我的应用程序需要模拟一个服务帐户，这是我通过本机调用的LogonUser 做的。但是，看来，在NET库随机组件尝试访问注册表项帐户没有访问，引起了 SecurityException异常被抛出。

My app needs to impersonate a service account, which I do through a native-call to LogonUser. However, it appears that random components in the .Net library try to access registry keys the account doesn't have access to, causing a SecurityException to be thrown.

具体而言，当我打开一个的LinkLabel ，它崩溃试图确定在IE浏览器默认的超链接的颜色：

Specifically, when I load a LinkLabel, it crashes trying to determine the default hyperlink color in IE:

System.Security.SecurityException: Requested registry access is not allowed.
      at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
      at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
      at Microsoft.Win32.RegistryKey.OpenSubKey(String name)
      at System.Windows.Forms.LinkUtilities.GetIEColor(String name)
      at System.Windows.Forms.LinkUtilities.get_IELinkColor()
      at System.Windows.Forms.LinkLabel.get_LinkColor()
      at System.Windows.Forms.LinkLabel.OnPaint(PaintEventArgs e)
      at System.Windows.Forms.Control.PaintWithErrorHandling(PaintEventArgs e, Int16 layer, Boolean disposeEventArgs)
      at System.Windows.Forms.Control.WmPaint(Message& m)
      at System.Windows.Forms.Control.WndProc(Message& m)
      at System.Windows.Forms.Label.WndProc(Message& m)
      at System.Windows.Forms.LinkLabel.WndProc(Message& msg)
      at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
      at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
      at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
The Zone of the assembly that failed was:  MyComputer

没有，设置默认的颜色并没有帮助。

No, setting the default color does not help.

我发现这个线程具有完全相同的问题，但我怕我不明白的解决方案：

I found this thread with the exact same problem, but I'm afraid I don't understand the solution:

满载 LoadUserProfile 注册表配置单元HKU下存储，HKCU仍然交互式登录用户的配置单元（由WINLOGON.EXE加载）。

Registry hives loaded with LoadUserProfile are stored under HKU, HKCU remains the interactive logon user's hive (loaded by winlogon.exe).

所以，如果你需要获取新加载配置单元，你需要：    - 集 REGKEY 到 Registry.Users    - 用你的模拟用户帐户的SID字符串打开子项

So if you need to get at the newly loaded hive you need to: - set Regkey to Registry.Users - Open the subkey using the string SID of the user account you are impersonating.

有谁知道任何解决方法吗？

Does anyone know of any workarounds for this?

推荐答案

问题是你正在模拟时间过长，code（间接通过.NET Framework）正在访问更多的资源比你预期的，而模仿。这一例外似乎是由您的假冒code是一个图形用户界面（STA）线程上运行的事实造成的。

The problem is you are impersonating too long and your code (indirectly through the .NET framework) is accessing more resources than you intended while impersonating. This exception seems to be caused by the fact your impersonation code is running on a GUI (STA) thread.

您可以：

冒充更短的时间周期 - 仅仅只要你需要这么叫冒充随后撤销，只要你能。即使一个语句后，你必须重新冒充。这是典型的模拟模式。 将在冒充code到工人（MTA）线程，你应该避免这种特定的症状。现在，你有如何与模拟code沟通的问题，但它并不可怕。 如果你真的想要的全过程，以作为系统帐户运行（作为最小特权之类的也许是事），唯一支持的解决方案，我知道的是有HKEY_CURRENT_USER的东西，系统帐户可以访问。这是通过调用LoadUserProfile，然后调用CreateProcessAsUser完成;但是这是一个全新的架构，你旋转一个新的进程来处理模拟。