WCF 模拟不是模拟管理员
我正在尝试使用 WCF 来做一些远程用户管理的事情。我重用了服务器 2003 盒子上的一些代码并且工作得很好,但是在我的 Windows 7 测试盒子上,当我检查调用该函数的用户是否是管理员时,它说不是。
[OperationBehavior(Impersonation=ImpersonationOption.Required)]
public string SetPassword(string username)
{
WindowsPrincipal principal = new WindowsPrincipal(OperationContext.Current.ServiceSecurityContext.WindowsIdentity);
System.Diagnostics.Debug.Print(WindowsIdentity.GetCurrent().Name);
System.Diagnostics.Debug.Print(principal.Identity.Name);
if (principal.IsInRole(WindowsBuiltInRole.Administrator))
{
//try
{
lock (Watchdog.m_principalContext)
{
using (UserPrincipal up = UserPrincipal.FindByIdentity(Watchdog.m_principalContext, username))
{
string newpassword = CreateRandomPassword();
up.SetPassword(newpassword);
up.Save();
return newpassword;
}
}
}
//catch
{
return null;
}
}
else
throw new System.Security.SecurityException("User not administrator");
}
principal.IsInRole(WindowsBuiltInRole.Administrator) 每次都返回 false。我当前的身份和principal.identity 都是要模拟的正确用户。并且该用户是管理员用户组的成员。
我认为这与 Windows Vista 及更高版本中实现的 UAC 有关。这将是一个问题,因为将要进行的生产机器是 win2k8-r2 盒子。
有什么建议吗?
I am trying to use WCF to do some remote user management things. I and reusing some code I had on a server 2003 box and worked fine, but on my windows 7 test box when I check to see if the user who called the function is administrator it says it is not.
[OperationBehavior(Impersonation=ImpersonationOption.Required)]
public string SetPassword(string username)
{
WindowsPrincipal principal = new WindowsPrincipal(OperationContext.Current.ServiceSecurityContext.WindowsIdentity);
System.Diagnostics.Debug.Print(WindowsIdentity.GetCurrent().Name);
System.Diagnostics.Debug.Print(principal.Identity.Name);
if (principal.IsInRole(WindowsBuiltInRole.Administrator))
{
//try
{
lock (Watchdog.m_principalContext)
{
using (UserPrincipal up = UserPrincipal.FindByIdentity(Watchdog.m_principalContext, username))
{
string newpassword = CreateRandomPassword();
up.SetPassword(newpassword);
up.Save();
return newpassword;
}
}
}
//catch
{
return null;
}
}
else
throw new System.Security.SecurityException("User not administrator");
}
principal.IsInRole(WindowsBuiltInRole.Administrator) is returning false every time. Both my current identity and principal.idenity are the correct user to be impersonated. and that user is a member of the administrators user group.
I think it has to do with UAC that was implemented in windows vista and up. this will be a issue because the production machine this will be going on to is a win2k8-r2 box.
Any suggestions on what to do?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
请查看这篇文章,位于“应对”部分下with Windows Vista”,一篇写得很好的文章,介绍了 UAC 和以编程方式检查管理员权限。
Take a look at this article, under the section, "Coping with Windows Vista" , a very well written article with about UAC and checking Admin privs programatically.
由于我不想做所有这些工作(来自 RandomNoob 的帖子)来检查用户是否是管理员并且服务是否已经在管理上下文中运行,所以我决定放弃模拟。我创建了一个名为 WCFUsers 的新用户组,并将使用该服务的任何人都添加到该组中。现在,它在自己的上下文中执行 System.DirectoryServices.AccountManagement 操作。
As I did not want to do all that work (from RandomNoob's post) for check if the user is an administrator and the service is already running in a administrative context, I decided to just drop impersonation. I created a new user group called WCFUsers and anyone who will be using the service was added to that group. It now does the
System.DirectoryServices.AccountManagementoperations in its own context.