asp.net 用指定用户名密码模拟登录 访问操作网路路径文件
工作用到了,记录一下,就是网络路径上有个共享目录,给你分配一个账号和密码 有一定的权限可以读写,不用在配置文件中做修改,比较安全。 采用WindowsIdentity.Impersonate 方法。希望给用到的朋友。
主要的类IdentityScope
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Runtime.InteropServices;
/// <summary>
/// IdentityScope 的摘要说明
/// </summary>
public class IdentityScope : IDisposable
{
// obtains user token
[DllImport( " advapi32.dll ", SetLastError = true)]
static extern bool LogonUser( string pszUsername, string pszDomain, string pszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
// closes open handes returned by LogonUser
[DllImport( " kernel32.dll ", CharSet = CharSet.Auto)]
extern static bool CloseHandle(IntPtr handle);
[DllImport( " Advapi32.DLL ")]
static extern bool ImpersonateLoggedOnUser(IntPtr hToken);
[DllImport( " Advapi32.DLL ")]
static extern bool RevertToSelf();
// logon types
const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
// logon providers
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_PROVIDER_WINNT50 = 3;
const int LOGON32_PROVIDER_WINNT40 = 2;
const int LOGON32_PROVIDER_WINNT35 = 1;
private bool disposed;
/// <summary>
/// 登录
/// </summary>
/// <param name="sUsername"> 用户名 </param>
/// <param name="sDomain"> 第二个参数是域名,有域名的话写域名,没有域名写目标机器的IP· </param>
/// <param name="sPassword"> 密码 </param>
public IdentityScope( string sUsername, string sDomain, string sPassword)
{
// initialize tokens
IntPtr pExistingTokenHandle = new IntPtr( 0);
IntPtr pDuplicateTokenHandle = new IntPtr( 0);
try
{
// get handle to token
bool bImpersonated = LogonUser(sUsername, sDomain, sPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref pExistingTokenHandle);
if ( true == bImpersonated)
{
if (!ImpersonateLoggedOnUser(pExistingTokenHandle))
{
int nErrorCode = Marshal.GetLastWin32Error();
throw new Exception( " ImpersonateLoggedOnUser error;Code= " + nErrorCode);
}
}
else
{
int nErrorCode = Marshal.GetLastWin32Error();
throw new Exception( " LogonUser error;Code= " + nErrorCode);
}
}
finally
{
// close handle(s)
if (pExistingTokenHandle != IntPtr.Zero)
CloseHandle(pExistingTokenHandle);
if (pDuplicateTokenHandle != IntPtr.Zero)
CloseHandle(pDuplicateTokenHandle);
}
}
protected virtual void Dispose( bool disposing)
{
if (!disposed)
{
RevertToSelf();
disposed = true;
}
}
public void Dispose()
{
Dispose( true);
}
}
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Runtime.InteropServices;
/// <summary>
/// IdentityScope 的摘要说明
/// </summary>
public class IdentityScope : IDisposable
{
// obtains user token
[DllImport( " advapi32.dll ", SetLastError = true)]
static extern bool LogonUser( string pszUsername, string pszDomain, string pszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
// closes open handes returned by LogonUser
[DllImport( " kernel32.dll ", CharSet = CharSet.Auto)]
extern static bool CloseHandle(IntPtr handle);
[DllImport( " Advapi32.DLL ")]
static extern bool ImpersonateLoggedOnUser(IntPtr hToken);
[DllImport( " Advapi32.DLL ")]
static extern bool RevertToSelf();
// logon types
const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
// logon providers
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_PROVIDER_WINNT50 = 3;
const int LOGON32_PROVIDER_WINNT40 = 2;
const int LOGON32_PROVIDER_WINNT35 = 1;
private bool disposed;
/// <summary>
/// 登录
/// </summary>
/// <param name="sUsername"> 用户名 </param>
/// <param name="sDomain"> 第二个参数是域名,有域名的话写域名,没有域名写目标机器的IP· </param>
/// <param name="sPassword"> 密码 </param>
public IdentityScope( string sUsername, string sDomain, string sPassword)
{
// initialize tokens
IntPtr pExistingTokenHandle = new IntPtr( 0);
IntPtr pDuplicateTokenHandle = new IntPtr( 0);
try
{
// get handle to token
bool bImpersonated = LogonUser(sUsername, sDomain, sPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref pExistingTokenHandle);
if ( true == bImpersonated)
{
if (!ImpersonateLoggedOnUser(pExistingTokenHandle))
{
int nErrorCode = Marshal.GetLastWin32Error();
throw new Exception( " ImpersonateLoggedOnUser error;Code= " + nErrorCode);
}
}
else
{
int nErrorCode = Marshal.GetLastWin32Error();
throw new Exception( " LogonUser error;Code= " + nErrorCode);
}
}
finally
{
// close handle(s)
if (pExistingTokenHandle != IntPtr.Zero)
CloseHandle(pExistingTokenHandle);
if (pDuplicateTokenHandle != IntPtr.Zero)
CloseHandle(pDuplicateTokenHandle);
}
}
protected virtual void Dispose( bool disposing)
{
if (!disposed)
{
RevertToSelf();
disposed = true;
}
}
public void Dispose()
{
Dispose( true);
}
}
调用
using (IdentityScope c =
new IdentityScope(
"
用户名
",
"
域/IP
",
"
密码
"))
{
string[] filelist = System.IO.Directory.GetDirectories( @" \\192.168.1.7\Test ");
}
{
string[] filelist = System.IO.Directory.GetDirectories( @" \\192.168.1.7\Test ");
}
注意:
1.如果你所访问的计算机位于域内,调用时传入域的名字,并且修改
bool
bImpersonated = LogonUser(sUsername, sDomain, sPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
ref pExistingTokenHandle);
2.如果你所访问的计算机不在域内,调用是传入IP即可,并修改
bool bImpersonated = LogonUser(sUsername, sDomain, sPassword,
LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_DEFAULT,
ref pExistingTokenHandle);
3.有时报“登录失败: 未知的用户名或错误密码” 错误,就说明你的参数传错了,注意下LogonUser的第四个参数
4.每个人遇到的情况可能不一样,但是希望给大家有所帮助
MSDN:
http://msdn.microsoft.com/zh-cn/library/w070t6ka.aspx