473,372 Members | 858 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,372 software developers and data experts.

Identity Information when running with RunAs /NetOnly

Hi,

In a WinForms application, how can you get the identity of the remote
credentials used when kicking off the application with RunAs /NetOnly?

I can get local Identity information with
System.Security.Principal.WindowsIdentity.GetCurre nt(), but don't know how to
get the identity for the remote calls.

Any help would be appreciated,
Grant.
Jun 27 '08 #1
5 6046
Grant wrote:
In a WinForms application, how can you get the identity of the remote
credentials used when kicking off the application with RunAs /NetOnly?
You can't. There's a good thread explaining it here (the unmanaged
equivalent, that is):
http://groups.google.com/group/micro...beee80ed0573dd
I can get local Identity information with
System.Security.Principal.WindowsIdentity.GetCurre nt(), but don't know how to
get the identity for the remote calls.
This information is apparently managed by LSA internally and cannot be
retrieved after the fact. Technically, there isn't even an identity until a
remote resource is actually accessed and the credentials are successfully used.

--
J.
http://symbolsprose.blogspot.com
Jun 27 '08 #2
Hi Jeroen,

Many thanks for this - I searched extensively, but this a thread I didn't
find.
Regards,
Grant Holdom.

"Jeroen Mostert" wrote:
Grant wrote:
In a WinForms application, how can you get the identity of the remote
credentials used when kicking off the application with RunAs /NetOnly?
You can't. There's a good thread explaining it here (the unmanaged
equivalent, that is):
http://groups.google.com/group/micro...beee80ed0573dd
I can get local Identity information with
System.Security.Principal.WindowsIdentity.GetCurre nt(), but don't know how to
get the identity for the remote calls.
This information is apparently managed by LSA internally and cannot be
retrieved after the fact. Technically, there isn't even an identity until a
remote resource is actually accessed and the credentials are successfully used.

--
J.
http://symbolsprose.blogspot.com
Jun 27 '08 #3
Hi, Grant

How about this issue now? Does Jeroen's reply make sense to you?

The /netonly switch indicates that the user information specified is for
remote access only.

When you start a program with RunAs using /netonly, the program executes on
your local computer as the user you are currently logged on as, so the
System.Security.Principal.WindowsIdentity.GetCurre nt() will return the
currently logged user instead of the user specified on the RunAs command.
The new credential created in this case is only available when there're
connections to other computers on the network.

I look forward to hearing from you soon.

Best Regards,
Zhi-Xin Ye
Microsoft Online Community Support
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Jun 27 '08 #4
Hi Grant,

How are things going?

I have done some further research and let me share out a little bit more
details. The "runas /netonly" switch calls the "CreateProcessWithLogonW"
API internally with the "LOGON_NETCREDENTIALS_ONLY" flag, below is the
description of this flag quoted from
MSDN(http://msdn.microsoft.com/en-us/libr...31(VS.85).aspx) for
your information,

"
LOGON_NETCREDENTIALS_ONLY

Log on, but use the specified credentials on the network only. The new
process uses the same token as the caller, but the system creates a new
logon session within LSA, and the process uses the specified credentials as
the default credentials.
This value can be used to create a process that uses a different set of
credentials locally than it does remotely. This is useful in inter-domain
scenarios where there is no trust relationship.
The system does not validate the specified credentials. Therefore, the
process can start, but it may not have access to network resources.
"

The specified credentials stay in the local security authority(lsass.exe
process) and cannot be retrieved easily. However, we can manage to get the
specified user name with some trick. I found that the "runas" utility will
set the STARTUPINFO.lpTitle property to something like the following, when
it invokes the "CreateProcessWithLogonW" API:

"myApp.exe(running as MyDomain\SpecifiedUserName)"

To retrieve that title information, we can call the GetStartupInfo API:

private void button1_Click(object sender, EventArgs e)
{
STARTUPINFO s;
GetStartupInfo(out s);
string name = s.lpTitle.Substring(s.lpTitle.LastIndexOf('\\') +
1);
name = name.Remove(name.Length - 1);//remove the ")"
textBox1.Text = string.Format("The specified user name
is:{0}",name);
}

[DllImport("kernel32.dll",EntryPoint="GetStartupInf oW")]
static extern void GetStartupInfo(out STARTUPINFO lpStartupInfo);

[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
struct STARTUPINFO
{
public Int32 cb;
public string lpReserved;
public string lpDesktop;
public string lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public IntPtr hStdInput;
public IntPtr hStdOutput;
public IntPtr hStdError;
}

However, please not that this specific implementation (e.g. setting the
title) of the "RunAs" utility is not documented officially. There can be
opportunity that the design will be changed in the future versions. If that
happens, our existing code can break. But I still hope the workaround can
be useful to you to some extent.

If you need any further information, or there is anything else we can help
with, please feel free to reply here.
Sincerely,
Zhi-Xin Ye
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

This posting is provided "AS IS" with no warranties, and confers no rights.




Jun 27 '08 #5
Hi, Grant

I haven't heard back from you so I would like to follow up to find out
whether the information I supplied makes any sense to you or not. If there
is anything more I can help with, please don't hesitate to let me know.
Thanks.

Sincerely,
Zhi-Xin Ye
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
This posting is provided "AS IS" with no warranties, and confers no rights.

Jun 27 '08 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Svein Terje Gaup | last post by:
I have a website running on Windows 2000 Server, that should be able to retrieve data from a datawarehouse on another machine running Windows 2000 Server, SQL Server 2000 and SQL Server 2000...
11
by: TheBurgerMan | last post by:
Hi all. I am using W2K3, .NET2 on a machine running AD and Exchange. I started getting the message below last week. I googled the error and not much was returned, but I did find this;...
0
by: Phillip Galey | last post by:
I'm trying to use the Process object to have RUNAS run DOS commands. I have no problem getting the Process object to run DOS commands and return the resulting text back to the program. However,...
1
by: MS MVP ??? for VB.NET | last post by:
Dear all, I am trying to get the Process UserName by using System.Enviorment.Username, I have no problem by normal "run" and by "runas". I can get the process Username with correct value....
7
by: WT | last post by:
Hi, Working on MS CRM 3, I have created an aspx page using vs2005 and .NET 2. I am faced with a problem concerning the identity of the running user. More details: The CRM application which...
3
by: Michael Schwarz | last post by:
Hi, from time to time I get following error message with my ASP.NET 2.0 web application in the event log: An error occurred executing the configuration section handler for system.web/identity. ...
8
by: Bernard Lebel | last post by:
Hello, I would like to know if there is a way to run a Python file under a different user account than the one logged in. Allow me to explain. There are a bunch of people here, they are "basic...
1
by: miller.brettm | last post by:
Hello, I'm getting the following error message when I try add a row using a Stored Procedure. "The identity range managed by replication is full and must be updated by a replication agent". ...
1
by: andrewkl | last post by:
hi, I wrote a C program (runas.c) that runs a command as a different user on Solaris 8. The problem I'm having is that the new user's group memberships aren't going into effect. Take the...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.