Run Code as a Different User

Run Code as a different user

Impersonation requires calling some native APIs (namely, LogonUser) so it's probably not worth posting 3 pages of wrapper code. This page has a complete working sample: http://platinumdogs.wordpress.com/2008/10/30/net-c-impersonation-with-network-credentials/

Note that impersonation has important security considerations. Make sure you follow best practices.

Running an application as different user

There are also some other alternatives which can help in achieving this like PsExex Tool.
https://technet.microsoft.com/en-us/sysinternals/psexec.aspx

You can provide the required parameters (like username , password ,the process to start) from Process class and it will launch it successfully using those user credentials.

For more Info:-
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/e20ddf85-26ba-45a7-a987-89de076eda23/solved-run-program-as-different-user-through-batch-file?forum=ITCG

E.g. psexec \workstation64 -c test.bat -u USERNAME -p PASSWORD

It works in my case without any issue.

Execute code as different user in JSF Webapp

The important bit was the fact this was packaged as a WAR file.

After some experimenting I got this working as above by placing a weblogic-wjb-jar.xml file in WEB-INF instead of META-INF

<weblogic-ejb-jar xmlns="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar  http://xmlns.oracle.com/weblogic/weblogic-ejb-jar/1.6/weblogic-ejb-jar.xsd"> 
  <run-as-role-assignment>
    <role-name>MyRunAsRole</role-name>
    <run-as-principal-name>privUser</run-as-principal-name>
  </run-as-role-assignment>
</weblogic-ejb-jar>

@RolesAllowed didn't work but that is another question...

Execute code in another users context

Im not sure this is a way to do this without creating a new process, ImpersonateLoggedOnUser will only work from a service, and I dont want to provide credentials.

correct me if I am wrong

Is running code under a different user (impersonation) possible with a service account (domain) without a windows service?

OP:

Can a method within a WPF application be executed (using Process.Start) impersonated with a service user account (domain) without a windows service?

You can impersonate a user regardless of what type the calling process is. i.e. WPF, Windows Service, Console App. It does not matter. However on Windows Vista and later the process must be running as an administrator.

Example courtesy of MSDN

string userName, domainName;
// Get the user token for the specified user, domain, and password using the
// unmanaged LogonUser method.
// The local machine name can be used for the domain name to impersonate a user on this machine.
Console.Write("Enter the name of the domain on which to log on: ");
domainName = Console.ReadLine();

Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName);
userName = Console.ReadLine();

Console.Write("Enter the password for {0}: ", userName);

...

// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(userName, domainName, Console.ReadLine(),
                LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
                out safeTokenHandle);
...

using (safeTokenHandle)
{
...

    using (WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()))
    {
        using (WindowsImpersonationContext impersonatedUser = newId.Impersonate())
        {
            // Check the identity.
            Console.WriteLine("After impersonation: "
                             + WindowsIdentity.GetCurrent().Name);
        }
    }
}

For more information and the complete example, I recommend viewing the link above as I didn't wish to quote the entire sample.

More

  • WindowsImpersonationContext Class
  • Impersonating and Reverting

Get an application to run as a different user from a windows service

The problem is with the use of the LOGON_NEW_CREDENTIALS type in the call to LogonUser. From the documentation:

This logon type allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identifier but uses different credentials for other network connections.

Try using LOGON32_LOGON_BATCH instead.


Related Topics

Webclient.Downloadstring() Returns String with Peculiar Characters

How to Unregister 'Anonymous' Event Handler

Multiple String Comparison with C#

C# Rsa Public Key Output Not Correct

How to Implement Url Rewriting Similar to So

Linq - Left Join on Multiple (Or) Conditions

How to Form a Correct MySQL Connection String

How to Convert a Utf-8 String into Unicode

C# Reflection - Get Field Values from a Simple Class

Save Bitmapimage to File

How to Test for the Presence of an Action Filter with Constructor Arguments

How to Sort a List of Objects by a Specific Field in C#

Deep Copy of List<T>

C# 4.0, Optional Parameters and Params Do Not Work Together

Simultaneous Read-Write a File in C#

ASP.NET Use SQLconnection Connect MySQL

Passing Dynamic Object to C# Method Changes Return Type

What Are Checked Exceptions in Java/C#


Leave a reply



Submit