使用advapi32.dll:LogonUserA()模拟远程计算机的本地用户

我需要能够在远程机器上运行RegLoadKey(),可能是我的机器和远程机器不在同一个域中。 如果他们是,下面的代码工作正常,我可以模拟一个用户在机器上具有pipe理员权限。 否则,如果我们谈论本地用户,根据这个讨论,我发现…

http://www.eggheadcafe.com/conversation.aspx?messageid=34224301&threadid=34224226

…我的机器上必须有一个本地用户使用相同的用户名和密码。 啊。 有没有办法呢?

using System.Runtime.InteropServices; using System.Security.Principal; [DllImport("advapi32.dll")] public static extern int LogonUserA(String lpszUserName, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern int DuplicateToken(IntPtr hToken, int impersonationLevel, ref IntPtr hNewToken); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern bool RevertToSelf(); [DllImport("kernel32.dll", CharSet = CharSet.Auto)] public static extern bool CloseHandle(IntPtr handle); public const int LOGON32_LOGON_INTERACTIVE = 2; public const int LOGON32_PROVIDER_DEFAULT = 0; public WindowsImpersonationContext WearDrag(string Username, string Password, string DomainOrMachine) { WindowsImpersonationContext impersonationContext; WindowsIdentity tempWindowsIdentity; IntPtr token = IntPtr.Zero; IntPtr tokenDuplicate = IntPtr.Zero; if (RevertToSelf()) { if (LogonUserA(Username, DomainOrMachine, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) != 0) { if (DuplicateToken(token, 2, ref tokenDuplicate) != 0) { tempWindowsIdentity = new WindowsIdentity(tokenDuplicate); impersonationContext = tempWindowsIdentity.Impersonate(); if (impersonationContext != null) { CloseHandle(token); CloseHandle(tokenDuplicate); return impersonationContext; } } } } if (token != IntPtr.Zero) CloseHandle(token); if (tokenDuplicate != IntPtr.Zero) CloseHandle(tokenDuplicate); return null; } 

这是我一直在使用,而不必定义一个本地用户:

 const int LOGON32_LOGON_NEW_CREDENTIALS = 9; const int LOGON32_PROVIDER_DEFAULT = 0; bool isSuccess = LogonUser(username, domain, password, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_DEFAULT, ref token); 

之后:

 WindowsIdentity newIdentity = new WindowsIdentity(token); WindowsImpersonationContext impersonatedUser = newIdentity.Impersonate(); 

我不重复句柄。

另一个观察 – 我不使用LogonUserA,我只是使用LogonUser。