在 vb.net 中以不同用户身份运行新进程
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/480358/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Run new process as different user in vb.net
提问by SqlRyan
I'm currently using a homegrown method to run a process as a different user in Vista, and I can't escape the feeling that's it hack-ish and less than ideal (in addition to the fact that it craps out UAC, crashing my app with a security exception, and forcing me to disable UAC altogether). My process consists of two projects (so two EXE files) - an "interface" and a "launch stub" - and here's the process:
我目前正在使用一种本土方法在 Vista 中以不同的用户身份运行一个进程,我无法逃避这样的感觉,即它是 hack-ish 并且不太理想(此外,它会导致 UAC 崩溃,使我的应用程序有一个安全例外,并迫使我完全禁用 UAC)。我的过程由两个项目(所以两个 EXE 文件)组成——一个“界面”和一个“启动存根”——过程如下:
- User has a shortcut that launches "Interface.exe notepad.exe"
- Interface.exe has a form that asks for the credentials they'd like to use
- Interace.exe uses ProcessStartInfo to create an instance of LaunchStub.exe (LS) as the new user
- LS uses ProcessStartInfo (with ShellExecute set to true) to launch the requested file, and since it's already running as the requested user, so is the new process.
- 用户有一个启动“Interface.exe notepad.exe”的快捷方式
- Interface.exe 有一个表单,询问他们想要使用的凭据
- Interace.exe 使用 ProcessStartInfo 创建 LaunchStub.exe (LS) 的实例作为新用户
- LS 使用 ProcessStartInfo(ShellExecute 设置为 true)来启动请求的文件,并且由于它已经作为请求的用户运行,所以新进程也是如此。
The reason I have a two-step process is that I want users to be able to right-click on any file the OS has a default action for (.EXE, .SQL, .MSC, etc) and launch it, and ProcessStartInfo only supports that with "UseShellExecute" enabled, but that switch prevents me from using new credentials, so I can only do one at a time.
我有一个两步过程的原因是我希望用户能够右键单击操作系统具有默认操作(.EXE、.SQL、.MSC 等)的任何文件并启动它,并且仅 ProcessStartInfo支持启用“UseShellExecute”,但该开关阻止我使用新凭据,所以我一次只能做一个。
This causes a few problems - first, the user has to already exist on the computer, meaning they have to have logged in locally before. If there's no local profile for that user, the requested app will sometimes launch, but I get registry and profile exceptions because the application expects things to exist that don't yet (like an HKCU hive in the registry, which the user doesn't have because they've never logged in).
这会导致一些问题 - 首先,用户必须已经存在于计算机上,这意味着他们之前必须在本地登录。如果该用户没有本地配置文件,请求的应用程序有时会启动,但我会收到注册表和配置文件异常,因为应用程序希望存在尚未存在的东西(例如注册表中的 HKCU 配置单元,用户没有有,因为他们从未登录过)。
I know I should be able to just "Elevate" the rights of my application to the user they're requesting, launch my new process, and then undo the elevation, but I'm unable to find a good code sample for that, and I'm not sure that it would allow running as a completely different user. Does this all make sense? I just can't help feel like there's a better way to do this.
我知道我应该能够将我的应用程序的权限“提升”给他们请求的用户,启动我的新进程,然后撤消提升,但是我找不到一个好的代码示例,并且我不确定它是否允许以完全不同的用户身份运行。这一切都有意义吗?我不禁觉得有更好的方法可以做到这一点。
UPDATE:I just tried some Impersonation codeI found online, but to no avail. When used in conjunction with ProcessStartInfo, it still seems to launch processes using my current login, not the one I've provided, even though I've activated impersonation using the provided credentials.
更新:我只是尝试了一些我在网上找到的模拟代码,但无济于事。当与 ProcessStartInfo 结合使用时,它似乎仍然使用我当前的登录名启动进程,而不是我提供的登录名,即使我已经使用提供的凭据激活了模拟。
采纳答案by user50612
Chances are that you have to create your own "shell" function using the Win32 API.
您可能必须使用 Win32 API 创建自己的“shell”函数。
Using the CreateProcessWithLogonW API you can create new processes under different credentials and optionally load user profile information.
