快捷導(dǎo)航

asp.net中穿透Session 0 隔離（二）

更新時(shí)間：2012年11月10日 15:15:59 作者：

上一篇我們已經(jīng)對(duì)Session 0 隔離有了進(jìn)一步認(rèn)識(shí)，如果在開(kāi)發(fā)過(guò)程中確實(shí)需要服務(wù)與桌面用戶進(jìn)行交互，可以通過(guò)遠(yuǎn)程桌面服務(wù)的API 繞過(guò)Session 0 的隔離完成交互操作

對(duì)于簡(jiǎn)單的交互，服務(wù)可以通過(guò)WTSSendMessage 函數(shù)，在用戶Session 上顯示消息窗口。對(duì)于一些復(fù)雜的UI 交互，必須調(diào)用CreateProcessAsUser 或其他方法（WCF、.NET遠(yuǎn)程處理等）進(jìn)行跨Session 通信，在桌面用戶上創(chuàng)建一個(gè)應(yīng)用程序界面。

WTSSendMessage 函數(shù)
如果服務(wù)只是簡(jiǎn)單的向桌面用戶Session 發(fā)送消息窗口，則可以使用WTSSendMessage 函數(shù)實(shí)現(xiàn)。首先，在上一篇下載的代碼中加入一個(gè)Interop.cs 類，并在類中加入如下代碼：

復(fù)制代碼代碼如下:

 
public static IntPtr WTS_CURRENT_SERVER_HANDLE = IntPtr.Zero; 

public static void ShowMessageBox(string message, string title) 
{ 
int resp = 0; 
WTSSendMessage( 
WTS_CURRENT_SERVER_HANDLE, 
WTSGetActiveConsoleSessionId(), 
title, title.Length, 
message, message.Length, 
0, 0, out resp, false); 
} 

[DllImport("kernel32.dll", SetLastError = true)] 
public static extern int WTSGetActiveConsoleSessionId(); 

[DllImport("wtsapi32.dll", SetLastError = true)] 
public static extern bool WTSSendMessage( 
IntPtr hServer, 
int SessionId, 
String pTitle, 
int TitleLength, 
String pMessage, 
int MessageLength, 
int Style, 
int Timeout, 
out int pResponse, 
bool bWait); 

在ShowMessageBox 函數(shù)中調(diào)用了WTSSendMessage 來(lái)發(fā)送信息窗口，這樣我們就可以在Service 的OnStart 函數(shù)中使用，打開(kāi)Service1.cs 加入下面代碼：

復(fù)制代碼代碼如下:

 
protected override void OnStart(string[] args) 
{ 
Interop.ShowMessageBox("This a message from AlertService.", "AlertService Message"); 
} 

編譯程序后在服務(wù)管理器中重新啟動(dòng)AlertService 服務(wù)，從下圖中可以看到消息窗口是在當(dāng)前用戶桌面顯示的，而不是Session 0 中。

CreateProcessAsUser 函數(shù)

如果想通過(guò)服務(wù)向桌面用戶Session 創(chuàng)建一個(gè)復(fù)雜UI 程序界面，則需要使用CreateProcessAsUser 函數(shù)為用戶創(chuàng)建一個(gè)新進(jìn)程用來(lái)運(yùn)行相應(yīng)的程序。打開(kāi)Interop 類繼續(xù)添加下面代碼：

復(fù)制代碼代碼如下:

 
public static void CreateProcess(string app, string path) 
{ 
bool result; 
IntPtr hToken = WindowsIdentity.GetCurrent().Token; 
IntPtr hDupedToken = IntPtr.Zero; 

PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); 
SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES(); 
sa.Length = Marshal.SizeOf(sa); 

STARTUPINFO si = new STARTUPINFO(); 
si.cb = Marshal.SizeOf(si); 

int dwSessionID = WTSGetActiveConsoleSessionId(); 
result = WTSQueryUserToken(dwSessionID, out hToken); 

if (!result) 
{ 
ShowMessageBox("WTSQueryUserToken failed", "AlertService Message"); 
} 

result = DuplicateTokenEx( 
hToken, 
GENERIC_ALL_ACCESS, 
ref sa, 
(int)SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, 
(int)TOKEN_TYPE.TokenPrimary, 
ref hDupedToken 
); 

if (!result) 
{ 
ShowMessageBox("DuplicateTokenEx failed" ,"AlertService Message"); 
} 

