采用问答式, 快餐式获取要点.
如何查看当前线程正在什么用户权限上运行?
====================================
string currentUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
如何在ASP.NET应用程序中, 使用过了IIS验证的用户的权限来执行每一次请求?
====================================
在web.config文件中, 做如下修改:
<identity impersonate="true" />
如何在ASP.NET应用程序中指定一个用户, 然后让所有的请求都按照这个用户的权限来执行?
====================================
在web.config文件中, 做如下修改:
<identity impersonate="true" userName="accountname" password="password" />
如何在代码中进行impersonate?
====================================
System.Security.Principal.WindowsImpersonationContext impersonationContext; impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate(); //Insert your code that runs under the security context of the authenticating user here. impersonationContext.Undo();
一个具体的例子, 可以用在aspx中, 当然了用在cs中可以的.
public const int LOGON32_LOGON_INTERACTIVE = 2; public const int LOGON32_PROVIDER_DEFAULT = 0; WindowsImpersonationContext impersonationContext; [DllImport("advapi32.dll")] public static extern int LogonUserA(String lpszUserName, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern int DuplicateToken(IntPtr hToken, int impersonationLevel, ref IntPtr hNewToken); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern bool RevertToSelf(); [DllImport("kernel32.dll", CharSet = CharSet.Auto)] public static extern bool CloseHandle(IntPtr handle); public void Page_Load(Object s, EventArgs e) { if (impersonateValidUser("username", "domain", "password")) { //Insert your code that runs under the security context of a specific user here. undoImpersonation(); } else { //Your impersonation failed. Therefore, include a fail-safe mechanism here. } } private bool impersonateValidUser(String userName, String domain, String password) { WindowsIdentity tempWindowsIdentity; IntPtr token = IntPtr.Zero; IntPtr tokenDuplicate = IntPtr.Zero; if (RevertToSelf()) { if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) != 0) { if (DuplicateToken(token, 2, ref tokenDuplicate) != 0) { tempWindowsIdentity = new WindowsIdentity(tokenDuplicate); impersonationContext = tempWindowsIdentity.Impersonate(); if (impersonationContext != null) { CloseHandle(token); CloseHandle(tokenDuplicate); return true; } } } } if (token != IntPtr.Zero) CloseHandle(token); if (tokenDuplicate != IntPtr.Zero) CloseHandle(tokenDuplicate); return false; } private void undoImpersonation() { impersonationContext.Undo(); }
资料来源:
How to implement impersonation in an ASP.NET application
http://support.microsoft.com/kb/306158
转自:http://www.cnblogs.com/awpatp/archive/2010/02/02/1662277.html