Bibliothèque de classes .NET Framework
WindowsIdentity.Impersonate, méthode
Cet article a fait l'objet d'une traduction manuelle. Pour afficher simultanément cette page et le contenu source en anglais, choisissez le paramètre d'affichage Basse densité.
Emprunte l'identité de l'utilisateur représenté par l'objet WindowsIdentity.
Assembly : mscorlib (dans mscorlib.dll)
Syntaxe
Visual Basic
Public Overridable Function Impersonate As WindowsImpersonationContext
C#
public virtual WindowsImpersonationContext Impersonate()
VisualC++
public: virtual WindowsImpersonationContext^ Impersonate()
F#
abstract Impersonate : unit -> WindowsImpersonationContext override Impersonate : unit -> WindowsImpersonationContext
Valeur de retour
Type : System.Security.Principal.WindowsImpersonationContextObjet qui représente l'utilisateur Windows avant l'emprunt d'identité ; vous pouvez l'utiliser pour rétablir le contexte de l'utilisateur d'origine.
Exceptions
| Exception | Condition |
|---|---|
| InvalidOperationException |
Une identité anonyme a tenté d'exécuter un emprunt d'identité. |
| SecurityException |
Une erreur Win32 s'est produite. |
Notes
Sur des plateformes Windows NT, l'utilisateur en cours doit disposer des droits suffisants pour permettre l'emprunt d'identité.
Remarques à l'attention des implémenteurs
Les plateformes Microsoft Windows 98 et Windows Millennium Edition (Windows Me) n'ayant pas de jetons utilisateur, l'emprunt d'identité ne peut avoir lieu sur ces plateformes.
Remarques à l'attention des appelants
Lorsque vous avez utilisé Impersonate, il est important d'appeler la méthode Undo pour mettre fin à l'emprunt d'identité.
Exemples
L'exemple suivant illustre l'obtention d'un jeton de compte Windows par l'appel à la fonction Win32 non managée LogonUser et l'utilisation de ce jeton pour emprunter l'identité d'un autre utilisateur puis rétablir l'identité d'origine.
Visual Basic
' This sample demonstrates the use of the WindowsIdentity class to impersonate a user. ' IMPORTANT NOTES: ' This sample requests the user to enter a password on the console screen. ' Because the console window does not support methods allowing the password to be masked, ' it will be visible to anyone viewing the screen. ' On Windows Vista and later this sample must be run as an administrator. Imports System Imports System.Runtime.InteropServices Imports System.Security.Principal Imports System.Security.Permissions Imports Microsoft.VisualBasic Imports Microsoft.Win32.SafeHandles Imports System.Runtime.ConstrainedExecution Imports System.Security Module Module1 Public Class ImpersonationDemo 'Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _ ' ByVal lpszDomain As [String], ByVal lpszPassword As [String], _ ' ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _ ' ByRef phToken As IntPtr) As Boolean Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _ ByVal lpszDomain As [String], ByVal lpszPassword As [String], _ ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _ <Out()> ByRef phToken As SafeTokenHandle) As Boolean Public Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean ' Test harness. ' If you incorporate this code into a DLL, be sure to demand FullTrust. <PermissionSetAttribute(SecurityAction.Demand, Name:="FullTrust")> _ Public Overloads Shared Sub Main(ByVal args() As String) Dim safeTokenHandle As SafeTokenHandle Dim tokenHandle As New IntPtr(0) Try Dim userName, domainName As String ' Get the user token for the specified user, domain, and password using the ' unmanaged LogonUser method. ' The local machine name can be used for the domain name to impersonate a user on this machine. Console.Write("Enter the name of a domain on which to log on: ") domainName = Console.ReadLine() Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName) userName = Console.ReadLine() Console.Write("Enter the password for {0}: ", userName) Const LOGON32_PROVIDER_DEFAULT As Integer = 0 'This parameter causes LogonUser to create a primary token. Const LOGON32_LOGON_INTERACTIVE As Integer = 2 ' Call LogonUser to obtain a handle to an access token. Dim returnValue As Boolean = LogonUser(userName, domainName, Console.ReadLine(), LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, safeTokenHandle) Console.WriteLine("LogonUser called.") If False = returnValue Then Dim ret As Integer = Marshal.GetLastWin32Error() Console.WriteLine("LogonUser failed with error code : {0}", ret) Throw New