|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How do I use windowsIdentity to start a process in .net?Hello, and thanks in advance.
I'm using the logonuser function within vb.net to obtain a windowsIdentity. Now how do I start a process using it, within vb.net? I need all functions after obtaining the windowsIdentity to use it. In .NET (C# and VB) you use the ImpersonationContext construct to obtain a
context in which you can launch a process. In C#: WindowsIdentity winID = new WindowsIdentity(token); using(ImpersonationContext ctx = new ImpersonationContext(winID)) { //launch process here.. } //here no longer impersonated -- Show quoteHide quotergds. /Claus Konrad MCSD.NET (C#) "brett.m***@gmail.com" wrote: > Hello, and thanks in advance. > > I'm using the logonuser function within vb.net to obtain a > windowsIdentity. Now how do I start a process using it, within vb.net? > I need all functions after obtaining the windowsIdentity to use it. > > this will not work - new processes will inherit the parent process token
- not the impersonation token... The Process.Start takes a StartupInformation object - there you can specify the credentials to use to start a new process - there is also a Win32 API that uses a token to start new processes (name escapes me at the moment) --- Dominick Baier, DevelopMentor http://www.leastprivilege.com Show quoteHide quote > In .NET (C# and VB) you use the ImpersonationContext construct to > obtain a context in which you can launch a process. > > In C#: > WindowsIdentity winID = new WindowsIdentity(token); > using(ImpersonationContext ctx = new ImpersonationContext(winID)) > { > //launch process here.. > } > //here no longer impersonated > > "brett.m***@gmail.com" wrote: > >> Hello, and thanks in advance. >> >> I'm using the logonuser function within vb.net to obtain a >> windowsIdentity. Now how do I start a process using it, within >> vb.net? I need all functions after obtaining the windowsIdentity to >> use it. >> That behaviour has been corrected in .NET 2.0.
-- Show quoteHide quotergds. /Claus Konrad MCSD.NET (C#) "Dominick Baier" wrote: > this will not work - new processes will inherit the parent process token > - not the impersonation token... > > The Process.Start takes a StartupInformation object - there you can specify > the credentials to use to start a new process - there is also a Win32 API > that uses a token to start new processes (name escapes me at the moment) > > --- > Dominick Baier, DevelopMentor > http://www.leastprivilege.com > > > In .NET (C# and VB) you use the ImpersonationContext construct to > > obtain a context in which you can launch a process. > > > > In C#: > > WindowsIdentity winID = new WindowsIdentity(token); > > using(ImpersonationContext ctx = new ImpersonationContext(winID)) > > { > > //launch process here.. > > } > > //here no longer impersonated > > > > "brett.m***@gmail.com" wrote: > > > >> Hello, and thanks in advance. > >> > >> I'm using the logonuser function within vb.net to obtain a > >> windowsIdentity. Now how do I start a process using it, within > >> vb.net? I need all functions after obtaining the windowsIdentity to > >> use it. > >> > > > no - thats not the case.
They changed a lot of the token propagation details for spawning new threads while impersonating. This does _not_ apply to processes. --- Dominick Baier, DevelopMentor http://www.leastprivilege.com Show quoteHide quote > That behaviour has been corrected in .NET 2.0. > > "Dominick Baier" wrote: > >> this will not work - new processes will inherit the parent process >> token - not the impersonation token... >> >> The Process.Start takes a StartupInformation object - there you can >> specify the credentials to use to start a new process - there is also >> a Win32 API that uses a token to start new processes (name escapes me >> at the moment) >> >> --- >> Dominick Baier, DevelopMentor >> http://www.leastprivilege.com >>> In .NET (C# and VB) you use the ImpersonationContext construct to >>> obtain a context in which you can launch a process. >>> >>> In C#: >>> WindowsIdentity winID = new WindowsIdentity(token); >>> using(ImpersonationContext ctx = new ImpersonationContext(winID)) >>> { >>> //launch process here.. >>> } >>> //here no longer impersonated >>> "brett.m***@gmail.com" wrote: >>> >>>> Hello, and thanks in advance. >>>> >>>> I'm using the logonuser function within vb.net to obtain a >>>> windowsIdentity. Now how do I start a process using it, within >>>> vb.net? I need all functions after obtaining the windowsIdentity to >>>> use it. >>>> You are correct. It is related to threads spawned.
Thx. -- Show quoteHide quotergds. /Claus Konrad MCSD.NET (C#) "Dominick Baier" wrote: > no - thats not the case. > > They changed a lot of the token propagation details for spawning new threads > while impersonating. This does _not_ apply to processes. > > --- > Dominick Baier, DevelopMentor > http://www.leastprivilege.com > > > That behaviour has been corrected in .NET 2.0. > > > > "Dominick Baier" wrote: > > > >> this will not work - new processes will inherit the parent process > >> token - not the impersonation token... > >> > >> The Process.Start takes a StartupInformation object - there you can > >> specify the credentials to use to start a new process - there is also > >> a Win32 API that uses a token to start new processes (name escapes me > >> at the moment) > >> > >> --- > >> Dominick Baier, DevelopMentor > >> http://www.leastprivilege.com > >>> In .NET (C# and VB) you use the ImpersonationContext construct to > >>> obtain a context in which you can launch a process. > >>> > >>> In C#: > >>> WindowsIdentity winID = new WindowsIdentity(token); > >>> using(ImpersonationContext ctx = new ImpersonationContext(winID)) > >>> { > >>> //launch process here.. > >>> } > >>> //here no longer impersonated > >>> "brett.m***@gmail.com" wrote: > >>> > >>>> Hello, and thanks in advance. > >>>> > >>>> I'm using the logonuser function within vb.net to obtain a > >>>> windowsIdentity. Now how do I start a process using it, within > >>>> vb.net? I need all functions after obtaining the windowsIdentity to > >>>> use it. > >>>> > > > 
Other interesting topics
how to add "Authorization: Basic" for a web service call
Winform: Call a vbscript with elevated privileges FullTrust on network drive Why am I getting errors when I want to rebuild the TreeView contro Login error when opening a deployed project Do i need to got Https:// throught the website ??? How to decrypt CAPICOM data i .NET 2.0 User creation.... Forms Authentication with Active Directory, login control crashes Is there a function that I can call to validate a domain? |
|||||||||||||||||||||||
