WindowsIdentity.RunImpersonated 方法
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
重载
| RunImpersonated(SafeAccessTokenHandle, Action) |
作为模拟 Windows 标识运行指定操作。 可以使用 RunImpersonated(SafeAccessTokenHandle, Action) 并直接作为参数提供函数,而不是使用模拟方法调用并在 WindowsImpersonationContext 中运行函数。 |
| RunImpersonated<T>(SafeAccessTokenHandle, Func<T>) |
作为模拟 Windows 标识运行指定函数。 可以使用 RunImpersonated(SafeAccessTokenHandle, Action) 并直接作为参数提供函数,而不是使用模拟方法调用并在 WindowsImpersonationContext 中运行函数。 |
RunImpersonated(SafeAccessTokenHandle, Action)
作为模拟 Windows 标识运行指定操作。 可以使用 RunImpersonated(SafeAccessTokenHandle, Action) 并直接作为参数提供函数,而不是使用模拟方法调用并在 WindowsImpersonationContext 中运行函数。
public:
static void RunImpersonated(Microsoft::Win32::SafeHandles::SafeAccessTokenHandle ^ safeAccessTokenHandle, Action ^ action);public static void RunImpersonated (Microsoft.Win32.SafeHandles.SafeAccessTokenHandle safeAccessTokenHandle, Action action);static member RunImpersonated : Microsoft.Win32.SafeHandles.SafeAccessTokenHandle * Action -> unitPublic Shared Sub RunImpersonated (safeAccessTokenHandle As SafeAccessTokenHandle, action As Action)参数
- safeAccessTokenHandle
- SafeAccessTokenHandle
模拟 Windows 标识 SafeAccessTokenHandle。
- action
- Action
要运行的 System.Action。
示例
下面的示例演示如何使用 WindowsIdentity 类来模拟用户。
警告
此示例要求用户在控制台屏幕上输入密码。 密码将在屏幕上可见,因为控制台窗口不支持本机屏蔽输入。
// The following example demonstrates the use of the WindowsIdentity class to impersonate a user.
// IMPORTANT NOTE:
// This sample asks the user to enter a password on the console screen.
// The password will be visible on the screen, because the console window
// does not support masked input natively.
using System;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Principal;
using Microsoft.Win32.SafeHandles;
public class ImpersonationDemo
{
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out SafeAccessTokenHandle phToken);
public static void Main()
{
// Get the user token for the specified user, domain, and password using the
// unmanaged LogonUser method.
// The local machine name can be used for the domain name to impersonate a user on this machine.
Console.Write("Enter the name of the domain on which to log on: ");
string domainName = Console.ReadLine();
Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName);
string userName = Console.ReadLine();
Console.Write("Enter the password for {0}: ", userName);
const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 2;
// Call LogonUser to obtain a handle to an access token.
SafeAccessTokenHandle safeAccessTokenHandle;
bool returnValue = LogonUser(userName, domainName, Console.ReadLine(),
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeAccessTokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
Console.WriteLine("LogonUser failed with error code : {0}", ret);
throw new System.ComponentModel.Win32Exception(ret);
}
Console.WriteLine("Did LogonUser Succeed? " + (returnValue ? "Yes" : "No"));
// Check the identity.
Console.WriteLine("Before impersonation: " + WindowsIdentity.GetCurrent().Name);
// Note: if you want to run as unimpersonated, pass
// 'SafeAccessTokenHandle.InvalidHandle' instead of variable 'safeAccessTokenHandle'
WindowsIdentity.RunImpersonated(
safeAccessTokenHandle,
// User action
() =>
{
// Check the identity.
Console.WriteLine("During impersonation: " + WindowsIdentity.GetCurrent().Name);
}
);
// Check the identity again.
Console.WriteLine("After impersonation: " + WindowsIdentity.GetCurrent().Name);
}
}
注解
备注
与 async/await 模式相比,此方法可用于可靠地使用 Impersonate 。 在异步方法中,此方法的泛型重载可与 async 委托参数一起使用,以便生成的任务可能会等待。
适用于
RunImpersonated<T>(SafeAccessTokenHandle, Func<T>)
作为模拟 Windows 标识运行指定函数。 可以使用 RunImpersonated(SafeAccessTokenHandle, Action) 并直接作为参数提供函数,而不是使用模拟方法调用并在 WindowsImpersonationContext 中运行函数。
public:
generic <typename T>
static T RunImpersonated(Microsoft::Win32::SafeHandles::SafeAccessTokenHandle ^ safeAccessTokenHandle, Func<T> ^ func);public static T RunImpersonated<T> (Microsoft.Win32.SafeHandles.SafeAccessTokenHandle safeAccessTokenHandle, Func<T> func);static member RunImpersonated : Microsoft.Win32.SafeHandles.SafeAccessTokenHandle * Func<'T> -> 'TPublic Shared Function RunImpersonated(Of T) (safeAccessTokenHandle As SafeAccessTokenHandle, func As Func(Of T)) As T类型参数
- T
函数使用并返回的对象的类型。
参数
- safeAccessTokenHandle
- SafeAccessTokenHandle
模拟 Windows 标识 SafeAccessTokenHandle。
- func
- Func<T>
要运行的 System.Func。
返回
- T
函数的结果。
示例
下面的示例演示如何使用 WindowsIdentity 类来模拟用户。
警告
此示例要求用户在控制台屏幕上输入密码。 密码将在屏幕上可见,因为控制台窗口不支持本机屏蔽输入。
// The following example demonstrates the use of the WindowsIdentity class to impersonate a user.
// IMPORTANT NOTE:
// This sample asks the user to enter a password on the console screen.
// The password will be visible on the screen, because the console window
// does not support masked input natively.
using System;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Principal;
using Microsoft.Win32.SafeHandles;
public class ImpersonationDemo
{
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out SafeAccessTokenHandle phToken);
public static void Main()
{
// Get the user token for the specified user, domain, and password using the
// unmanaged LogonUser method.
// The local machine name can be used for the domain name to impersonate a user on this machine.
Console.Write("Enter the name of the domain on which to log on: ");
string domainName = Console.ReadLine();
Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName);
string userName = Console.ReadLine();
Console.Write("Enter the password for {0}: ", userName);
const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 2;
// Call LogonUser to obtain a handle to an access token.
SafeAccessTokenHandle safeAccessTokenHandle;
bool returnValue = LogonUser(userName, domainName, Console.ReadLine(),
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeAccessTokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
Console.WriteLine("LogonUser failed with error code : {0}", ret);
throw new System.ComponentModel.Win32Exception(ret);
}
Console.WriteLine("Did LogonUser Succeed? " + (returnValue ? "Yes" : "No"));
// Check the identity.
Console.WriteLine("Before impersonation: " + WindowsIdentity.GetCurrent().Name);
// Note: if you want to run as unimpersonated, pass
// 'SafeAccessTokenHandle.InvalidHandle' instead of variable 'safeAccessTokenHandle'
WindowsIdentity.RunImpersonated(
safeAccessTokenHandle,
// User action
() =>
{
// Check the identity.
Console.WriteLine("During impersonation: " + WindowsIdentity.GetCurrent().Name);
}
);
// Check the identity again.
Console.WriteLine("After impersonation: " + WindowsIdentity.GetCurrent().Name);
}
}
注解
备注
与 async/await 模式相比,此方法可用于可靠地使用 Impersonate 。 在异步方法中,此方法可与 async 委托参数一起使用,以便生成的任务可能会等待。