiàn)一條錯誤信息。

要解決此問題,請使用下列方法之一:

為 ASPNET 帳戶(權(quán)限最低的帳戶)授予“作為操作系統(tǒng)的一部分”權(quán)限。

注意:雖然此方法可以解決問題,但 Microsoft 不建議使用此方法。

在 Machine.config 文件的 <processModel> 配置部分中,將運行 Aspnet_wp.exe 進程所使用的帳戶更改為 System 帳戶。

在代碼中模擬身份驗證用戶

若要僅在運行代碼特定部分時模擬身份驗證用戶 (User.Identity),您可以使用以下代碼。此方法要求身份驗證用戶標識的類型為 WindowsIdentity。

Visual Basic .NET

Dim impersonationContext As System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(User.Identity, System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()
'Insert your code that runs under the security context of the authenticating user here.
impersonationContext.Undo()


Visual C# .NET

System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
//Insert your code that runs under the security context of the authenticating user here.
impersonationContext.Undo();


Visual J# .NET

System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)get_User().get_Identity()).Impersonate();
//Insert your code that runs under the security context of the authenticating user here.
impersonationContext.Undo();


在代碼中模擬特定用戶

若要僅在運行代碼特定部分時模擬特定用戶,請使用以下代碼:

Visual Basic .NET

<%@ Page Language="VB" %>
<%@ Import Namespace = "System.Web" %>
<%@ Import Namespace = "System.Web.Security" %>
<%@ Import Namespace = "System.Security.Principal" %>
<%@ Import Namespace = "System.Runtime.InteropServices" %>
<script runat=server>
Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
Dim impersonationContext As WindowsImpersonationContext
Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As Integer
Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long
Public Sub Page_Load(ByVal s As Object, ByVal e As EventArgs)
If impersonateValidUser("username", "domain", "password") Then
'Insert your code that runs under the security context of a specific user here.
undoImpersonation()
Else
'Your impersonation failed. Therefore, include a fail-safe mechanism here.
End If
End Sub
Private Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False
If RevertToSelf() Then
If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
End Function
Private Sub undoImpersonation()
impersonationContext.Undo()
End Sub
</script>

Visual C# .NET

<%@ Page Language="C#"%>
<%@ Import Namespace = "System.Web" %>
<%@ Import Namespace = "System.Web.Security" %>
<%@ Import Namespace = "System.Security.Principal" %>
<%@ Import Namespace = "System.Runtime.InteropServices" %>
<script runat=server>
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
WindowsImpersonationContext impersonationContext;
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
public void Page_Load(Object s, EventArgs e)
{
if(impersonateValidUser("username", "domain", "password"))
{
//Insert your code that runs under the security context of a specific user here.
undoImpersonation();
}
else
{
//Your impersonation failed. Therefore, include a fail-safe mechanism here.
}
}
private bool impersonateValidUser(String userName, String domain, String password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(RevertToSelf())
{
if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr.Zero)
CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)
CloseHandle(tokenDuplicate);
return false;
}
private void undoImpersonation()
{
impersonationContext.Undo();
}
</script>

Visual J# .NET

<%@ Page language="VJ#" %>
<%@ Import Namespace="System.Web" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Security.Principal" %>
<%@ Import Namespace="System.Runtime.InteropServices" %>
<script runat=server>
public static int LOGON32_LOGON_INTERACTIVE = 2;
public static int LOGON32_PROVIDER_DEFAULT = 0;
WindowsImpersonationContext impersonationContext;
/** @attribute DllImport("advapi32.dll") */
public static native int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
System.IntPtr[] phToken);
/** @attribute DllImport("advapi32.dll",
CharSet=CharSet.Auto, SetLastError=true) */
public static native int DuplicateToken(System.IntPtr hToken,
int impersonationLevel,
System.IntPtr[] hNewToken);
/** @attribute DllImport("kernel32.dll",CharSet=CharSet.Auto) */
public static native boolean CloseHandle(System.IntPtr[] handle);
/** @attribute DllImport("advapi32.dll",
CharSet=CharSet.Auto,SetLastError=true) */
public static native boolean RevertToSelf();
public void Page_Load(Object s, System.EventArgs e)
{
if(impersonateValidUser("username", "domain", " password"))
{
//Insert your code that runs under the security context of a specific user here.
undoImpersonation();
}
else
{
//Your impersonation failed. Therefore, include a fail-safe mechanism here.
}
}
private boolean impersonateValidUser(String userName, String domain, String password)
{
WindowsIdentity tempWindowsIdentity;
System.IntPtr[] token = new System.IntPtr[1];
System.IntPtr[] tokenDuplicate = new System.IntPtr[1];
if(RevertToSelf())
{
if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) != 0)
{
if(DuplicateToken(token[0], 2, tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate[0]);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(tokenDuplicate);
CloseHandle(token);
return true;
}
}
}
}
if(!token[0].Equals(System.IntPtr.Zero))
CloseHandle(token);
if(!tokenDuplicate[0].Equals(System.IntPtr.Zero))
CloseHandle(tokenDuplicate);
return false;
}
private void undoImpersonation()
{
impersonationContext.Undo();
}
</script>


注意:在線程上模擬特定用戶的進程的標識必須具有“作為操作系統(tǒng)的一部分”權(quán)限。默認情況下,Aspnet_wp.exe 進程在名為 ASPNET 的計算機帳戶下運行。不過,此帳戶沒有模擬特定用戶所需的權(quán)限。如果您嘗試模擬特定用戶,則會出現(xiàn)一條錯誤信息。

要解決此問題,請使用下列方法之一:

為 ASPNET 帳戶授予“作為操作系統(tǒng)的一部分”權(quán)限。

在 Machine.config 文件的 <processModel> 配置部分中,將運行 Aspnet_wp.exe 進程所使用的帳戶更改為 System 帳戶。
主站蜘蛛池模板: 香蕉www | 日韩欧美亚洲国产精品字幕久久久 | 人人入人人爱 | 四虎影院新网址 | 亚洲视频在线观看 | 欧美一级黄色片在线观看 | 亚洲天堂2014 | 日本不卡高清视频 | 青娱乐精品视频在线观看 | 色天使亚洲综合在线观看 | 欧美小网站 | 日韩在线看片 | 日本成人免费 | 亚洲自拍中文 | 五月婷婷之婷婷 | 亚洲福利网址 | 色www亚洲 | 亚洲成人第一页 | 色噜噜狠狠色综合久 | 青娱乐欧美 | 日本成人免费在线观看 | 天堂v亚洲国产v一区二区 | 青春草免费视频 | 欧美在线一二三 | 亚洲成a人片777777久久 | 午夜视频在线观看182tv | 最好韩国日本高清免费 | 亚洲成a人一区二区三区 | 亚洲性在线 | 午夜手机福利视频 | 日韩欧美黄色大片 | 欧美亚洲日本 | 欧美亚洲国产日韩一区二区三区 | 日本不卡免费高清视频 | 欧美午夜视频一区二区 | 特级做a爰片毛片免费看 | 在线你懂得 | 在线观看视频国产 | 日韩在线天堂免费观看 | 一二三四免费高清观看在线观看 | 欧美香蕉人人人人人人爱 |