Hello there,
I am not asking how to impersonate a process within C# windows
application. I already know that, in C# v2.0, you can easily achieve it
using ProcessStartInf o. You can run a process or call external program
as of different user.
The problem of that design is that the mother application is still
running as current user. I know that less privilege is more secure.
I want to launch an application as different user. I can do it by
creating launching application (say launch.exe) and call other main
application(say main.exe) from it. So the main application will run as
different user.
This design requires two executable files (launch.exe and main.exe). I
want to make it simple.
As I mentioned, I know how to impersonate a process. However, I don't
think that I can do it over method or thread. Am I right?
Can I pass an (static or object) method to a process? so that I can use
the impersonation? If I understood correctly, I need to provide
"FileName" in ProcessStartInf o to start a process. It's good when you
call external executable file as of different user. But I don't think
that you can put (static or object) method instead.
I deeply appreciate your help.
5  20079 
Look in MSDN help under WindowsIdentity .Impersonate. There's a
complete example there. Using that code as a basis you can do
impersonation over any random block of code.
Although it says XP only so perhaps that can be a concern for you..
Not sure how to do it in 2000 or earlier.
HTH,
Sam
------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.
On 12 Dec 2006 11:21:17 -0800, "cooltoriz" <yp*****@gmail. comwrote:
>Hello there,
As I mentioned, I know how to impersonate a process. However, I don't
think that I can do it over method or thread. Am I right?
Thank you for your answer,
I could be able to find many articles related to
"WindowsIdentit y.Impersonate." and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser ();
if (iuser.Imperson ate(Environment .MachineName, "user2",
"password") )
{
Process notePad = new Process();
notePad.StartIn fo.FileName = "notepad.ex e";
MessageBox.Show (System.Securit y.Principal.Win dowsIdentity.Ge tCurrent().Name );
notePad.Start() ;
iuser.Undo();
}
I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.
I know that I can change the security context of the Process using
ProcessStartInf o easily.
However, my question is that changing security context using
WindowsIdentity doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".
Thank you,
"cooltoriz" <yp*****@gmail. comwrote in message
news:11******** **************@ 16g2000cwy.goog legroups.com...
Thank you for your answer,
I could be able to find many articles related to
"WindowsIdentit y.Impersonate." and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser ();
if (iuser.Imperson ate(Environment .MachineName, "user2",
"password") )
{
Process notePad = new Process();
notePad.StartIn fo.FileName = "notepad.ex e";
MessageBox.Show (System.Securit y.Principal.Win dowsIdentity.Ge tCurrent().Name );
notePad.Start() ;
iuser.Undo();
}
I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.
I know that I can change the security context of the Process using
ProcessStartInf o easily.
However, my question is that changing security context using
WindowsIdentity doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".
Thank you,
The impersonation context is per process per thread. When you spawn another process like you
do in the above code, the child process will inherit the parents security context, that is
it will run in the security account of the parent's process.
Willy.
I'm confused. In your original post I thought you said you knew how
to do impersonation for a process but wanted to know how to do
impersonation for a thread. Was that not your question?
Sam
------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.
On 12 Dec 2006 19:45:43 -0800, "cooltoriz" <yp*****@gmail. comwrote:
>Thank you for your answer,
I could be able to find many articles related to
"WindowsIdenti ty.Impersonate. " and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser ();
if (iuser.Imperson ate(Environment .MachineName, "user2",
"password") )
{
Process notePad = new Process();
notePad.StartIn fo.FileName = "notepad.ex e";
MessageBox.Sho w(System.Securi ty.Principal.Wi ndowsIdentity.G etCurrent().Nam e);
notePad.Start() ;
iuser.Undo();
}
I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.
I know that I can change the security context of the Process using
ProcessStartIn fo easily.
However, my question is that changing security context using
WindowsIdentit y doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".
Thank you,
Sorry for confusion, I might not be clear about my question.
Yes, I know how to impersonate when I create NEW process using
ProcessStartInf o class. There are many examples over the Internet.
However, I was wondering what if I impersonate a code block using
WindowsIdentity .Impersonate() and the code block contains creating new
process, does new process inherit security context from the
impersonated security context or parents security context?
Per Willy's reply, it seems that new process will still inherit it from
parents security context even though impersonation occured before the
code block.
I hope that this clears my question.
Thank you,
Samuel R. Neff wrote:
I'm confused. In your original post I thought you said you knew how
to do impersonation for a process but wanted to know how to do
impersonation for a thread. Was that not your question?
Sam
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Bob Bedford |
last post by:
I've a script that must "launch" an other script on some situations.
firstscript.php:
....
If ($newarticle)
//launch secondscript.php
....
The "secondscript.php" may take quite long, and is not necessary in
"firstscript.php" to wait until it's finished. So how to launch
|
by: Trips |
last post by:
Hello Folks
I have been having headache solving this and now I need your help
I have developed an windows application which access network resources under differnt authenticated identity and not the client who is running the application
The application runs on client machine and it has to access a network folder by impersonationg a specific user and downloads the file on client computer
Now when user clicks on download/copy button...
|
by: Dutchy |
last post by:
Dear reader,
In an attempt to obtain the path to the quick-launch-folder in order to
create a shortcut to my application-updates during installation , I thought
to:
1- check if quick launch is used by the user
2- check if a link to my application is there
3- if so, obtain the path (ANY PATH) to the quick-launch-folder from
existing button(s)
|
by: Jo |
last post by:
I am having a real problem with the Launch conditions in VS .NET and can
only come to the conclusion that it is a bug.
It states quite emphatically in the MSDN that Launch Conditions WILL be
executed in the order added. This statement holds true if every Condition
has a InstallURL value set. but not if there is no InstallURL value.
For Example :
I want to check that W2K exists on the target machine before installing SP4.
So, I add a...
|
by: Michael Howes |
last post by:
I have a c# windows form that talks to a web service on a server that then
can talk to multiple "agents" on different machines using web service calls.
I want to be able to launch an application of the users choice on the
remove, "agent" machine.
I've discovered that Process.Start() won't work because it runs under
asp.net and it will launch any "process" but if the application has a
windows UI it will not show.
| | |
by: David Rose |
last post by:
Hi,
I am trying to launch pdf files (in this case). The test application takes
the path to the pdf from a TextBox when the user clicks a button. I have
written code that works on my computer, but I have doubts that my method is
universal.
Basically, in HKEY_CLASSES_ROOT, I look up the .pdf extension and get the
human readable class id. Then I look that up, recursing through the tree
until I get to "command" and then return that...
|
by: Paul |
last post by:
Hi.
I need to launch a windows application and then send keyboard event to this
process to run certain commands. I've created a COM+ appplication to spawn
and talk to the application which works well however the launched
application always shows the UI where-as I need this to be hidden, even
calling the windowhidden on the process strart info does not work. Does this
somehow need to spawned under a different account process ?
...
|
by: Marcus |
last post by:
I have this application I have made that I launch when the user logs
into Windows XP.
I would like to delay the launch of the application so that it starts 1
minute after the user has logged in.
I previously did this with a sleep at the first row of the source code,
but this makes the process visible in the task manager's processes tab
during the sleep (before the "real application" is actually running),
and I dont want that.
|
by: Ryan Liu |
last post by:
Hi,
I want to play Audio/Video in my C# application(standlalone, not web
applicatoin). The source of multimedia may in different formats and decided
by the end user, which I have no control.
My question is -- which is the best approach to add multimedia capability to
my c# application, to support most possible formats, and make it easiest for
the end user(e.g. does not need convert before play it)?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
