使用模拟创建Windows文件夹

Question

我正在尝试使用由加密的.config文件提供的有限管理员帐户的凭据创建文件夹，现在我的代码正在假设用户无法访问这些目录，因此，如果授予访问代码的权限，则会引发未授权的调用，但我无法这样做，因为这会危及我们的安全。我知道如何从加密文件中取出我的用户名/密码，我只是不确定我应该用什么库或语法来模拟;这是我的代码：

//set the cursor 

string activeDir = "\\\\department\\shares\\users\\"; 

//create directory with userID as the folder name 

string newPath = System.IO.Path.Combine(activeDir + userID); 

System.IO.Directory.CreateDirectory(newPath); 

，所以我需要一种方法来提供凭据，但我在我一直在使用System.DirectoryServices.AccountManagement和pricipalcontext为更改提供用户名/口令的损失 - 到活动目录...我是否需要使用类似的库来更改文件系统？ 任何帮助将不胜感激，谢谢！

Answer 1

我想你可以暂时模仿该用户执行此操作的线程。看来这只能用P/Invoke完成。看看this example。

using (var impersonation = new ImpersonatedUser(decryptedUser, decryptedDomain, decryptedPassword)) 
{ 
    Directory.CreateDirectory(newPath); 
} 

为了完整起见（如果链接停止某一天的工作），找到ImpersonatedUser类以下（学分Jon Cole）：

using System; 
using System.ComponentModel; 
using System.Runtime.InteropServices; 
using System.Security.Principal; 

public class ImpersonatedUser : IDisposable 
{ 
    IntPtr userHandle; 

    WindowsImpersonationContext impersonationContext; 

    public ImpersonatedUser(string user, string domain, string password) 
    { 
     userHandle = IntPtr.Zero; 

     bool loggedOn = LogonUser(
      user, 
      domain, 
      password, 
      LogonType.Interactive, 
      LogonProvider.Default, 
      out userHandle); 

     if (!loggedOn) 
      throw new Win32Exception(Marshal.GetLastWin32Error()); 

     // Begin impersonating the user 
     impersonationContext = WindowsIdentity.Impersonate(userHandle); 
    } 

    public void Dispose() 
    { 
     if (userHandle != IntPtr.Zero) 
     { 
      CloseHandle(userHandle); 

      userHandle = IntPtr.Zero; 

      impersonationContext.Undo(); 
     } 
    } 

    [DllImport("advapi32.dll", SetLastError = true)] 
    static extern bool LogonUser(

     string lpszUsername, 

     string lpszDomain, 

     string lpszPassword, 

     LogonType dwLogonType, 

     LogonProvider dwLogonProvider, 

     out IntPtr phToken 

     ); 

    [DllImport("kernel32.dll", SetLastError = true)] 
    static extern bool CloseHandle(IntPtr hHandle); 

    enum LogonType : int 
    { 
     Interactive = 2, 
     Network = 3, 
     Batch = 4, 
     Service = 5, 
     NetworkCleartext = 8, 
     NewCredentials = 9, 
    } 

    enum LogonProvider : int 
    { 
     Default = 0, 
    } 

} 

Answer 2

使用Windows网络（WNET）功能。他们受到Windows 2000及更高版本的支持。包装：

public class WNet 
{ 
    public static void AddConnection(string resource, string username, string password) 
    { 
     NETRESOURCE nr = new NETRESOURCE(); 
     nr.RemoteName = resource; 
     uint err = WNetAddConnection2W(ref nr, password, username, 0); 
     if (err != 0) 
      throw new RemoteDirectoryException(string.Format("WNetAddConnection2 failed with error: #{0}", err)); 
    } 

    private struct NETRESOURCE 
    { 
     public uint Scope; 
     public uint Type; 
     public uint DisplayType; 
     public uint Usage; 
     public string LocalName; 
     public string RemoteName; 
     public string Comment; 
     public string Provider; 
    } 

    [DllImport("mpr.dll", CharSet = CharSet.Unicode)] 
    private extern static uint WNetAddConnection2W(ref NETRESOURCE lpNetResource, string lpPassword, string lpUsername, uint dwFlags); 
} 

添加连接，资源和创建目录：

string activeDir = "\\\\department\\shares\\users\\"; 
string username = "username"; 
string password = "password"; 

WNet.AddConnection(activeDir, username, password); 

string newPath = System.IO.Path.Combine(activeDir, userID); 
System.IO.Directory.CreateDirectory(newPath);