WindowsImpersonationContext 类

表示模拟操作之前的 Windows 用户。

**命名空间:**System.Security.Principal
**程序集:**mscorlib(在 mscorlib.dll 中)

语法

声明
<ComVisibleAttribute(True)> _
Public Class WindowsImpersonationContext
    Implements IDisposable
用法
Dim instance As WindowsImpersonationContext
[ComVisibleAttribute(true)] 
public class WindowsImpersonationContext : IDisposable
[ComVisibleAttribute(true)] 
public ref class WindowsImpersonationContext : IDisposable
/** @attribute ComVisibleAttribute(true) */ 
public class WindowsImpersonationContext implements IDisposable
ComVisibleAttribute(true) 
public class WindowsImpersonationContext implements IDisposable

备注

该类在用户模拟另一个用户之后恢复用户的标识。

给实现者的说明 因为 Microsoft Windows 98 和 Windows Millennium Edition 平台没有用户或用户标记,所以这些平台上不能执行模拟。

示例

下面的示例展示如何模拟用户及如何再恢复为原始标识。

' This sample demonstrates the use of the WindowsIdentity class to impersonate a user.
' IMPORTANT NOTES: 
' This sample can be run only on Windows XP.  The default Windows 2000 security policy 
' prevents this sample from executing properly, and changing the policy to allow
' proper execution presents a security risk. 
' This sample requests the user to enter a password on the console screen.
' Because the console window does not support methods allowing the password to be masked, 
' it will be visible to anyone viewing the screen.  
' The sample is intended to be executed in a .NET Framework 1.1 environment.  To execute
' this code in a 1.0 environment you will need to use a duplicate token in the call to the
' WindowsIdentity constructor.  See KB article Q319615 for more information.

Imports System
Imports System.Runtime.InteropServices
Imports System.Security.Principal
Imports System.Security.Permissions
Imports Microsoft.VisualBasic
<Assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode:=True), _
 Assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Name:="FullTrust")> 
Module Module1

    Public Class ImpersonationDemo

        Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _
            ByVal lpszDomain As [String], ByVal lpszPassword As [String], _
            ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _
            ByRef phToken As IntPtr) As Boolean

        <DllImport("kernel32.dll")> _
        Public Shared Function FormatMessage(ByVal dwFlags As Integer, ByRef lpSource As IntPtr, _
            ByVal dwMessageId As Integer, ByVal dwLanguageId As Integer, ByRef lpBuffer As [String], _
            ByVal nSize As Integer, ByRef Arguments As IntPtr) As Integer

        End Function

        Public Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean


        Public Declare Auto Function DuplicateToken Lib "advapi32.dll" (ByVal ExistingTokenHandle As IntPtr, _
                ByVal SECURITY_IMPERSONATION_LEVEL As Integer, _
                ByRef DuplicateTokenHandle As IntPtr) As Boolean

        ' Test harness.
        ' If you incorporate this code into a DLL, be sure to demand FullTrust.
        <PermissionSetAttribute(SecurityAction.Demand, Name:="FullTrust")> _
        Public Overloads Shared Sub Main(ByVal args() As String)

            Dim tokenHandle As New IntPtr(0)
            Dim dupeTokenHandle As New IntPtr(0)
            Try


                Dim userName, domainName As String

                ' Get the user token for the specified user, domain, and password using the 
                ' unmanaged LogonUser method.  
                ' The local machine name can be used for the domain name to impersonate a user on this machine.
                Console.Write("Enter the name of a domain on which to log on: ")
                domainName = Console.ReadLine()

                Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName)
                userName = Console.ReadLine()

                Console.Write("Enter the password for {0}: ", userName)

                Const LOGON32_PROVIDER_DEFAULT As Integer = 0
                'This parameter causes LogonUser to create a primary token.
                Const LOGON32_LOGON_INTERACTIVE As Integer = 2

                tokenHandle = IntPtr.Zero

                ' Call LogonUser to obtain a handle to an access token.
                Dim returnValue As Boolean = LogonUser(userName, domainName, Console.ReadLine(), LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, tokenHandle)

                Console.WriteLine("LogonUser called.")

                If False = returnValue Then
                    Dim ret As Integer = Marshal.GetLastWin32Error()
                    Console.WriteLine("LogonUser failed with error code : {0}", ret)
                    Throw New System.ComponentModel.Win32Exception(ret)

                    Return
                End If

                Dim success As String
                If returnValue Then success = "Yes" Else success = "No"
                Console.WriteLine(("Did LogonUser succeed? " + success))
                Console.WriteLine(("Value of Windows NT token: " + tokenHandle.ToString()))

                ' Check the identity.
                Console.WriteLine(("Before impersonation: " + WindowsIdentity.GetCurrent().Name))

                ' Use the token handle returned by LogonUser.
                Dim newId As New WindowsIdentity(tokenHandle)
                Dim impersonatedUser As WindowsImpersonationContext = newId.Impersonate()