IntPtr lpEnvironment = IntPtr.Zero; 
result = CreateEnvironmentBlock(out lpEnvironment, hDupedToken, false); 

if (!result) 
{ 
ShowMessageBox("CreateEnvironmentBlock failed", "AlertService Message"); 
} 

result = CreateProcessAsUser( 
hDupedToken, 
app, 
String.Empty, 
ref sa, ref sa, 
false, 0, IntPtr.Zero, 
path, ref si, ref pi); 

if (!result) 
{ 
int error = Marshal.GetLastWin32Error(); 
string message = String.Format("CreateProcessAsUser Error: {0}", error); 
ShowMessageBox(message, "AlertService Message"); 
} 

if (pi.hProcess != IntPtr.Zero) 
CloseHandle(pi.hProcess); 
if (pi.hThread != IntPtr.Zero) 
CloseHandle(pi.hThread); 
if (hDupedToken != IntPtr.Zero) 
CloseHandle(hDupedToken); 
} 

[StructLayout(LayoutKind.Sequential)] 
public struct STARTUPINFO 
{ 
public Int32 cb; 
public string lpReserved; 
public string lpDesktop; 
public string lpTitle; 
public Int32 dwX; 
public Int32 dwY; 
public Int32 dwXSize; 
public Int32 dwXCountChars; 
public Int32 dwYCountChars; 
public Int32 dwFillAttribute; 
public Int32 dwFlags; 
public Int16 wShowWindow; 
public Int16 cbReserved2; 
public IntPtr lpReserved2; 
public IntPtr hStdInput; 
public IntPtr hStdOutput; 
public IntPtr hStdError; 
} 

[StructLayout(LayoutKind.Sequential)] 
public struct PROCESS_INFORMATION 
{ 
public IntPtr hProcess; 
public IntPtr hThread; 
public Int32 dwProcessID; 
public Int32 dwThreadID; 
} 

[StructLayout(LayoutKind.Sequential)] 
public struct SECURITY_ATTRIBUTES 
{ 
public Int32 Length; 
public IntPtr lpSecurityDescriptor; 
public bool bInheritHandle; 
} 

public enum SECURITY_IMPERSONATION_LEVEL 
{ 
SecurityAnonymous, 
SecurityIdentification, 
SecurityImpersonation, 
SecurityDelegation 
} 

public enum TOKEN_TYPE 
{ 
TokenPrimary = 1, 
TokenImpersonation 
} 

public const int GENERIC_ALL_ACCESS = 0x10000000; 

[DllImport("kernel32.dll", SetLastError = true, 
CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)] 
public static extern bool CloseHandle(IntPtr handle); 

[DllImport("advapi32.dll", SetLastError = true, 
CharSet = CharSet.Ansi, CallingConvention = CallingConvention.StdCall)] 
public static extern bool CreateProcessAsUser( 
IntPtr hToken, 
string lpApplicationName, 
string lpCommandLine, 
ref SECURITY_ATTRIBUTES lpProcessAttributes, 
ref SECURITY_ATTRIBUTES lpThreadAttributes, 
bool bInheritHandle, 
Int32 dwCreationFlags, 
IntPtr lpEnvrionment, 
string lpCurrentDirectory, 
ref STARTUPINFO lpStartupInfo, 
ref PROCESS_INFORMATION lpProcessInformation); 

[DllImport("advapi32.dll", SetLastError = true)] 
public static extern bool DuplicateTokenEx( 
IntPtr hExistingToken, 
Int32 dwDesiredAccess, 
ref SECURITY_ATTRIBUTES lpThreadAttributes, 
Int32 ImpersonationLevel, 
Int32 dwTokenType, 
ref IntPtr phNewToken); 

[DllImport("wtsapi32.dll", SetLastError=true)] 
public static extern bool WTSQueryUserToken( 
Int32 sessionId, 
out IntPtr Token); 

[DllImport("userenv.dll", SetLastError = true)] 
static extern bool CreateEnvironmentBlock( 
out IntPtr lpEnvironment, 
IntPtr hToken, 
bool bInherit); 

在CreateProcess 函數(shù)中同時(shí)也涉及到DuplicateTokenEx、WTSQueryUserToken、CreateEnvironmentBlock 函數(shù)的使用，有興趣的朋友可通過(guò)MSDN 進(jìn)行學(xué)習(xí)。完成CreateProcess 函數(shù)創(chuàng)建后，就可以真正的通過(guò)它來(lái)調(diào)用應(yīng)用程序了，回到Service1.cs 修改一下OnStart 我們來(lái)打開(kāi)一個(gè)CMD 窗口。如下代碼：

復(fù)制代碼代碼如下:

 
protected override void OnStart(string[] args) 
{ 
Interop.CreateProcess("cmd.exe",@"C:\Windows\System32\"); 
} 

重新編譯程序，啟動(dòng)AlertService 服務(wù)便可看到下圖界面。至此，我們已經(jīng)可以通過(guò)一些簡(jiǎn)單的方法對(duì)Session 0 隔離問(wèn)題進(jìn)行解決。大家也可以通過(guò)WCF 等技術(shù)完成一些更復(fù)雜的跨Session 通信方式，實(shí)現(xiàn)在Windows 7 及Vista 系統(tǒng)中服務(wù)與桌面用戶的交互操作。