All geek questions in one place

How to get the current Windows * network * user identity, and not their online login identity?

Question

What is the call to the .NET method (or p / invoke to unmanaged Windows API) to get the current network authentication process, which is used to connect to network services that have passed SSPI authentication, such as SQL Server?

The specific use case that I have in mind is where you can work on a machine that is not related to a domain and use runas /noprofile /netonly /USER:DOMAIN\username to start a process that uses the DOMAIN\username identifier for network verification authentication instead of the local MACHINE\username registered identifier.

I need a method call that gives me the identifier DOMAIN\username passed to RUNAS here.

Thanks!

To be clear, I am NOT looking for a method call to get the current user locally logged on to the person (which may differ from the network ID). This excludes System.Security.Principal.WindowsIdentity.GetCurrent().Name and Environment.UserName and probably System.Threading.Thread.CurrentPrincipal.Identity.Name from the accepted responses. I will deny any answer that incorrectly points to any of these solutions, unless, of course, I am mistaken. :)

+4
source share
1 answer

This prints the user (in the form of "user @domain") for outgoing connections. This is C ++.

 CredHandle credHandle; TimeStamp timeStamp; SECURITY_STATUS status = AcquireCredentialsHandle(0, L"Negotiate", SECPKG_CRED_OUTBOUND, 0, 0, 0, 0, &credHandle, &timeStamp); if (status == SEC_E_OK) { SecPkgCredentials_Names names; status = QueryCredentialsAttributes(&credHandle, SECPKG_CRED_ATTR_NAMES, &names); if (status == SEC_E_OK) { wprintf(L"%s\n", names.sUserName); status = FreeContextBuffer(names.sUserName); } status = FreeCredentialsHandle(&credHandle); }

Other information: I think runas uses CreateProcessWithLogonW with the LOGON_NETCREDENTIALS_ONLY flag. This creates a new login session based on an existing login session, with network credentials hidden inside it. GetTokenInformation and LsaGetLogonSessionData return information about the original user, not about the network user. One bit of Windows that a network user needs to know is SSPI so that it can send the username and domain to a remote server. Hence the code above.

+2
source

Source: https://habr.com/ru/post/1442405/

More articles:


All Articles