User Impersonation on Win XP SP2

I can't answer your question for you, but have you considered using
ClickOnce Deployment instead of your current method of checking for
updates? Then you wouldnt even need to bother with this whole issue.

Well, we are still using .net 1.1 sp1. So ClickOnce is not a option...:(

Following is the Detail Exception ia m getting:

Exception: System.ComponentModel.Win32Exception
Message: Access is denied
Source: System
at System.Diagnostics.ProcessManager.OpenProcess(Int3 2 processId,
Int32 access, Boolean throwIfExited)
at System.Diagnostics.NtProcessManager.GetModuleInfos (Int32
processId)
at System.Diagnostics.Process.get_Modules()
at System.Diagnostics.Process.get_MainModule()

Help!!!!!!!!!!!!!
~ViPuL

"vipleo" <vn*****@gmail.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...
| Following is the Detail Exception ia m getting:
|
| Exception: System.ComponentModel.Win32Exception
| Message: Access is denied
| Source: System
| at System.Diagnostics.ProcessManager.OpenProcess(Int3 2 processId,
| Int32 access, Boolean throwIfExited)
| at System.Diagnostics.NtProcessManager.GetModuleInfos (Int32
| processId)
| at System.Diagnostics.Process.get_Modules()
| at System.Diagnostics.Process.get_MainModule()
|
| Help!!!!!!!!!!!!!
| ~ViPuL
|

And the code that throws this exception?

Willy.

Here is the code I am using for launching another exe.

ProcessStartInfo proc = new ProcessStartInfo(CopierExecutable,
commandLine);
proc.WorkingDirectory = ClientAppDirectory;
proc.UseShellExecute = true; //I have also tried 'False'
Process.Start(proc);

Here, CopierExecutable represents name of exe.

~ViPuL

Here is complete function:

private void LaunchCopierExecutable()
{
string filePath = Path.Combine(ClientAppDirectory, CopierExecutable);
if (!File.Exists(filePath))
{
throw new ApplicationException("Invalid CopierExecutable config
setting: " + CopierExecutable);
}

string commandLine = "appdir='" + ClientAppDirectory + "';upddir='" +
ClientUpdatesDirectory + "';bakdir='" + ClientBackupDirectory
+ "';procid=" + Process.GetCurrentProcess().Id + ";exe='" +
Process.GetCurrentProcess().MainModule.FileName + "';timeoutsecs=" +
MainAppShutdownSeconds.ToString() + ";";

if (_returnParms.Length > 0)
{
string sc = _returnParms.Substring(_returnParms.Length - 1, 1);
if( sc != ";") //add semi-colon
commandLine += "returnparms='" + _returnParms + "';";
else
commandLine += "returnparms='" + _returnParms + "'";
}

ProcessStartInfo proc = new ProcessStartInfo(CopierExecutable,
commandLine);
proc.WorkingDirectory = ClientAppDirectory;
proc.UseShellExecute = true;
Process.Start(proc);
}

That looks much better.
Your problem is that you are trying to get some information from the current
process (MainModule) while impersonating. This is not possible because your
thread runs in an impersonated context, so you don't have access to the
process context.
What you should do is get this info before impersonating.

Willy.

"vipleo" <vn*****@gmail.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
| Here is complete function:
|
| private void LaunchCopierExecutable()
| {
| string filePath = Path.Combine(ClientAppDirectory, CopierExecutable);
| if (!File.Exists(filePath))
| {
| throw new ApplicationException("Invalid CopierExecutable config
| setting: " + CopierExecutable);
| }
|
| string commandLine = "appdir='" + ClientAppDirectory + "';upddir='" +
| ClientUpdatesDirectory + "';bakdir='" + ClientBackupDirectory
| + "';procid=" + Process.GetCurrentProcess().Id + ";exe='" +
| Process.GetCurrentProcess().MainModule.FileName + "';timeoutsecs=" +
| MainAppShutdownSeconds.ToString() + ";";
|
| if (_returnParms.Length > 0)
| {
| string sc = _returnParms.Substring(_returnParms.Length - 1, 1);
| if( sc != ";") //add semi-colon
| commandLine += "returnparms='" + _returnParms + "';";
| else
| commandLine += "returnparms='" + _returnParms + "'";
| }
|
| ProcessStartInfo proc = new ProcessStartInfo(CopierExecutable,
| commandLine);
| proc.WorkingDirectory = ClientAppDirectory;
| proc.UseShellExecute = true;
| Process.Start(proc);
| }
|

Thanks for reply, willy.

But why this would be problem on win xp sp2 only.