System.ComponentModel.Win32Exception(ret) Return End If Using safeTokenHandle Dim success As String If returnValue Then success = "Yes" Else success = "No" Console.WriteLine(("Did LogonUser succeed? " + success)) Console.WriteLine(("Value of Windows NT token: " + safeTokenHandle.DangerousGetHandle().ToString())) ' Check the identity. Console.WriteLine(("Before impersonation: " + WindowsIdentity.GetCurrent().Name)) ' Use the token handle returned by LogonUser. Dim newId As New WindowsIdentity(safeTokenHandle.DangerousGetHandle()) Using impersonatedUser As WindowsImpersonationContext = newId.Impersonate() ' Check the identity. Console.WriteLine(("After impersonation: " + WindowsIdentity.GetCurrent().Name)) ' Free the tokens. End Using End Using Catch ex As Exception Console.WriteLine(("Exception occurred. " + ex.Message)) End Try End Sub 'Main End Class 'Class1 End Module Public NotInheritable Class SafeTokenHandle Inherits SafeHandleZeroOrMinusOneIsInvalid Private Sub New() MyBase.New(True) End Sub 'New Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _ ByVal lpszDomain As [String], ByVal lpszPassword As [String], _ ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _ ByRef phToken As IntPtr) As Boolean <DllImport("kernel32.dll"), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success), SuppressUnmanagedCodeSecurity()> _ Private Shared Function CloseHandle(ByVal handle As IntPtr) As <MarshalAs(UnmanagedType.Bool)> Boolean End Function Protected Overrides Function ReleaseHandle() As Boolean Return CloseHandle(handle) End Function 'ReleaseHandle End Class 'SafeTokenHandle
C#
// This sample demonstrates the use of the WindowsIdentity class to impersonate a user. // IMPORTANT NOTES: // This sample requests the user to enter a password on the console screen. // Because the console window does not support methods allowing the password to be masked, // it will be visible to anyone viewing the screen. // On Windows Vista and later this sample must be run as an administrator. using System; using System.Runtime.InteropServices; using System.Security.Principal; using System.Security.Permissions; using Microsoft.Win32.SafeHandles; using System.Runtime.ConstrainedExecution; using System.Security; public class ImpersonationDemo { [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken); [DllImport("kernel32.dll", CharSet = CharSet.Auto)] public extern static bool CloseHandle(IntPtr handle); // Test harness. // If you incorporate this code into a DLL, be sure to demand FullTrust. [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")] public static void Main(string[] args) { SafeTokenHandle safeTokenHandle; try { string userName, domainName; // Get the user token for the specified user, domain, and password using the // unmanaged LogonUser method. // The local machine name can be used for the domain name to impersonate a user on this machine. Console.Write("Enter the name of the domain on which to log on: "); domainName = Console.ReadLine(); Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName); userName = Console.ReadLine(); Console.Write("Enter the password for {0}: ", userName); const int LOGON32_PROVIDER_DEFAULT = 0; //This parameter causes LogonUser to create a primary token. const int LOGON32_LOGON_INTERACTIVE = 2; // Call LogonUser to obtain a handle to an access token. bool returnValue = LogonUser(userName, domainName, Console.ReadLine(), LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, out safeTokenHandle); Console.WriteLine("LogonUser called."); if (false == returnValue) { int ret = Marshal.GetLastWin32Error(); Console.WriteLine("LogonUser failed with error code : {0}", ret); throw new System.ComponentModel.Win32Exception(ret); } using (safeTokenHandle) { Console.WriteLine("Did LogonUser Succeed? " + (returnValue ? "Yes" : "No")); Console.WriteLine("Value of Windows NT token: " + safeTokenHandle); // Check the identity. Console.WriteLine("Before impersonation: " + WindowsIdentity.GetCurrent().Name); // Use the token handle returned by LogonUser. WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()); using (WindowsImpersonationContext impersonatedUser = newId.Impersonate()) { // Check the identity. Console.WriteLine("After impersonation: " + WindowsIdentity.GetCurrent().Name); } // Releasing the context object stops the impersonation // Check the identity. Console.WriteLine("After closing the context: " + WindowsIdentity.GetCurrent().Name); } } catch (Exception ex) { Console.WriteLine("Exception occurred. " + ex.Message); } } } public sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid { private SafeTokenHandle() : base(true) { } [DllImport("kernel32.dll")] [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] [SuppressUnmanagedCodeSecurity] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool CloseHandle(IntPtr handle); protected override bool ReleaseHandle() { return CloseHandle(handle); } }
