ASP.NET:冒充反对在VMWare

这个问题是什么，我问，但答案并不提供对_token是如何得出的详细信息。它似乎只能用 WindowsIdentity.GetCurrent（）。令牌所以没有模拟发生。

Can我冒充一个不同的Active Directory域中的用户在.NET？

这下一个问题有矛盾的答案，所接受的一个轴承评论我开始怀疑，我的问题出在其它地方。没有帮助的。

的LogonUser只为我的域名作品

这下一个问题似乎在暗示这是不可能的，但它有2个域处理，所以我不知道这是否是相关的。

我的真正的问题是：

我已经试过到目前为止，使用code从http://msdn.microsoft.com/en-us/library/chf6fbt4%28v=VS.80%29.aspx

 布尔的returnValue = LogonUser的（用户，域，密码，
            LOGON32_LOGON_NETWORK，LOGON32_PROVIDER_DEFAULT，
            裁判tokenHandle）;
//这点之后，的returnValue = FALSE
 

Win32错误是

登录失败：未知的用户名或密码错误

很少帖建议使用 LOGON_TYPE_NEW_CREDENTIALS 而不是 LOGON_TYPE_NETWORK 或 LOGON_TYPE_INTERACTIVE 。我有一个问题，假冒一体机连接到域，一个没有了，这个固定。 在最后code段这个帖子表明，跨林冒充做的工作，但它并没有具体说有关信任任何正在建立。因此，这可能是值得一试：

  const int的LOGON_TYPE_NEW_CREDENTIALS = 9;
const int的LOGON32_PROVIDER_WINNT50 = 3;
布尔的returnValue = LogonUser的（用户，域，密码，
            LOGON_TYPE_NEW_CREDENTIALS，LOGON32_PROVIDER_WINNT50，
            裁判tokenHandle）;
 

MSDN说的 LOGON_TYPE_NEW_CREDENTIALS 仅在使用适用 LOGON32_PROVIDER_WINNT50 。

ASP.NET: Impersonate against a domain on VMWare

This question is what I am asking, but the answer does not provide details on how the _token is derived. It seems to only use WindowsIdentity.GetCurrent().Token so there's no impersonation happening.

Can I impersonate a user on a different Active Directory domain in .NET?

This next question has conflicting answers, with the accepted one bearing a comment "I'm beginning to suspect that my problem lies elsewhere." Not helpful.

LogonUser works only for my domain

This next question seems to imply it is not possible, but it deals with 2 domains so I am not sure if it is relevant.

My real question is:

What I have tried so far is, using the code from http://msdn.microsoft.com/en-us/library/chf6fbt4%28v=VS.80%29.aspx

bool returnValue = LogonUser(user, domain, password,
            LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT,
            ref tokenHandle);
// after this point, returnValue = false

The Win32 error is

Logon failure: unknown user name or bad password

Very few posts suggest using LOGON_TYPE_NEW_CREDENTIALS instead of LOGON_TYPE_NETWORK or LOGON_TYPE_INTERACTIVE. I had an impersonation issue with one machine connected to a domain and one not, and this fixed it. The last code snippet in this post suggests that impersonating across a forest does work, but it doesn't specifically say anything about trust being set up. So this may be worth trying:

const int LOGON_TYPE_NEW_CREDENTIALS = 9;
const int LOGON32_PROVIDER_WINNT50 = 3;
bool returnValue = LogonUser(user, domain, password,
            LOGON_TYPE_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50,
            ref tokenHandle);

MSDN says that LOGON_TYPE_NEW_CREDENTIALS only works when using LOGON32_PROVIDER_WINNT50.