Thanks,
~ViPuL

"vipleo" <vn*****@gmail.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
| Thanks for reply, willy.
|
| But why this would be problem on win xp sp2 only.
|
| Thanks,
| ~ViPuL
|

Different user privileges? Changes in SP2?

A process con only be 'opened' by the owner or by a caller with debug
provileges.
What I saw in your stack dump was that the caller did not have the requied
provileges to open the process:
<
Message: Access is denied
Source: System
at System.Diagnostics.ProcessManager.OpenProcess(Int3 2 processId,
Int32 access, Boolean throwIfExited)

now I know why, the impersonating user is not the "owner" and he does not
have the required access privileges.

Willy.

Willy,
As I had mentioned in my first post, I am impersonating as ADMIN user
who has explicit debug privileges.

Main App is launched by regular user and "admin" user is being
impersonated before app tries to launch another exe.

anyway, I will try your suggestion.

Thanks for your help.
~ViPuL

"vipleo" <vn*****@gmail.com> wrote in message
news:11*********************@o13g2000cwo.googlegro ups.com...
| Willy,
| As I had mentioned in my first post, I am impersonating as ADMIN user
| who has explicit debug privileges.
|
| Main App is launched by regular user and "admin" user is being
| impersonated before app tries to launch another exe.
|
| anyway, I will try your suggestion.
|
| Thanks for your help.
| ~ViPuL
|

Impersonating is not sufficient, you also need to "enable" the privilege,
it's not because a user has debug privileges that they are enabled.

Willy.

Willy,
How i can 'enable' this privilege?

vipleo-
I feel your pain...I spent weeks on this very issue - trying to get an
application updater going when the users didn't have permission to
install it. Our old impersonation broke when users started upgrading
to SP2, so I had to redo it.

It has been over a year, and there were so many issues they all kind of
blend together, but as I recall, impersonating then starting the
install process did not do the job because impersonation only changes
the permissions of the thread, not the process, and the process.start
gets started under the process' permissions. Again, it's a bit fuzzy
so I may be completely off there. I remember testing it by just
impersonating a different user than myself to start a process, then
that process popped a message box indicating what the current user was.

Also noteworthy was that if you had v 2.0, the Process.Start now takes
username, password, and domain parameters - obviously MS noticed this
was sorely missed.

Anyway, the silver bullet was to use WMI to install the new version -
that way the installation could happen on the current thread and the
admin user's privileges were used appropriately. It's been tried and
tested with 2000 users every two weeks, with no problems. I've seen
examples of using WMI to run the process as well, but I never got them
to work for me - I don't remember why.

If this is an option for you let me know and I'll post some code.

Good luck,
Jared

Jared,
Thanks a lot for your help & feeling my pain. <g>

In our implementation, we are not using multiple thread to do app
auto-update.

We are doing auto-update(xCopy deployment) in same thread, so I don't
understand how user context could be different.

Btwn, if you(or anybody else) can post some code sample for 'how to use
wmi to auto-update app' or 'how to launch another process using wmi',
that would be really great!

Thanks,
~ViPuL

We weren't using multi-threading either, but your code still runs on a
thread (even if it's the only one in the process), so it could still be
causing a problem. Read the "Pitfalls to watch for" section at
http://pluralsight.com/wiki/default....sImpersonation.
Note that I'm fairly certain that the suggestion to use
createprocessasuser no longer works on SP2 - that's what caused me to
have to do a rewrite in the first place. This is documented on MSDN,
if you care to search for it.

OK...Here's the code that I'm 100% sure works. I've stripped out a lot
of the stuff that was implementation specific, but I think all the
pertinent parts are in here:

Impersonation class: This one does the actual installing and
uninstalling.
using System;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Windows.Forms;
using System.Management;
using System.Collections;
using ROOT.CIMV2.Win32;
namespace Extensions.Client.ApplicationUpdater
{
public class Impersonate
{
[DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(String lpszUsername, String
lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

public static void UninstallProduct(string productCode, string name,
string version)
{
//get error codes at
http://msdn.microsoft.com/library/de...rror_codes.asp
const int ERROR_SUCCESS_REBOOT_REQUIRED = 3010;
const int ERROR_SUCCESS_REBOOT_INITIATED = 1641;
const int ERROR_SUCCESS = 0;