VisualC++
// This sample demonstrates the use of the WindowsIdentity class to impersonate a user. // IMPORTANT NOTES: // This sample requests the user to enter a password on the console screen. // Because the console window does not support methods allowing the password to be masked, // it will be visible to anyone viewing the screen. // On Windows Vista and later this sample must be run as an administrator. #using <System.dll> using namespace System; using namespace System::Runtime::InteropServices; using namespace System::Security::Principal; using namespace System::Security::Permissions; [DllImport("advapi32.dll",SetLastError=true)] bool LogonUser( String^ lpszUsername, String^ lpszDomain, String^ lpszPassword, int dwLogonType, int dwLogonProvider, IntPtr * phToken ); [DllImport("kernel32.dll",CharSet=CharSet::Auto)] bool CloseHandle( IntPtr handle ); // Test harness. // If you incorporate this code into a DLL, be sure to demand FullTrust. [PermissionSetAttribute(SecurityAction::Demand,Name="FullTrust")] int main() { IntPtr tokenHandle = IntPtr(0); try { String^ userName; String^ domainName; // Get the user token for the specified user, domain, and password using the // unmanaged LogonUser method. // The local machine name can be used for the domain name to impersonate a user on this machine. Console::Write( "Enter the name of the domain on which to log on: " ); domainName = Console::ReadLine(); Console::Write( "Enter the login of a user on {0} that you wish to impersonate: ", domainName ); userName = Console::ReadLine(); Console::Write( "Enter the password for {0}: ", userName ); const int LOGON32_PROVIDER_DEFAULT = 0; //This parameter causes LogonUser to create a primary token. const int LOGON32_LOGON_INTERACTIVE = 2; const int SecurityImpersonation = 2; tokenHandle = IntPtr::Zero; // Call LogonUser to obtain a handle to an access token. bool returnValue = LogonUser( userName, domainName, Console::ReadLine(), LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &tokenHandle ); Console::WriteLine( "LogonUser called." ); if ( false == returnValue ) { int ret = Marshal::GetLastWin32Error(); Console::WriteLine( "LogonUser failed with error code : {0}", ret ); throw gcnew System::ComponentModel::Win32Exception( ret ); } Console::WriteLine( "Did LogonUser Succeed? {0}", (returnValue ? (String^)"Yes" : "No") ); Console::WriteLine( "Value of Windows NT token: {0}", tokenHandle ); // Check the identity. Console::WriteLine( "Before impersonation: {0}", WindowsIdentity::GetCurrent()->Name ); // The token that is passed to the following constructor must // be a primary token in order to use it for impersonation. WindowsIdentity^ newId = gcnew WindowsIdentity( tokenHandle ); WindowsImpersonationContext^ impersonatedUser = newId->Impersonate(); // Check the identity. Console::WriteLine( "After impersonation: {0}", WindowsIdentity::GetCurrent()->Name ); // Stop impersonating the user. impersonatedUser->Undo(); // Check the identity. Console::WriteLine( "After Undo: {0}", WindowsIdentity::GetCurrent()->Name ); // Free the tokens. if ( tokenHandle != IntPtr::Zero ) CloseHandle( tokenHandle ); } catch ( Exception^ ex ) { Console::WriteLine( "Exception occurred. {0}", ex->Message ); } }
Informations de version
.NET Framework
Pris en charge dans : 4, 3.5, 3.0, 2.0, 1.1, 1.0.NET Framework Client Profile
Pris en charge dans : 4, 3.5 SP1Plateformes
Windows 7, Windows Vista SP1 ou ultérieur, Windows XP SP3, Windows XP SP2 Édition x64, Windows Server 2008 (installation minimale non prise en charge), Windows Server 2008 R2 (installation minimale prise en charge avec SP1 ou version ultérieure), Windows Server 2003 SP2
Le .NET Framework ne prend pas en charge toutes les versions de chaque plateforme. Pour obtenir la liste des versions prises en charge, consultez Configuration requise du .NET Framework.
Voir aussi
Référence
Historique des modifications
|
Date |
Historique |
Motif |
|---|---|---|
|
Décembre 2010 |
Exemple remplacé. |
Commentaires client. |