使用 CreateProcessWithLogonW API,您可以在不同的凭据下创建新进程,并可选择加载用户配置文件信息。
In the code snippet below if you replace
在下面的代码片段中,如果您替换
- username - with your username
- domain - with your domain or "vbNullString"
- password - with your password
- parameter 4 - replace 0 with 'LOGON WITH PROFILE' to load the specified users profile.
- 用户名 - 使用您的用户名
- 域 - 使用您的域或“vbNullString”
- 密码 - 使用您的密码
- 参数 4 - 用 'LOGON WITH PROFILE' 替换 0 以加载指定的用户配置文件。
See the documentation for the CreateProcessWithLogonW APIfor further specifics. Going this route you have full control and full responsibility for launching the application.
有关详细信息,请参阅CreateProcessWithLogonW API的文档。走这条路线,您拥有启动应用程序的完全控制权和全部责任。
Again this is just a sample and you may have to play with it a little to get it to do what you want.
同样,这只是一个示例,您可能需要稍微尝试一下才能让它做您想做的事。
Imports System.Runtime.InteropServices
Public Module modShell
<StructLayout(LayoutKind.Sequential)> _
Public Structure STARTUPINFO
Public cb As Integer
Public lpReserved As String
Public lpDesktop As String
Public lpTitle As String
Public dwX As Integer
Public dwY As Integer
Public dwXSize As Integer
Public dwYSize As Integer
Public dwXCountChars As Integer
Public dwYCountChars As Integer
Public dwFillAttribute As Integer
Public dwFlags As Integer
Public wShowWindow As Short
Public cbReserved2 As Short
Public lpReserved2 As Integer
Public hStdInput As Integer
Public hStdOutput As Integer
Public hStdError As Integer
End Structure
<StructLayout(LayoutKind.Sequential)> _
Public Structure PROCESS_INFORMATION
Public hProcess As IntPtr
Public hThread As IntPtr
Public dwProcessId As Integer
Public dwThreadId As Integer
End Structure
Public Declare Unicode Function CreateProcessWithLogonW Lib "Advapi32" (ByVal lpUsername As String, ByVal lpDomain As String, ByVal lpPassword As String, ByVal dwLogonFlags As Int32, ByVal lpApplicationName As String, ByVal lpCommandLine As String, ByVal dwCreationFlags As Int32, ByVal lpEnvironment As IntPtr, ByVal lpCurrentDirectory As String, ByRef si As STARTUPINFO, ByRef pi As PROCESS_INFORMATION) As Integer
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As IntPtr) As Integer
Public Const LOGON_WITH_PROFILE As Int32 = &H1
Public Const NORMAL_PRIORITY_CLASS As Int32 = &H20&
Public Const STARTF_USESHOWWINDOW As Int32 = &H1
Public Const SW_HIDE As Int16 = 0
Public Const SW_SHOW As Int16 = 5
Public Function Shell(ByVal strCmdLine As String, ByVal strCurrentDirectory As String) As Boolean
Dim pi As PROCESS_INFORMATION
Dim si As New STARTUPINFO
si.cb = Marshal.SizeOf(si)
si.dwFlags = STARTF_USESHOWWINDOW
si.wShowWindow = SW_SHOW
Dim result As Integer = CreateProcessWithLogonW("username", "domain", "password", 0, vbNullString, strCmdLine, NORMAL_PRIORITY_CLASS, IntPtr.Zero, strCurrentDirectory, si, pi)
If result <> 0 Then
Call CloseHandle(pi.hThread)
Call CloseHandle(pi.hProcess)
Else
Return False
End If
Return True
End Function
End Module
回答by Sunny Milenov
回答by DrFuture
Try this Module:
试试这个模块:
Module Impersonation
#Region "API Structures"
<StructLayout(LayoutKind.Sequential)> _
Public Structure PROCESS_INFORMATION
Dim hProcess As System.IntPtr
Dim hThread As System.IntPtr
Dim dwProcessId As Integer
Dim dwThreadId As Integer
End Structure
<StructLayout(LayoutKind.Sequential)> _
Public Structure STARTUPINFO
Dim cb As Integer
Dim lpReserved As System.IntPtr
Dim lpDesktop As System.IntPtr
Dim lpTitle As System.IntPtr
