473,594 Members | 2,582 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Launch Application as Different User in C# Windows Applicatoin

Hello there,

I am not asking how to impersonate a process within C# windows
application. I already know that, in C# v2.0, you can easily achieve it
using ProcessStartInf o. You can run a process or call external program
as of different user.

The problem of that design is that the mother application is still
running as current user. I know that less privilege is more secure.

I want to launch an application as different user. I can do it by
creating launching application (say launch.exe) and call other main
application(say main.exe) from it. So the main application will run as
different user.

This design requires two executable files (launch.exe and main.exe). I
want to make it simple.
As I mentioned, I know how to impersonate a process. However, I don't
think that I can do it over method or thread. Am I right?

Can I pass an (static or object) method to a process? so that I can use
the impersonation? If I understood correctly, I need to provide
"FileName" in ProcessStartInf o to start a process. It's good when you
call external executable file as of different user. But I don't think
that you can put (static or object) method instead.

I deeply appreciate your help.

Dec 12 '06 #1
5 20071

Look in MSDN help under WindowsIdentity .Impersonate. There's a
complete example there. Using that code as a basis you can do
impersonation over any random block of code.

Although it says XP only so perhaps that can be a concern for you..
Not sure how to do it in 2000 or earlier.

HTH,

Sam

------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.

On 12 Dec 2006 11:21:17 -0800, "cooltoriz" <yp*****@gmail. comwrote:
>Hello there,

As I mentioned, I know how to impersonate a process. However, I don't
think that I can do it over method or thread. Am I right?
Dec 12 '06 #2
Thank you for your answer,

I could be able to find many articles related to
"WindowsIdentit y.Impersonate." and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser ();

if (iuser.Imperson ate(Environment .MachineName, "user2",
"password") )
{

Process notePad = new Process();

notePad.StartIn fo.FileName = "notepad.ex e";
MessageBox.Show (System.Securit y.Principal.Win dowsIdentity.Ge tCurrent().Name );

notePad.Start() ;

iuser.Undo();
}

I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.

I know that I can change the security context of the Process using
ProcessStartInf o easily.

However, my question is that changing security context using
WindowsIdentity doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".

Thank you,

Dec 13 '06 #3
"cooltoriz" <yp*****@gmail. comwrote in message
news:11******** **************@ 16g2000cwy.goog legroups.com...
Thank you for your answer,

I could be able to find many articles related to
"WindowsIdentit y.Impersonate." and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser ();

if (iuser.Imperson ate(Environment .MachineName, "user2",
"password") )
{

Process notePad = new Process();

notePad.StartIn fo.FileName = "notepad.ex e";
MessageBox.Show (System.Securit y.Principal.Win dowsIdentity.Ge tCurrent().Name );

notePad.Start() ;

iuser.Undo();
}

I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.

I know that I can change the security context of the Process using
ProcessStartInf o easily.

However, my question is that changing security context using
WindowsIdentity doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".

Thank you,

The impersonation context is per process per thread. When you spawn another process like you
do in the above code, the child process will inherit the parents security context, that is
it will run in the security account of the parent's process.

Willy.

Dec 13 '06 #4

I'm confused. In your original post I thought you said you knew how
to do impersonation for a process but wanted to know how to do
impersonation for a thread. Was that not your question?

Sam
------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.
On 12 Dec 2006 19:45:43 -0800, "cooltoriz" <yp*****@gmail. comwrote:
>Thank you for your answer,

I could be able to find many articles related to
"WindowsIdenti ty.Impersonate. " and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser ();

if (iuser.Imperson ate(Environment .MachineName, "user2",
"password") )
{

Process notePad = new Process();

notePad.StartIn fo.FileName = "notepad.ex e";
MessageBox.Sho w(System.Securi ty.Principal.Wi ndowsIdentity.G etCurrent().Nam e);

notePad.Start() ;

iuser.Undo();
}

I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.

I know that I can change the security context of the Process using
ProcessStartIn fo easily.

