以 LocalSystem 身份运行的 C# 程序如何临时模拟另一个用户的登录身份?粗略地说,我有一个 Windows 服务,我想作为 LocalSystem 运行,但有时会模拟用户 XYZ(使用 Windows 集成安全连接到数据库时).
How can a C# program running as LocalSystem impersonate the login identity of another user temporarily? Roughly speaking I have a Windows Service that I'd like to run as LocalSystem but at times impersonate user XYZ (when connecting to a db using windows integrated security).
最重要的是:有没有办法在不知道其他用户密码的情况下做到这一点?
Most important of all: Is there a way to do this without knowing the other user's password?
注意:如果密码是必需的,是否有安全存储密码的推荐策略(c# 和/或 vbscript).
Note: if a password is mandatory is there a recommended strategy for storing a password securely (c# and/or vbscript).
推荐答案这是可能的,尽管它需要您编写大量代码.请参阅 NtCreateToken 和 CreateToken.您需要 SeCreateTokenPrivilege,尽管这不会成为问题,因为您在 NT AUTHORITYSYSTEM 下运行.然后,您可以使用创建的令牌在线程内部进行模拟.
It's possible, although it requires you to do a lot of code. See NtCreateToken and CreateToken. You need SeCreateTokenPrivilege, although that won't be a problem since you're running under NT AUTHORITYSYSTEM. You can then use the created token to impersonate inside a thread.
更多推荐
来自 C# 的 Windows 模拟
发布评论