Method: Description: When using ASP.NET, it is often doing something because of security issues, but sometimes we have to use these permissions, we should give these users to some permissions, and let's come Use counterfeit to grant permissions.
The following is Iden.cs
using System; using System.Web.Security; using System.Security.Principal; using System.Runtime.InteropServices; using System.Security.Cryptography; using System.IO; using System.Text;
Namespace com.todayisp.Identity {///
public class IDEN {public const int LOGON32_LOGON_INTERACTIVE = 2; public const int LOGON32_PROVIDER_DEFAULT = 0; public const string ComputerName = "localhost"; WindowsImpersonationContext impersonationContext;
[DllImport ( "advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern int LogonUser (String lpszUserName, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport ( "advapi32.dll", CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError = true)] public extern static int DuplicateToken (IntPtr hToken, int impersonationLevel, ref IntPtr hNewToken);
// Log in to counterfeit users // compName is the username of the computer, compPassword is the user's password public box, string compzsword {try {if (compName == null) Return False; if (compPassword == Null Return False;
WindowsIdentity tempWindowsIdentity; IntPtr token = IntPtr.Zero; IntPtr tokenDuplicate = IntPtr.Zero; if (! LogonUser (CompName, ComputerName, CompPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) = 0) {if (DuplicateToken (token, 2, ref tokenDuplicate) ! = 0) {tempWindowsIdentity = new WindowsIdentity (tokenDuplicate); impersonationContext = tempWindowsIdentity.Impersonate ();! if (impersonationContext = null) return true; else {return false;}} else {return false;}} else {return false; }}}}} // logout counterfeit user public void changeroleout () {impersonationContext.undo ();} catch}}}}}
How to use, below is ASP.NET file ChangeUser.aspx
<% @ Page language = "c #" autoeventwireup = "false"%> <% @ import namespace = "com.todayisp.Identity"%> // Remember to use this namespace <% string username = request.params ["username" ]; String password = request.params ["password"]; if (username == null && password == null) {response.write ("Error: username and password are empty."); return;}
// fake identity begins IDEN IdENTITY = new id1 (); bool IN = Identity.changerolein (UserName, PasswordKey); if (! In) {response.write ("Error: Change User Permissions Failure"); Return;
// fake identity end Identity.changeRoleout ();
%>
