Hello there,
I am not asking how to impersonate a process within C# windows
application. I already know that, in C# v2.0, you can easily achieve it
using ProcessStartInfo. You can run a process or call external program
as of different user.
The problem of that design is that the mother application is still
running as current user. I know that less privilege is more secure.
I want to launch an application as different user. I can do it by
creating launching application (say launch.exe) and call other main
application(say main.exe) from it. So the main application will run as
different user.
This design requires two executable files (launch.exe and main.exe). I
want to make it simple.
As I mentioned, I know how to impersonate a process. However, I don't
think that I can do it over method or thread. Am I right?
Can I pass an (static or object) method to a process? so that I can use
the impersonation? If I understood correctly, I need to provide
"FileName" in ProcessStartInfo to start a process. It's good when you
call external executable file as of different user. But I don't think
that you can put (static or object) method instead.
I deeply appreciate your help.
5  20063 
Look in MSDN help under WindowsIdentity.Impersonate. There's a
complete example there. Using that code as a basis you can do
impersonation over any random block of code.
Although it says XP only so perhaps that can be a concern for you..
Not sure how to do it in 2000 or earlier.
HTH,
Sam
------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.
On 12 Dec 2006 11:21:17 -0800, "cooltoriz" <yp*****@gmail.comwrote:
>Hello there,
As I mentioned, I know how to impersonate a process. However, I don't
think that I can do it over method or thread. Am I right?
Thank you for your answer,
I could be able to find many articles related to
"WindowsIdentity.Impersonate." and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser();
if (iuser.Impersonate(Environment.MachineName, "user2",
"password"))
{
Process notePad = new Process();
notePad.StartInfo.FileName = "notepad.exe";
MessageBox.Show(System.Security.Principal.WindowsI dentity.GetCurrent().Name);
notePad.Start();
iuser.Undo();
}
I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.
I know that I can change the security context of the Process using
ProcessStartInfo easily.
However, my question is that changing security context using
WindowsIdentity doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".
Thank you,
"cooltoriz" <yp*****@gmail.comwrote in message
news:11**********************@16g2000cwy.googlegro ups.com...
Thank you for your answer,
I could be able to find many articles related to
"WindowsIdentity.Impersonate." and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser();
if (iuser.Impersonate(Environment.MachineName, "user2",
"password"))
{
Process notePad = new Process();
notePad.StartInfo.FileName = "notepad.exe";
MessageBox.Show(System.Security.Principal.WindowsI dentity.GetCurrent().Name);
notePad.Start();
iuser.Undo();
}
I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.
I know that I can change the security context of the Process using
ProcessStartInfo easily.
However, my question is that changing security context using
WindowsIdentity doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".
Thank you,
The impersonation context is per process per thread. When you spawn another process like you
do in the above code, the child process will inherit the parents security context, that is
it will run in the security account of the parent's process.
Willy.
I'm confused. In your original post I thought you said you knew how
to do impersonation for a process but wanted to know how to do
impersonation for a thread. Was that not your question?
Sam
------------------------------------------------------------
We're hiring! B-Line Medical is seeking Mid/Sr. .NET
Developers for exciting positions in medical product
development in MD/DC. Work with a variety of technologies
in a relaxed team environment. See ads on Dice.com.
On 12 Dec 2006 19:45:43 -0800, "cooltoriz" <yp*****@gmail.comwrote:
>Thank you for your answer,
I could be able to find many articles related to
"WindowsIdentity.Impersonate." and I have a question about its security
boundary. Is impersonation applied only within the same process? For
example, if I am running the application under "user1" account and
executing this code..
ImpersonateUser iuser = new ImpersonateUser();
if (iuser.Impersonate(Environment.MachineName, "user2",
"password"))
{
Process notePad = new Process();
notePad.StartInfo.FileName = "notepad.exe";
MessageBox.Show(System.Security.Principal.Windows Identity.GetCurrent().Name);
notePad.Start();
iuser.Undo();
}
I see the messagebox saying "user2" as current security context.
However, when I check the process in task manager, I see "user1" for
notepade.exe process.
I know that I can change the security context of the Process using
ProcessStartInfo easily.
However, my question is that changing security context using
WindowsIdentity doesn't affect creating new process? And new process
inherits security from its paraent? This case, I assume that it's
"user1".
Thank you,
Sorry for confusion, I might not be clear about my question.
Yes, I know how to impersonate when I create NEW process using
ProcessStartInfo class. There are many examples over the Internet.
However, I was wondering what if I impersonate a code block using
WindowsIdentity.Impersonate() and the code block contains creating new
process, does new process inherit security context from the
impersonated security context or parents security context?
Per Willy's reply, it seems that new process will still inherit it from
parents security context even though impersonation occured before the
code block.
I hope that this clears my question.
Thank you,
Samuel R. Neff wrote:
I'm confused. In your original post I thought you said you knew how
to do impersonation for a process but wanted to know how to do
impersonation for a thread. Was that not your question?
Sam
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Bob Bedford |
last post by:
I've a script that must "launch" an other script on some situations.
firstscript.php:
....
If ($newarticle)
//launch secondscript.php
....
The "secondscript.php" may take quite long, and is...
|
by: Trips |
last post by:
Hello Folks
I have been having headache solving this and now I need your help
I have developed an windows application which access network resources under differnt authenticated identity and...
|
by: Dutchy |
last post by:
Dear reader,
In an attempt to obtain the path to the quick-launch-folder in order to
create a shortcut to my application-updates during installation , I thought
to:
1- check if quick launch...
|
by: Jo |
last post by:
I am having a real problem with the Launch conditions in VS .NET and can
only come to the conclusion that it is a bug.
It states quite emphatically in the MSDN that Launch Conditions WILL be...
|
by: Michael Howes |
last post by:
I have a c# windows form that talks to a web service on a server that then
can talk to multiple "agents" on different machines using web service calls.
I want to be able to launch an application...
|
by: David Rose |
last post by:
Hi,
I am trying to launch pdf files (in this case). The test application takes
the path to the pdf from a TextBox when the user clicks a button. I have
written code that works on my computer,...
|
by: Paul |
last post by:
Hi.
I need to launch a windows application and then send keyboard event to this
process to run certain commands. I've created a COM+ appplication to spawn
and talk to the application which works...
|
by: Marcus |
last post by:
I have this application I have made that I launch when the user logs
into Windows XP.
I would like to delay the launch of the application so that it starts 1
minute after the user has logged in.
...
|
by: Ryan Liu |
last post by:
Hi,
I want to play Audio/Video in my C# application(standlalone, not web
applicatoin). The source of multimedia may in different formats and decided
by the end user, which I have no control.
...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