uint retValue = 0;
try
{
ManagementScope scope = new ManagementScope();
ROOT.CIMV2.Win32.Product prod = new Product(productCode, name,
version);
prod.Scope = scope;
retValue = prod.Uninstall();
}
catch(Exception e)
{
MessageBox.Show("Uninstall failed. Verify that " + name + " is
installed for all users on this machine. Details: " + e.Message);
}
if (retValue != ERROR_SUCCESS_REBOOT_REQUIRED && retValue !=
ERROR_SUCCESS_REBOOT_INITIATED && retValue != ERROR_SUCCESS)
{
MessageBox.Show("Uninstall failed. Please contact helpdesk to get
updates. The returned error was: " + retValue);
}
}

public static void InstallProduct(string path, string options, bool
allUsers)
{
//get error codes at
http://msdn.microsoft.com/library/de...rror_codes.asp
uint retValue = 0;
const int ERROR_SUCCESS_REBOOT_REQUIRED = 3010;
const int ERROR_SUCCESS_REBOOT_INITIATED = 1641;
const int ERROR_SUCCESS = 0;

try
{
if (System.IO.File.Exists(path))
{
retValue = Product.Install(allUsers, options, path);
if (retValue != ERROR_SUCCESS_REBOOT_REQUIRED && retValue !=
ERROR_SUCCESS_REBOOT_INITIATED && retValue != ERROR_SUCCESS)
{
MessageBox.Show("Install failed. Please contact helpdesk to get
updates. The returned error was: " + retValue);
}
}
else
MessageBox.Show("Couldn't find file " + path + ". Please contact
helpdesk to get updates.");
}
catch(Exception e)
{
MessageBox.Show("Install failed. Please contact helpdesk to get
updates. Details: " + e.Message);
}
}

public static IntPtr LogonUser(string UserName, string Password,
string Domain)
{
IntPtr token = IntPtr.Zero;
try
{
// Call LogonUser to obtain a handle to an access token.
LogonUser(UserName, Domain, Password, 2, 1, ref token);
return token;
}
catch
{
return IntPtr.Zero;
}
}
}
}

And here how the impersonation class was used to actually install the
product:
private void Install()
{

try
{
if (!System.IO.File.Exists(this.msiPath))
{
MessageBox.Show("Could not find the installation file " +
this.msiPath + ". Please contact the helpdesk to get updates.", "New
version of " + this.applicationTitle + " not found.");
return;
}
StatusWindow statusForm = null;

statusForm = new StatusWindow();
statusForm.Status = "Preparing to install " + this.applicationTitle +
"...";
statusForm.Show();

statusForm.Status = "Logging On...";
statusForm.PerformStep();

IntPtr token = Impersonate.LogonUser(UserName, Password, Domain);

if (token != IntPtr.Zero)
{
WindowsIdentity newId = new WindowsIdentity(token);
WindowsImpersonationContext impersonatedUser = newId.Impersonate();
//EVERTHING YOU DO FROM HERE ON OUT IS IMPERSONATED

//You probably can ignore all this productCode stuff...It's a long
story. But if your MSI is set to remove previous versions, you don't
need this.
if (this.productCode != null && this.productCode.Length > 0)
{
statusForm.Status = "Uninstalling old version of " +
this.applicationTitle + " ...";
statusForm.PerformStep();
Impersonate.UninstallProduct(this.productCode,
this.applicationTitle, this.oldVersion);
}

statusForm.Status = "Installing new version of " +
this.applicationTitle + "...";
statusForm.PerformStep();

//The second parameter are the options sent to msiexec.
Impersonate.InstallProduct(this.msiPath, "REBOOT=R", true);

impersonatedUser.Undo();
//BACK TO RUNNING UNDER THE ORIGINAL USER
}
else
{
MessageBox.Show("Impersonate user failed. Please contact HelpDesk
to obtain the latest version.");
}

statusForm.Close();
}
catch(Exception e)
{
MessageBox.Show(this.applicationTitle + " update failed: " + e);
WriteEvent(e);
}
}

I'll look around for the example of doing it with a process.

Good luck,
Jared

Here's the example that served as my bible for much of the time I spent
working on this issue:
http://www.dotnet247.com/247referenc...55/275561.aspx

Even though WMI may not be your solution, the concept may still work
for you. Instead of using the Process.Start, you need to duplicate the
action in-process (or, more accurately, in-thread.) So if you were
xcopying the files over, I believe that just using the
System.IO.File.Copy method will accomplish the same thing, while
allowing you to do it under the impersonated user's credentials.