However, my question is that changing security context using
WindowsIdentit y doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".

Thank you,
Dec 13 '06 #5
Sorry for confusion, I might not be clear about my question.

Yes, I know how to impersonate when I create NEW process using
ProcessStartInf o class. There are many examples over the Internet.

However, I was wondering what if I impersonate a code block using
WindowsIdentity .Impersonate() and the code block contains creating new
process, does new process inherit security context from the
impersonated security context or parents security context?

Per Willy's reply, it seems that new process will still inherit it from
parents security context even though impersonation occured before the
code block.

I hope that this clears my question.

Thank you,


Samuel R. Neff wrote:
I'm confused. In your original post I thought you said you knew how
to do impersonation for a process but wanted to know how to do
impersonation for a thread. Was that not your question?

Sam
Dec 14 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
2805
by: Bob Bedford | last post by:
I've a script that must "launch" an other script on some situations. firstscript.php: .... If ($newarticle) //launch secondscript.php .... The "secondscript.php" may take quite long, and is not necessary in "firstscript.php" to wait until it's finished. So how to launch
0
1559
by: Trips | last post by:
Hello Folks I have been having headache solving this and now I need your help I have developed an windows application which access network resources under differnt authenticated identity and not the client who is running the application The application runs on client machine and it has to access a network folder by impersonationg a specific user and downloads the file on client computer Now when user clicks on download/copy button...
8
5366
by: Dutchy | last post by:
Dear reader, In an attempt to obtain the path to the quick-launch-folder in order to create a shortcut to my application-updates during installation , I thought to: 1- check if quick launch is used by the user 2- check if a link to my application is there 3- if so, obtain the path (ANY PATH) to the quick-launch-folder from existing button(s)
1
4466
by: Jo | last post by:
I am having a real problem with the Launch conditions in VS .NET and can only come to the conclusion that it is a bug. It states quite emphatically in the MSDN that Launch Conditions WILL be executed in the order added. This statement holds true if every Condition has a InstallURL value set. but not if there is no InstallURL value. For Example : I want to check that W2K exists on the target machine before installing SP4. So, I add a...
1
5908
by: Michael Howes | last post by:
I have a c# windows form that talks to a web service on a server that then can talk to multiple "agents" on different machines using web service calls. I want to be able to launch an application of the users choice on the remove, "agent" machine. I've discovered that Process.Start() won't work because it runs under asp.net and it will launch any "process" but if the application has a windows UI it will not show.
13
4937
by: David Rose | last post by:
Hi, I am trying to launch pdf files (in this case). The test application takes the path to the pdf from a TextBox when the user clicks a button. I have written code that works on my computer, but I have doubts that my method is universal. Basically, in HKEY_CLASSES_ROOT, I look up the .pdf extension and get the human readable class id. Then I look that up, recursing through the tree until I get to "command" and then return that...
7
2621
by: Paul | last post by:
Hi. I need to launch a windows application and then send keyboard event to this process to run certain commands. I've created a COM+ appplication to spawn and talk to the application which works well however the launched application always shows the UI where-as I need this to be hidden, even calling the windowhidden on the process strart info does not work. Does this somehow need to spawned under a different account process ? ...
8
1979
by: Marcus | last post by:
I have this application I have made that I launch when the user logs into Windows XP. I would like to delay the launch of the application so that it starts 1 minute after the user has logged in. I previously did this with a sleep at the first row of the source code, but this makes the process visible in the task manager's processes tab during the sleep (before the "real application" is actually running), and I dont want that.
3
8371
by: Ryan Liu | last post by:
Hi, I want to play Audio/Video in my C# application(standlalone, not web applicatoin). The source of multimedia may in different formats and decided by the end user, which I have no control. My question is -- which is the best approach to add multimedia capability to my c# application, to support most possible formats, and make it easiest for the end user(e.g. does not need convert before play it)?
0
7882
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
8260
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
8017
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8250
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
6671
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
5837
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5416
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
3908
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2391
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.