                ' Check the identity.
                Console.WriteLine(("After impersonation: " + WindowsIdentity.GetCurrent().Name))

                ' Stop impersonating the user.
                impersonatedUser.Undo()

                ' Check the identity.
                Console.WriteLine(("After Undo: " + WindowsIdentity.GetCurrent().Name))

                ' Free the tokens.
                If Not System.IntPtr.op_Equality(tokenHandle, IntPtr.Zero) Then
                    CloseHandle(tokenHandle)
                End If

            Catch ex As Exception
                Console.WriteLine(("Exception occurred. " + ex.Message))
            End Try
        End Sub 'Main 
    End Class 'Class1
End Module
// This sample demonstrates the use of the WindowsIdentity class to impersonate a user.
// IMPORTANT NOTES: 
// This sample can be run only on Windows XP.  The default Windows 2000 security policy 
// prevents this sample from executing properly, and changing the policy to allow
// proper execution presents a security risk. 
// This sample requests the user to enter a password on the console screen.
// Because the console window does not support methods allowing the password to be masked, 
// it will be visible to anyone viewing the screen.
// The sample is intended to be executed in a .NET Framework 1.1 environment.  To execute
// this code in a 1.0 environment you will need to use a duplicate token in the call to the
// WindowsIdentity constructor. See KB article Q319615 for more information.

using System;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Security.Permissions;
using System.Windows.Forms;

[assembly:SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode=true)]
[assembly:PermissionSetAttribute(SecurityAction.RequestMinimum, Name = "FullTrust")]
public class ImpersonationDemo
{
    [DllImport("advapi32.dll", SetLastError=true)]
    public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, 
        int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

    [DllImport("kernel32.dll", CharSet=System.Runtime.InteropServices.CharSet.Auto)]
    private unsafe static extern int FormatMessage(int dwFlags, ref IntPtr lpSource, 
        int dwMessageId, int dwLanguageId, ref String lpBuffer, int nSize, IntPtr *Arguments);

    [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
    public extern static bool CloseHandle(IntPtr handle);

    [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
    public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, 
        int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);

    // Test harness.
    // If you incorporate this code into a DLL, be sure to demand FullTrust.
    [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
    public static void Main(string[] args)
    {   
        IntPtr tokenHandle = new IntPtr(0);
        IntPtr dupeTokenHandle = new IntPtr(0);
        try
        {
            string userName, domainName;
            // Get the user token for the specified user, domain, and password using the 
            // unmanaged LogonUser method.  
            // The local machine name can be used for the domain name to impersonate a user on this machine.
            Console.Write("Enter the name of the domain on which to log on: ");
            domainName = Console.ReadLine();

            Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName);
            userName = Console.ReadLine();

            Console.Write("Enter the password for {0}: ", userName);
            
            const int LOGON32_PROVIDER_DEFAULT = 0;
            //This parameter causes LogonUser to create a primary token.
            const int LOGON32_LOGON_INTERACTIVE = 2;

            tokenHandle = IntPtr.Zero;
 
            // Call LogonUser to obtain a handle to an access token.
            bool returnValue = LogonUser(userName, domainName, Console.ReadLine(), 
                LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
                ref tokenHandle);
                    
            Console.WriteLine("LogonUser called.");
                
            if (false == returnValue)
            {
                int ret = Marshal.GetLastWin32Error();
                Console.WriteLine("LogonUser failed with error code : {0}", ret);
                throw new System.ComponentModel.Win32Exception(ret);
            }

            Console.WriteLine("Did LogonUser Succeed? " + (returnValue? "Yes" : "No"));
            Console.WriteLine("Value of Windows NT token: " + tokenHandle);

            // Check the identity.
            Console.WriteLine("Before impersonation: "
                + WindowsIdentity.GetCurrent().Name);
            // Use the token handle returned by LogonUser.
            WindowsIdentity newId = new WindowsIdentity(tokenHandle);
            WindowsImpersonationContext impersonatedUser = newId.Impersonate();

            // Check the identity.
            Console.WriteLine("After impersonation: "
                + WindowsIdentity.GetCurrent().Name);
        
            // Stop impersonating the user.
            impersonatedUser.Undo();

            // Check the identity.
            Console.WriteLine("After Undo: " + WindowsIdentity.GetCurrent().Name);
            
            // Free the tokens.
            if (tokenHandle != IntPtr.Zero)
                CloseHandle(tokenHandle);

        }
        catch(Exception ex)
        {
            Console.WriteLine("Exception occurred. " + ex.Message);
        }

    }
}
// This sample demonstrates the use of the WindowsIdentity class to impersonate a user.
// IMPORTANT NOTES: 
// This sample can be run only on Windows XP.  The default Windows 2000 security policy 
// prevents this sample from executing properly, and changing the policy to allow
// proper execution presents a security risk. 
// This sample requests the user to enter a password on the console screen.
// Because the console window does not support methods allowing the password to be masked, 
// it will be visible to anyone viewing the screen.
// The sample is intended to be executed in a .NET Framework 1.1 environment.  To execute
// this code in a 1.0 environment you will need to use a duplicate token in the call to the
// WindowsIdentity constructor. See KB article Q319615 for more information.
#using <System.dll>

using namespace System;
using namespace System::Runtime::InteropServices;
using namespace System::Security::Principal;
using namespace System::Security::Permissions;

