Question

我创建了包含WindowsIdentity和WindowsImpersonationContext的Impersonation类，并且在服务运行一段时间之后我在我的身份验证应用程序中添加了Impersonation lsass.exe进程消耗了大量内存和CPU你能不能请建议我如何解决这个问题？

public class Impersonation : IDisposable

{
    #region external
    // Declare signatures for Win32 LogonUser and CloseHandle APIs

    [DllImport("advapi32.dll", SetLastError = true)]
    static extern bool LogonUser(
      string principal,
      string authority,
      string password,
      LogonSessionType logonType,
      LogonProvider logonProvider,
      out IntPtr token);

    [DllImport("kernel32.dll", SetLastError = true)]
    public static extern bool CloseHandle(IntPtr handle);

    enum LogonSessionType : uint
    {
        Interactive = 2,
        Network,
        Batch,
        Service,
        NetworkCleartext = 8,
        NewCredentials
    }

    enum LogonProvider : uint
    {
        Default = 0, // default for platform (use this!)
        WinNT35,     // sends smoke signals to authority
        WinNT40,     // uses NTLM
        WinNT50      // negotiates Kerb or NTLM
    }

    #endregion

    #region variables

    private WindowsIdentity m_userWindowsID;

    private WindowsImpersonationContext m_userImpersonationContext;

    #endregion

    public void LogonWindowsUser(string domain, string userLogin, string password)
    {
        IntPtr token;
        // Create a token for DomainName\Bob
        // Note: Credentials should be encrypted in configuration file
        bool result = LogonUser(userLogin, domain, password,
                                LogonSessionType.NewCredentials,
                                LogonProvider.Default,
                                out token);
        if (result)
        {
           m_userWindowsID = new WindowsIdentity(token);
        }
    }

    public void ImpersonateUser()
    {
        if (m_userWindowsID == null)
        {
            throw new Exception("User is not loged on");
        }
        m_userImpersonationContext = m_userWindowsID.Impersonate();
    }

    #region IDisposable Members

    public void Dispose()
    {
        if (m_userImpersonationContext != null)
        {
            m_userImpersonationContext.Undo();
            m_userImpersonationContext.Dispose();
        }
        if (m_userWindowsID != null)
        {
            CloseHandle(m_userWindowsID.Token);
            m_userWindowsID.Dispose();
            //m_userWindowsID.Token = IntPtr.Zero;
        }
    }
    #endregion
}

Answer 1

我不知道你是否还有这个问题，但是我遇到了一个非常类似的问题，而且它与在适当的时候不调用CloseHandle（...）有关。

尝试在m_userWindowsID =新的WindowsIdentity（令牌）之后移动CloseHandle（...）; LogonWindowsUser方法中的行。

示例：

public void LogonWindowsUser(string domain, string userLogin, string password)  
{  
    IntPtr token;  
    // Create a token for DomainName\Bob  
    // Note: Credentials should be encrypted in configuration file  
    bool result = LogonUser(userLogin, domain, password,  
                            LogonSessionType.NewCredentials,  
                            LogonProvider.Default,  
                            out token);  
    if (result)  
    {  
       m_userWindowsID = new WindowsIdentity(token);
       CloseHandle(token);   
    }  
}

希望这有帮助！

克里斯

lsass.exe会占用大量内存和CPU

1 个答案: