Re: IIS7: CreateProcessWithLogonW access denied

I believe Code Access Security for ASP.Net was "Low" prior to IIS7/
Vista, which allowed code like yours to work with ASP.Net, but it was
*horribly* insecure.

In IIS7 it was raised to "Medium", which will make code like yours
fail.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//


On Jun 17, 2:53 pm, "Kyle Alons" <re...@xxxxxxxxxxxx> wrote:
Code like this in an ASP.NET web page (code behind .cs file) works in IIS
prior to v7, but fails with access denied (5) on v7.  Any ideas on a what
permissions are required for this to work?  Thanks.

    [StructLayout(LayoutKind.Sequential)]
    internal struct PROCESS_INFORMATION
    {
        internal IntPtr hProcess;
        internal IntPtr hThread;
        internal int dwProcessId;
        internal int dwThreadId;
    }

    [StructLayout(LayoutKind.Sequential)]
    internal struct STARTUPINFO
    {
        internal int cb;
        [MarshalAs(UnmanagedType.LPTStr)]
        internal string lpReserved;
        [MarshalAs(UnmanagedType.LPTStr)]
        internal string lpDesktop;
        [MarshalAs(UnmanagedType.LPTStr)]
        internal string lpTitle;
        internal int dwX;
        internal int dwY;
        internal int dwXSize;
        internal int dwYSize;
        internal int dwXCountChars;
        internal int dwYCountChars;
        internal int dwFillAttribute;
        internal int dwFlags;
        internal short wShowWindow;
        internal short cbReserved2;
        internal IntPtr lpReserved2;
        internal IntPtr hStdInput;
        internal IntPtr hStdOutput;
        internal IntPtr hStdError;
    }

    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    internal static extern bool CreateProcessWithLogonW(String lpszUsername,
        String lpszDomain, String lpszPassword, int dwLogonFlags, string
applicationName,
        StringBuilder commandLine, int creationFlags, IntPtr environment,
string currentDirectory,
        ref STARTUPINFO sui, out PROCESS_INFORMATION processInfo);

    //dwLogonFlags Specifies the logon option
    const int LOGON_WITH_PROFILE = 1;
    const int LOGON_NETCREDENTIALS_ONLY = 2;

    //dwCreationFlags - Specifies how the process is created
    const int CREATE_UNICODE_ENVIRONMENT = 0x00000400;

    //dwCreationFlags parameter controls the new process's priority class
    const int NORMAL_PRIORITY_CLASS = 0x00000020;
    const int IDLE_PRIORITY_CLASS = 0x00000040;
    const int HIGH_PRIORITY_CLASS = 0x00000080;
    const int REALTIME_PRIORITY_CLASS = 0x00000100;
    const int BELOW_NORMAL_PRIORITY_CLASS = 0x00004000;
    const int ABOVE_NORMAL_PRIORITY_CLASS = 0x00008000;

string app = "cmd";

StringBuilder p = new StringBuilder();

p.Append("/c dir");

PROCESS_INFORMATION processInfo;
STARTUPINFO startInfo = new STARTUPINFO();
startInfo.cb = Marshal.SizeOf(startInfo);
startInfo.lpDesktop = "winsta0\\default";

if (CreateProcessWithLogonW(user, ".", pwd,
       LOGON_NETCREDENTIALS_ONLY, app, p,
       NORMAL_PRIORITY_CLASS | CREATE_UNICODE_ENVIRONMENT, IntPtr.Zero, "",
ref startInfo, out processInfo))
     {
            Response.Write("<p>Started with Process ID " +
processInfo.dwProcessId.ToString() + "</p>");
    }
    else
    {
        Response.Write(Marshal.GetLastWin32Error());
    }

.