asp.net-core - 在 asp.net core 中模拟用户
问题描述
我有来自常规 mvc 应用程序的以下代码,它通过模拟用户上传文件
public class PublicController : Controller
{
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
WindowsImpersonationContext impersonationContext;
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
public SomeActionMethod(model containing file)
{
if (ImpersonateValidUser(userName: "someuserwithpowertoupload", domain: "", password: "somepassword"))
{
path = "Somepath";
file.SaveAs(path);
}
}
private bool ImpersonateValidUser(String userName, String domain, String password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if (RevertToSelf())
{
if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if (DuplicateToken(token, impersonationLevel: 2, hNewToken: ref tokenDuplicate) != 0)
{
using (tempWindowsIdentity = new WindowsIdentity(tokenDuplicate))
{
this.impersonationContext = tempWindowsIdentity.Impersonate();
if (this.impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
}
if (token != IntPtr.Zero)
{
CloseHandle(token);
}
if (tokenDuplicate != IntPtr.Zero)
{
CloseHandle(tokenDuplicate);
}
return false;
}
这里的问题是 .net 核心中不存在 WindowsImpersonationContext。任何人都可以提供模拟用户的代码片段吗?此处的 Microsoft 文档https://docs.microsoft.com/en-us/dotnet/standard/security/impersonating-and-reverting不是很有帮助。
谢谢你。
解决方案
从文档:
ASP.NET Core 不实现模拟。使用应用程序池或进程标识,应用程序使用应用程序标识运行所有请求。如果应用程序应该代表用户执行操作,请使用
WindowsIdentity.RunImpersonated
或RunImpersonatedAsync
在终端内联中间件中的Startup.Configure
.
app.Run(async (context) =>
{
try
{
var user = (WindowsIdentity)context.User.Identity;
await context.Response
.WriteAsync($"User: {user.Name}\tState: {user.ImpersonationLevel}\n");
WindowsIdentity.RunImpersonated(user.AccessToken, () =>
{
var impersonatedUser = WindowsIdentity.GetCurrent();
var message =
$"User: {impersonatedUser.Name}\t" +
$"State: {impersonatedUser.ImpersonationLevel}";
var bytes = Encoding.UTF8.GetBytes(message);
context.Response.Body.Write(bytes, 0, bytes.Length);
});
}
catch (Exception e)
{
await context.Response.WriteAsync(e.ToString());
}
});
推荐阅读
- angularjs - 如何模拟包含第三方对象的窗口对象
- javascript - ReactJS 多输入问题 setState 和 state
- selenium - 捕获以文本框和可编辑格式显示的警报消息文本
- linux - 如何在 Linux Centos 7 上安装 Gnatcoll Postgres
- java - JaversException COMMITTING_TOP_LEVEL_VALUES_NOT_SUPPORTED
- c# - 如何将方法“utilities.DecryptStringFromBase64String”的调用限制为一次
- tensorflow - Tensorflow 在 Eager Execution 模式下循环切片分配给变量
- java - 如何防止 Eclipse 中出现流利的资源泄漏警告?
- arrays - 在日期 SwiftUI 上对映射数组进行排序
- php - PHP 7.3 - count(NULL) 使 php 脚本超时