How do you pass user credentials from one process to another for Impersonation in .NET 1.1?

Question

I have a Windows Service (written in .NET 1.1) running under a specific user account and instances of the service running on several servers.

I would like to pass user credentials (username, password, domain) to the service from a WinForms application and have the service read/write files in the server's local file system impersonating the passed-in credentials.

Is it better to pass the username, domain, and password and have the Windows Service perform the Impersonation? I don't see how to serialize a WindowsIdentity and pass one as a parameter to have the service then perform the Impersonate() and Undo() around the I/O.

As a container object, System.Net.NetworkCredential is not marked serializable so passing the three individual parameters seems logical. I'm essentially using the Impersonation routine found in KB306158.

Answer 1

I dont know how directly this correlates to your needs but this is a snippet of the impersonation code I used in an application that accesses the registry and file system of remote machines given valid credentials. The LogonUser method takes username password and servername as args which you could pass via your winform app.

edit You will have to set up a form of inter-process communication between your winform app and the services running on the separate computers. My apologies I thought this was a question about how to impersonate not how to send information to your process. As far as methods for IPC go there are quite a few options. Take a look at this site, it will provide far more information than I can. Your best bet is going to be using named pipes.

[DllImport("advapi32.dll",EntryPoint = "LogonUser", SetLastError = true)]
    public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword,
    int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

IntPtr admin_token = IntPtr.Zero;
WindowsIdentity wid = WindowsIdentity.GetCurrent();
WindowsIdentity wid_admin;  
WindowsImpersonationContext wic;

if (LogonUser(user, servername, pass, 9, 0, ref admin_token))
{
    wid_admin = new WindowsIdentity(admin_token);
    wic = wid_admin.Impersonate();
    //do stuff with new creds here
}

Answer 2

I don't think you can pass the Network Credential object directly to another process, it's based on an underlying windows api and I'm guessing there would be all kinds of bad juju involved in letting processes pass around their auth tokens.

I would take the approach you mentioned, if possible, and pass the log on credentials (user/pass) to the service and let it use those for the impersonation.