tags:

views:

459

answers:

2
+1  Q: 

ImpersonateLoggedOnUser and starting a new process that uses ocx fails.

I write a c++ windows application (A), that uses LogonUser, LoadUserProfile and ImpersonateLoggedOnUser to gain the rights of another user (Y). Meaning the A starts using the user that is logged on on the workstation (X). If the user wants to elevate his rights he can just press a button and logon as another user without having to log himself out of windows and back in.

The situation now is (according to the return values of the functions): LogonUser works, LoadUserProfile works and ImpersonateLoggedOnUser works as well.

After the impersonation I start another process. This process is an application (B) that needs an OCX control. This fails and the application tells me that the .oxc file is not properly installed.

The thing is, if I start B directly as the user that is logged on to the machine (X), it works. If I start B directly as the user (Y) to which I want to elevate my rights using A, it works.

If I am logged in as (X) and choose "run as" (Y) in the explorer, it works!

Do you know which steps I need to do to do the same as the "run as" dialog from windows?

+1  A: 

I'm not sure, but looks like impersonation is not enough - impersonation relates only to process (A), instead try CreateProcess with ProcessAttributes/ThreadAttributes explicitly set to impersonated user from windows' ACL

Dewfy  2009-09-01 07:27:33
thanks for your hint that the impersonation relates only to (A)Now I tried to use CreateProcessWithLogonW() which MSDN tells me is to be prefered to CreateProcessAsUser().Now the sequence is:LogonAsUser()LoadUserProfile()ImpersonateLoggedOnUser()CreateProcessWithLogonW()where CreateProcessWithLogonW() fails with ErrorCode 5 (Access denied)Any ideas where to go from here?
markus  2009-09-01 09:29:33
Try sysinternal utils (FileMon or RegMon) to explicitly see what exactly was asked before rejecting by "Access denied". Also per msdn: "By default, CreateProcessWithLogonW does not load the specified user profile into the HKEY_USERS registry key. This means that access to information in the HKEY_CURRENT_USER registry key may not produce results that are consistent with a normal interactive logon". Note that OCX intensively uses registry.
Dewfy  2009-09-01 11:18:09
@Dewfy: thanks for the hint. Especially the tools you mentioned will be useful for me in future as well!Access denied is resolved by calling RevertToSelf() before calling CreateProcessWithLogonW()
markus  2009-09-02 10:52:30
A: 

Thank you all for your help. The following was able to solve the issue for me:
I start the desired process using CreateProcessWithLogonW(). To get that function working properly I have to RevertToSelf() before I call it and do the impersonation again afterwards.

So the sequence is now: 

LogonUser()
LoadUserProfile()
ImpersonateLoggedOnUser()
// work with the app
RevertToSelf()
CreateProcessWithLogonW()
// do the impersonation stuff again
markus  2009-09-02 10:55:49

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS