如何扮演另一个帐号(C#实现)

using directives#region Using directives

using System;
using System.Security.Principal;
using System.Runtime.InteropServices;
using System.Text.RegularExpressions;
#endregion

namespace Impersonal
{
    class Program
    {
        测试代码#region 测试代码
        public static void Main(string[] args)
        {
            Console.WriteLine("当前用户是: "
    + WindowsIdentity.GetCurrent().Name);
            ImpersonatedWork testDel = new ImpersonatedWork(Test);
            ImpersonateAndDo("epro\\liping", "88888888", testDel);
            Console.WriteLine("当前用户是: "
    + WindowsIdentity.GetCurrent().Name);
        }
        static void Test()
        {
            Console.WriteLine("当前用户是: "
                + WindowsIdentity.GetCurrent().Name);
        }
        #endregion

        [DllImport("advapi32.dll", SetLastError = true)]
        public extern static bool LogonUser(String lpszUsername, String lpszDomain,
            String lpszPassword, int dwLogonType,
            int dwLogonProvider, ref IntPtr phToken);

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        public extern static bool CloseHandle(IntPtr handle);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
            int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);

        public delegate void ImpersonatedWork();
        /**//// <summary>
        /// 以指定用户的身份去做一件事情
        /// </summary>
        /// <param name="UserName"></param>
        /// <param name="PWD"></param>
        /// <param name="WhatToDo"></param>
        public static void ImpersonateAndDo(string UserName, string PWD, ImpersonatedWork WhatToDo)
        {
            扮演用户#region 扮演用户
            string domainName = string.Empty;
            string userName = string.Empty;
            IntPtr tokenHandle = new IntPtr(0);
            IntPtr dupeTokenHandle = new IntPtr(0);
            const int LOGON32_PROVIDER_DEFAULT = 0;
            const int LOGON32_LOGON_INTERACTIVE = 2;
            const int SecurityImpersonation = 2;
            if (! Regex.IsMatch(UserName, @"^\w+[\\]?\w+$"))
            {
                throw new ApplicationException("非法的用户名");
            }
            string[] tmp = UserName.Split(new char[] { '\\' });
            if (tmp.Length > 1)
            {
                domainName = tmp[0];
                userName = tmp[1];
            }
            else
            {
                userName = tmp[0];
            }
            tokenHandle = IntPtr.Zero;
            dupeTokenHandle = IntPtr.Zero;
            bool returnValue = LogonUser(userName,domainName,  PWD,
                LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
                ref tokenHandle);
            if (!returnValue)
            {
                throw new ApplicationException("取Handle出错了!");
            }

            //Console.WriteLine("当前用户是: "
            //    + WindowsIdentity.GetCurrent().Name);

            bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation, ref dupeTokenHandle);
            if (!retVal)
            {
                CloseHandle(tokenHandle);
                throw new ApplicationException("复制Handle出错了!");
            }
            WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
            WindowsImpersonationContext impersonatedUser = newId.Impersonate();
            #endregion
            以新用户身份调用#region 以新用户身份调用
            WhatToDo();
            #endregion
            取消扮演#region 取消扮演
            impersonatedUser.Undo();
            if (tokenHandle != IntPtr.Zero)
                CloseHandle(tokenHandle);
            if (dupeTokenHandle != IntPtr.Zero)
                CloseHandle(dupeTokenHandle);
            #endregion
        }
    }
}

查看本文来源