Re: Implement "run as" for application within application....

You shouldn't do that.

Impersonation should only be done a limited amount of time. Historically impersonation only affects the main thread - .NET works around that behavior for most cases. But you might experience anomalies when creating new threads or doing other kinds of thread switches (e.g. when calling COM components).

If you want a process to run under a certain identity - start it like that. Process.Start accomplishes that.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Well, I don't know much about ProecessStartInformation but I'll look
into it.
What I have done do far was to create an impersonate class and in the
load
routine start the impersonation and in the close routine end
impersonaton.
Will this work?

"Dominick Baier" wrote:

Should this happen "inside" your app - like on the current thread -
or do you want to spawn a separate process?

for a)

- create a token from the credentials (use LogonUser for that) - call
WindowsIdentity.Impersonate on that token (put that into a using
block)

for b)

- supply credentials in a ProcessStartInformation
- pass the PSI into Process.Start
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Hello,

I have been asked to implement a 'run as' methodology in a .net
application. I have read several threads regarding impersonation but
have questions.

Here is what I think I need to do....

I have already a 'setting' that can be maintained off of the tool
menu so that the 'run as' creditentials can be maintained. I encode
and decode the password just in case. Now I want this
'impersonation' to override current creditentials for the program
while it is running.

Should this be done in the 'load' and 'close' of the main screen of
the application? Also, I read something about a powerful setting ,
something like ' as part of the operating system'. Is this
neccessary for the original application user or for the
creditentials being used in the impersonation?

Basically, the staff wants the application to execute in a 'run as'
mode. Can you someone provide some assistance?

Thank you in advance.

Dean.



.

Relevant Pages

  • Re: Implement "run as" for application within application....
    ... Should this happen "inside" your app - like on the current thread - or do you want to spawn a separate process? ... Now I want this 'impersonation' to ... override current creditentials for the program while it is running. ... Also, I read something about a powerful setting, ...
    (microsoft.public.dotnet.security)
  • Re: Implement "run as" for application within application....
    ... routine start the impersonation and in the close routine end impersonaton. ... supply credentials in a ProcessStartInformation ... override current creditentials for the program while it is running. ... Also, I read something about a powerful setting, ...
    (microsoft.public.dotnet.security)
  • Re: Thread.CurrentPrincipal only set once
    ... Dominick Baier, DevelopMentor ... Now - when doing an impersonation, ... Principal STILL reflects the impersonated user as this was the very ...
    (microsoft.public.dotnet.security)
  • Re: Security for a worker thread
    ... Dominick Baier ... Developing More Secure Microsoft ASP.NET 2.0 Applications ... In general impersonation information flows to newly created threads ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How can roles be determined for a resource?
    ... but this will only work if impersonation is turned on - something i would ... not recommend. ... Dominick Baier - DevelopMentor ...
    (microsoft.public.dotnet.framework.aspnet.security)