tags:

views:

44

answers:

2
Q: 

Process.Start() impersonation problem

Trying to start process with another access token, without success, it runs as the non-impersonated user.

using (WindowsIdentity identity = new WindowsIdentity(token))
using (identity.Impersonate())
{
    Process.Start("blabla.txt");
}

How to make this work properly?

A: 

Try this example from http://msdn.microsoft.com/en-us/library/w070t6ka.aspx

private static void ImpersonateIdentity(IntPtr logonToken)
{
    // Retrieve the Windows identity using the specified token.
    WindowsIdentity windowsIdentity = new WindowsIdentity(logonToken);

    // Create a WindowsImpersonationContext object by impersonating the
    // Windows identity.
    WindowsImpersonationContext impersonationContext =
        windowsIdentity.Impersonate();

    Console.WriteLine("Name of the identity after impersonation: "
        + WindowsIdentity.GetCurrent().Name + ".");

    //Start your process here
    Process.Start("blabla.txt");

    Console.WriteLine(windowsIdentity.ImpersonationLevel);
    // Stop impersonating the user.
    impersonationContext.Undo();

    // Check the identity name.
    Console.Write("Name of the identity after performing an Undo on the");
    Console.WriteLine(" impersonation: " +
        WindowsIdentity.GetCurrent().Name);
}

You can also use CreateProcessAsUser windows function.

http://www.pinvoke.net/default.aspx/advapi32/createprocessasuser.html

Keivan  2010-10-14 19:06:34
Thanks, but this code has exactly the same result.
DxCK  2010-10-14 19:09:33
added another solution
Keivan  2010-10-14 19:21:34
`CreateProcessAsUser` can't start non-exe files like blabla.txt, so this option is not good for me.
DxCK  2010-10-15 09:28:07
+1  A: 

You need to set the ProcessStartInfo.UserName and Password properties. With UseShellExecute set to false. If you only have a token then pinvoke CreateProcessAsUser().

Hans Passant  2010-10-14 19:13:49
When setting UseShellExecute to false, I can't start non-exe files like blabla.txt, so this option is not good for me.
DxCK  2010-10-14 19:52:05
Well, getting the path to the .exe that is associated with the filename extension is an entirely different question. Well covered by other SO threads, no need to repeat it here. ShellExecuteEx() just doesn't support creating a process with a different (restricted) user token. That option is not good for you.
Hans Passant  2010-10-14 19:58:20

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?