Good luck,
Jared

"vipleo" <vn*****@gmail.com> wrote in message
news:11*********************@f14g2000cwb.googlegro ups.com...
| Willy,
| How i can 'enable' this privilege?
|

You have to call AdjustTokenPrivileges through PInvoke to do this from C#,
but you also need to get at the Process token because this fnction needs
this token, and you need to do this before impersonating, because once you
are impersonating you can't open the process to get at the token, see what I
mean? You can do all this using PInvoke, but it's not trivial, you better do
it in C++, or just don't do it at all and do as I said, get the module name
before you impersonate.

Willy.

As I said to vipleo, impersonation isn't the issue here, and is probably not
related to your problem. The OP's problem is that he tries to open the
'current process' while impersonating, this isn't allowed, unless the
impersonating user has Debug Privileges (he isn't the owner of the process)
and that these are explicitely enabled.
Willy.

"JaredHite1" <ja***@sharingds.org> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
| vipleo-
| I feel your pain...I spent weeks on this very issue - trying to get an
| application updater going when the users didn't have permission to
| install it. Our old impersonation broke when users started upgrading
| to SP2, so I had to redo it.
|
| It has been over a year, and there were so many issues they all kind of
| blend together, but as I recall, impersonating then starting the
| install process did not do the job because impersonation only changes
| the permissions of the thread, not the process, and the process.start
| gets started under the process' permissions. Again, it's a bit fuzzy
| so I may be completely off there. I remember testing it by just
| impersonating a different user than myself to start a process, then
| that process popped a message box indicating what the current user was.
|
| Also noteworthy was that if you had v 2.0, the Process.Start now takes
| username, password, and domain parameters - obviously MS noticed this
| was sorely missed.
|
| Anyway, the silver bullet was to use WMI to install the new version -
| that way the installation could happen on the current thread and the
| admin user's privileges were used appropriately. It's been tried and
| tested with 2000 users every two weeks, with no problems. I've seen
| examples of using WMI to run the process as well, but I never got them
| to work for me - I don't remember why.
|
| If this is an option for you let me know and I'll post some code.
|
| Good luck,
| Jared
|

"vipleo" <vn*****@gmail.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com...
| Jared,
| Thanks a lot for your help & feeling my pain. <g>
|
| In our implementation, we are not using multiple thread to do app
| auto-update.
|
| We are doing auto-update(xCopy deployment) in same thread, so I don't
| understand how user context could be different.
|
| Btwn, if you(or anybody else) can post some code sample for 'how to use
| wmi to auto-update app' or 'how to launch another process using wmi',
| that would be really great!
|
| Thanks,
| ~ViPuL
|

I don't think this will help you anyway, what you are after is the filename
of the current executable, right? Well, you should get this one before
impersonating and you are done.
Also, you shouldn't even use Process.GetCurrentProcess().MainModule.FileName
to get the exe name of the current process, you simply have to get the name
of the default application domain, this one is by default the same as the
..exe assembly name.

Willy.

I agree that the problem he's having right now is not related to the
solution I posted...Your advice of getting the process info before
impersonating is sound. What I'm saying is that even if he fixes his
current issue, a much larger one looms...Once the process is started,
it will be happily running under the process' permissions, not the
impersonated thread's, so he needs to consider another approach
altogether.

Jared

"JaredHite1" <ja***@sharingds.org> wrote in message
news:11*********************@o13g2000cwo.googlegro ups.com...
|I agree that the problem he's having right now is not related to the
| solution I posted...Your advice of getting the process info before
| impersonating is sound. What I'm saying is that even if he fixes his
| current issue, a much larger one looms...Once the process is started,
| it will be happily running under the process' permissions, not the
| impersonated thread's, so he needs to consider another approach
| altogether.
|
| Jared
|

That's true, that's why I'm a bit scared when people start to impersonate an
admin, I always wonder why they need it, and most of the time they don't.
The same, here, now I see what the OP is trying to achieve, the only
solution, is or calling "runas.exe" through Process.Start or trying to use
System.Management and WMI, which is not guaranteed to be succesfull because
of a security issue in v1.1.

Willy.

Interesting points, codefealls..:)
The reason I want to impersonate the admin is that app user doesn't
have write permission on app install dir and app uses auto-update
mechanism to get latest files from network share on start-up. Xcopy of
latest dlls is being done within app; so If exe itself need to be
updated, another copier exe will be launched to finish auto-update.

I didn't get chance to try your suggestion, willy.

I will try it today and post results.

Thanks for your help guys...

~ViPuL

Interesting points, codefealls..:)
The reason I want to impersonate the admin is that app user doesn't
have write permission on app install dir and app uses auto-update
mechanism to get latest files from network share on start-up. Xcopy of
latest dlls is being done within app; so If exe itself need to be
updated, another copier exe will be launched to finish auto-update.