Dim dwX As Integer
Dim dwY As Integer
Dim dwXSize As Integer
Dim dwYSize As Integer
Dim dwXCountChars As Integer
Dim dwYCountChars As Integer
Dim dwFillAttribute As Integer
Dim dwFlags As Integer
Dim wShowWindow As Short
Dim cbReserved2 As Short
Dim lpReserved2 As System.IntPtr
Dim hStdInput As System.IntPtr
Dim hStdOutput As System.IntPtr
Dim hStdError As System.IntPtr
End Structure
#End Region
#Region "API Constants"
Private Const LOGON_NETCREDENTIALS_ONLY As Integer = &H2
Private Const NORMAL_PRIORITY_CLASS As Integer = &H20
Private Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000
Private Const CREATE_NEW_CONSOLE As Integer = &H10
Private Const CREATE_NEW_PROCESS_GROUP As Integer = &H200
Private Const LOGON_WITH_PROFILE As Integer = &H1
#End Region
#Region "API Functions"
Private Declare Unicode Function CreateProcessWithLogon Lib "Advapi32" Alias "CreateProcessWithLogonW" _
(ByVal lpUsername As String, _
ByVal lpDomain As String, _
ByVal lpPassword As String, _
ByVal dwLogonFlags As Integer, _
ByVal lpApplicationName As String, _
ByVal lpCommandLine As String, _
ByVal dwCreationFlags As Integer, _
ByVal lpEnvironment As System.IntPtr, _
ByVal lpCurrentDirectory As System.IntPtr, _
ByRef lpStartupInfo As STARTUPINFO, _
ByRef lpProcessInfo As PROCESS_INFORMATION) As Integer
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As System.IntPtr) As Integer
#End Region
Public Sub RunProgram(ByVal UserName As String, ByVal Password As String, ByVal Domain As String, ByVal Application As String, ByVal CommandLine As String)
Dim siStartup As STARTUPINFO
Dim piProcess As PROCESS_INFORMATION
Dim intReturn As Integer
If CommandLine Is Nothing OrElse CommandLine = "" Then CommandLine = String.Empty
siStartup.cb = Marshal.SizeOf(siStartup)
siStartup.dwFlags = 0
intReturn = CreateProcessWithLogon(UserName, Domain, Password, LOGON_WITH_PROFILE, Application, CommandLine, _
NORMAL_PRIORITY_CLASS Or CREATE_DEFAULT_ERROR_MODE Or CREATE_NEW_CONSOLE Or CREATE_NEW_PROCESS_GROUP, _
IntPtr.Zero, IntPtr.Zero, siStartup, piProcess)
If intReturn = 0 Then
Throw New System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error())
End If
CloseHandle(piProcess.hProcess)
CloseHandle(piProcess.hThread)
End Sub
End Module
Use Runprogram() To start your Program with user/pw y like. Programm means the .exe only, parameters ar written into "commandline"
使用 Runprogram() 以 user/pw 之类的方式启动您的程序。Programm 仅表示 .exe,参数写入“命令行”
回答by zlsmith86
If you want to start an application with different credentials than the current running process, you can use the .Net Processclass.
如果要使用与当前正在运行的进程不同的凭据启动应用程序,可以使用 .Net Process类。
this.Process = new Process();
this.Process.StartInfo.Arguments = "Arguments";
this.Process.StartInfo.FileName = "C:\your.exe";
this.Process.StartInfo.UserName = "UserName";
string password = "some password";
this.Process.StartInfo.Password.Clear();
foreach (char c in password)
{
this.Process.StartInfo.Password.AppendChar(c);
}
//allow the process to raise events
this.Process.EnableRaisingEvents = true;
this.Process.StartInfo.ErrorDialog = false;
//Method for handling the exit event
this.Process.Exited += new EventHandler(ApplicationProcess_Exited);
//Set the application directory as the current working directory
Environment.CurrentDirectory = System.IO.Directory.GetParent("C:\").ToString();
if (this.Process.Start())
{
// Do something on start
}
