469,352 Members | 1,736 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,352 developers. It's quick & easy.

Launch Application as Different User in C# Windows Applicatoin

Hello there,

I am not asking how to impersonate a process within C# windows
application. I already know that, in C# v2.0, you can easily achieve it
using ProcessStartInfo. You can run a process or call external program
as of different user.

The problem of that design is that the mother application is still
running as current user. I know that less privilege is more secure.

I want to launch an application as different user. I can do it by
creating launching application (say launch.exe) and call other main
application(say main.exe) from it. So the main application will run as
different user.

This design requires two executable files (launch.exe and main.exe). I
want to make it simple.
As I mentioned, I know how to impersonate a process. However, I don't
think that I can do it over method or thread. Am I right?

Can I pass an (static or object) method to a process? so that I can use
the impersonation? If I understood correctly, I need to provide
"FileName" in ProcessStartInfo to start a process. It's good when you
call external executable file as of different user. But I don't think
that you can put (static or object) method instead.

I deeply appreciate your help.

Dec 12 '06 #1
5 19729

Look in MSDN help under WindowsIdentity.Impersonate. There's a
complete example there. Using that code as a basis you can do
impersonation over any random block of code.

Although it says XP only so perhaps that can be a concern for you..
Not sure how to do it in 2000 or earlier.

HTH,

Sam

------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.

On 12 Dec 2006 11:21:17 -0800, "cooltoriz" <yp*****@gmail.comwrote:
>Hello there,

As I mentioned, I know how to impersonate a process. However, I don't
think that I can do it over method or thread. Am I right?
Dec 12 '06 #2
Thank you for your answer,

I could be able to find many articles related to
"WindowsIdentity.Impersonate." and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser();

if (iuser.Impersonate(Environment.MachineName, "user2",
"password"))
{

Process notePad = new Process();

notePad.StartInfo.FileName = "notepad.exe";
MessageBox.Show(System.Security.Principal.WindowsI dentity.GetCurrent().Name);

notePad.Start();

iuser.Undo();
}

I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.

I know that I can change the security context of the Process using
ProcessStartInfo easily.

However, my question is that changing security context using
WindowsIdentity doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".

Thank you,

Dec 13 '06 #3
"cooltoriz" <yp*****@gmail.comwrote in message
news:11**********************@16g2000cwy.googlegro ups.com...
Thank you for your answer,

I could be able to find many articles related to
"WindowsIdentity.Impersonate." and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser();

if (iuser.Impersonate(Environment.MachineName, "user2",
"password"))
{

Process notePad = new Process();

notePad.StartInfo.FileName = "notepad.exe";
MessageBox.Show(System.Security.Principal.WindowsI dentity.GetCurrent().Name);

notePad.Start();

iuser.Undo();
}

I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.

I know that I can change the security context of the Process using
ProcessStartInfo easily.

However, my question is that changing security context using
WindowsIdentity doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".

Thank you,

The impersonation context is per process per thread. When you spawn another process like you
do in the above code, the child process will inherit the parents security context, that is
it will run in the security account of the parent's process.

Willy.

Dec 13 '06 #4

I'm confused. In your original post I thought you said you knew how
to do impersonation for a process but wanted to know how to do
impersonation for a thread. Was that not your question?

Sam
------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.
On 12 Dec 2006 19:45:43 -0800, "cooltoriz" <yp*****@gmail.comwrote:
>Thank you for your answer,

I could be able to find many articles related to
"WindowsIdentity.Impersonate." and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser();

if (iuser.Impersonate(Environment.MachineName, "user2",
"password"))
{

Process notePad = new Process();

notePad.StartInfo.FileName = "notepad.exe";
MessageBox.Show(System.Security.Principal.Windows Identity.GetCurrent().Name);

notePad.Start();

iuser.Undo();
}

I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.

I know that I can change the security context of the Process using
ProcessStartInfo easily.

However, my question is that changing security context using
WindowsIdentity doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".

Thank you,
Dec 13 '06 #5
Sorry for confusion, I might not be clear about my question.

Yes, I know how to impersonate when I create NEW process using
ProcessStartInfo class. There are many examples over the Internet.

However, I was wondering what if I impersonate a code block using
WindowsIdentity.Impersonate() and the code block contains creating new
process, does new process inherit security context from the
impersonated security context or parents security context?

Per Willy's reply, it seems that new process will still inherit it from
parents security context even though impersonation occured before the
code block.

I hope that this clears my question.

Thank you,


Samuel R. Neff wrote:
I'm confused. In your original post I thought you said you knew how
to do impersonation for a process but wanted to know how to do
impersonation for a thread. Was that not your question?

Sam
Dec 14 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

8 posts views Thread by Bob Bedford | last post: by
13 posts views Thread by David Rose | last post: by
7 posts views Thread by Paul | last post: by
8 posts views Thread by Marcus | last post: by
3 posts views Thread by Ryan Liu | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by suresh191 | last post: by
1 post views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.