I didn't get chance to try your suggestion, willy.

I will try it today and post results.

Thanks for your help guys...

~ViPuL

Good news & bad news..

Good news first, anothe exe is being launched with willy's suggestion
to get process info before doing impersonation.
But....(bad news begins), exe is getting following exception:

System.TypeInitializationException: The type initializer for
"System.Runtime.Remoting.Identity" threw an exception. --->
System.Security.Cryptography.CryptographicExceptio n: CryptoAPI
cryptographic service provider (CSP) for this implementation could not
be acquired.
at
System.Security.Cryptography.RNGCryptoServiceProvi der..ctor(CspParameters
cspParams)
at System.Security.Cryptography.RNGCryptoServiceProvi der..ctor()
at System.Runtime.Remoting.Identity..cctor()
--- End of inner exception stack trace ---
at
FHEG.Framework.AppUpdater.CopyFilesDelegate.BeginI nvoke(AsyncCallback
callback, Object object)
at FHEG.Framework.AppUpdater.ProgressForm.BeginCopy()
at
FHEG.Framework.AppUpdater.ProgressForm.ProgressFor m_Activated(Object
sender, EventArgs e)
at System.Windows.Forms.Form.OnActivated(EventArgs e)
at System.Windows.Forms.Form.set_Active(Boolean value)
at System.Windows.Forms.Form.WmActivate(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.ControlNativeWindow.OnMessage (Message& m)
at System.Windows.Forms.ControlNativeWindow.WndProc(M essage& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32
msg, IntPtr wparam, IntPtr lparam)

"vipleo" <vn*****@gmail.com> wrote in message
news:11**********************@g44g2000cwa.googlegr oups.com...
| Good news & bad news..
|
| Good news first, anothe exe is being launched with willy's suggestion
| to get process info before doing impersonation.
| But....(bad news begins), exe is getting following exception:
|
| System.TypeInitializationException: The type initializer for
| "System.Runtime.Remoting.Identity" threw an exception. --->
| System.Security.Cryptography.CryptographicExceptio n: CryptoAPI
| cryptographic service provider (CSP) for this implementation could not
| be acquired.
| at
| System.Security.Cryptography.RNGCryptoServiceProvi der..ctor(CspParameters
| cspParams)
| at System.Security.Cryptography.RNGCryptoServiceProvi der..ctor()
| at System.Runtime.Remoting.Identity..cctor()
| --- End of inner exception stack trace ---
| at
| FHEG.Framework.AppUpdater.CopyFilesDelegate.BeginI nvoke(AsyncCallback
| callback, Object object)
| at FHEG.Framework.AppUpdater.ProgressForm.BeginCopy()
| at
| FHEG.Framework.AppUpdater.ProgressForm.ProgressFor m_Activated(Object
| sender, EventArgs e)
| at System.Windows.Forms.Form.OnActivated(EventArgs e)
| at System.Windows.Forms.Form.set_Active(Boolean value)
| at System.Windows.Forms.Form.WmActivate(Message& m)
| at System.Windows.Forms.Form.WndProc(Message& m)
| at System.Windows.Forms.ControlNativeWindow.OnMessage (Message& m)
| at System.Windows.Forms.ControlNativeWindow.WndProc(M essage& m)
| at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32
| msg, IntPtr wparam, IntPtr lparam)
|

As was said before, when impersonating, you are only running the thread in
the impersonated context, not the process that you spawn from this thread,
that's exactly why I asked why you were impersonating.
The result is that:
1. won't be able to copy to the .exe directory, and
2. apparently the application you start this way needs to access the crypto
store of the administrator, which is impossible because, the store (assumed
it's registry based) is not loaded and if it was you won't be able to access
it anyway.

Really, the only thing you can do (on v1.1) it create the process to run as
an administrator by calling CreateProcessAs through PInvoke, or better
integrate the "update" into your application (while impersonating). But
honestly, do you really want to take all this overhead when starting a
client application, just because you do not want to grant write access to
the .exe directory?
Do you think, this is a real security measure? I would say it's not, think
of what can happen when the process crashes when impersonating an
administrator!

Willy.

I was able to launch another exe successsfully using CreateProcessAUser
but ran into other issue. So I gave up.

Thanks a lot for your help guys. I really appreciate it.

~ViPuL

I remember trying createprocessasuser and not having any success
either...

I still think your best bet is to do File.Copy operations while
impersonating. In my case, I didn't have the option of granting the
user write rights to the folder since it was in an enterprise
environment where all that stuff was way out of my control.

Good luck,
Jared