[assembly:SecurityPermissionAttribute(SecurityAction::RequestMinimum,UnmanagedCode=true)];
[assembly:PermissionSetAttribute(SecurityAction::RequestMinimum,Name="FullTrust")];
[DllImport("advapi32.dll",SetLastError=true)]
bool LogonUser( String^ lpszUsername, String^ lpszDomain, String^ lpszPassword, int dwLogonType, int dwLogonProvider, IntPtr * phToken );

[DllImport("kernel32.dll",CharSet=System::Runtime::InteropServices::CharSet::Auto)]
int FormatMessage( int dwFlags, IntPtr * lpSource, int dwMessageId, int dwLanguageId, interior_ptr<String^> lpBuffer, int nSize, IntPtr * Arguments );

[DllImport("kernel32.dll",CharSet=CharSet::Auto)]
bool CloseHandle( IntPtr handle );

[DllImport("advapi32.dll",CharSet=CharSet::Auto,SetLastError=true)]
bool DuplicateToken( IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, IntPtr * DuplicateTokenHandle );

// Test harness.
// If you incorporate this code into a DLL, be sure to demand FullTrust.

[PermissionSetAttribute(SecurityAction::Demand,Name="FullTrust")]
int main()
{
   IntPtr tokenHandle = IntPtr(0);
   IntPtr dupeTokenHandle = IntPtr(0);
   try
   {
      String^ userName;
      String^ domainName;
      
      // Get the user token for the specified user, domain, and password using the 
      // unmanaged LogonUser method.  
      // The local machine name can be used for the domain name to impersonate a user on this machine.
      Console::Write( "Enter the name of the domain on which to log on: " );
      domainName = Console::ReadLine();
      Console::Write( "Enter the login of a user on {0} that you wish to impersonate: ", domainName );
      userName = Console::ReadLine();
      Console::Write( "Enter the password for {0}: ", userName );
      const int LOGON32_PROVIDER_DEFAULT = 0;
      
      //This parameter causes LogonUser to create a primary token.
      const int LOGON32_LOGON_INTERACTIVE = 2;
      const int SecurityImpersonation = 2;
      tokenHandle = IntPtr::Zero;
      
      // Call LogonUser to obtain a handle to an access token.
      bool returnValue = LogonUser( userName, domainName, Console::ReadLine(), LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,  &tokenHandle );
      Console::WriteLine( "LogonUser called." );
      if ( false == returnValue )
      {
         int ret = Marshal::GetLastWin32Error();
         Console::WriteLine( "LogonUser failed with error code : {0}", ret );
         throw gcnew System::ComponentModel::Win32Exception( ret );
      }
      Console::WriteLine( "Did LogonUser Succeed? {0}", (returnValue ? (String^)"Yes" : "No") );
      Console::WriteLine( "Value of Windows NT token: {0}", tokenHandle );
      
      // Check the identity.
      Console::WriteLine( "Before impersonation: {0}", WindowsIdentity::GetCurrent()->Name );
      
      // The token that is passed to the following constructor must 
      // be a primary token in order to use it for impersonation.
      WindowsIdentity^ newId = gcnew WindowsIdentity( tokenHandle );
      WindowsImpersonationContext^ impersonatedUser = newId->Impersonate();
      
      // Check the identity.
      Console::WriteLine( "After impersonation: {0}", WindowsIdentity::GetCurrent()->Name );
      
      // Stop impersonating the user.
      impersonatedUser->Undo();
      
      // Check the identity.
      Console::WriteLine( "After Undo: {0}", WindowsIdentity::GetCurrent()->Name );
      
      // Free the tokens.
      if ( tokenHandle != IntPtr::Zero )
            CloseHandle( tokenHandle );
   }
   catch ( Exception^ ex ) 
   {
      Console::WriteLine( "Exception occurred. {0}", ex->Message );
   }

}

继承层次结构

System.Object
  System.Security.Principal.WindowsImpersonationContext

线程安全

此类型的任何公共静态(Visual Basic 中的 Shared)成员都是线程安全的,但不保证所有实例成员都是线程安全的。

平台

Windows 2000 SP4、Windows Millennium Edition、Windows Server 2003、Windows XP Media Center Edition、Windows XP Professional x64 Edition、Windows XP SP2、Windows XP Starter Edition

.NET Framework 并不是对每个平台的所有版本都提供支持。有关受支持版本的列表,请参见系统要求

版本信息

.NET Framework

受以下版本支持:2.0、1.1、1.0

请参见

参考

WindowsImpersonationContext 成员
System.Security.Principal 命名空间