Run Code as a different user
Impersonation requires calling some native APIs (namely, LogonUser) so it's probably not worth posting 3 pages of wrapper code. This page has a complete working sample: http://platinumdogs.wordpress.com/2008/10/30/net-c-impersonation-with-network-credentials/
Note that impersonation has important security considerations. Make sure you follow best practices.
Running an application as different user
There are also some other alternatives which can help in achieving this like PsExex Tool.
https://technet.microsoft.com/en-us/sysinternals/psexec.aspx
You can provide the required parameters (like username , password ,the process to start) from Process class and it will launch it successfully using those user credentials.
For more Info:-
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/e20ddf85-26ba-45a7-a987-89de076eda23/solved-run-program-as-different-user-through-batch-file?forum=ITCG
E.g. psexec \workstation64 -c test.bat -u USERNAME -p PASSWORD
It works in my case without any issue.
Execute code as different user in JSF Webapp
The important bit was the fact this was packaged as a WAR file.
After some experimenting I got this working as above by placing a weblogic-wjb-jar.xml
file in WEB-INF
instead of META-INF
<weblogic-ejb-jar xmlns="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar http://xmlns.oracle.com/weblogic/weblogic-ejb-jar/1.6/weblogic-ejb-jar.xsd">
<run-as-role-assignment>
<role-name>MyRunAsRole</role-name>
<run-as-principal-name>privUser</run-as-principal-name>
</run-as-role-assignment>
</weblogic-ejb-jar>
@RolesAllowed
didn't work but that is another question...
Execute code in another users context
Im not sure this is a way to do this without creating a new process, ImpersonateLoggedOnUser will only work from a service, and I dont want to provide credentials.
correct me if I am wrong
Is running code under a different user (impersonation) possible with a service account (domain) without a windows service?
OP:
Can a method within a WPF application be executed (using Process.Start) impersonated with a service user account (domain) without a windows service?
You can impersonate a user regardless of what type the calling process is. i.e. WPF, Windows Service, Console App. It does not matter. However on Windows Vista and later the process must be running as an administrator.
Example courtesy of MSDN
string userName, domainName;
// Get the user token for the specified user, domain, and password using the
// unmanaged LogonUser method.
// The local machine name can be used for the domain name to impersonate a user on this machine.
Console.Write("Enter the name of the domain on which to log on: ");
domainName = Console.ReadLine();
Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName);
userName = Console.ReadLine();
Console.Write("Enter the password for {0}: ", userName);
...
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(userName, domainName, Console.ReadLine(),
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeTokenHandle);
...
using (safeTokenHandle)
{
...
using (WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()))
{
using (WindowsImpersonationContext impersonatedUser = newId.Impersonate())
{
// Check the identity.
Console.WriteLine("After impersonation: "
+ WindowsIdentity.GetCurrent().Name);
}
}
}
For more information and the complete example, I recommend viewing the link above as I didn't wish to quote the entire sample.
More
- WindowsImpersonationContext Class
- Impersonating and Reverting
Get an application to run as a different user from a windows service
The problem is with the use of the LOGON_NEW_CREDENTIALS type in the call to LogonUser. From the documentation:
This logon type allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identifier but uses different credentials for other network connections.
Try using LOGON32_LOGON_BATCH instead.
Related Topics
Webclient.Downloadstring() Returns String with Peculiar Characters
How to Unregister 'Anonymous' Event Handler
Multiple String Comparison with C#
C# Rsa Public Key Output Not Correct
How to Implement Url Rewriting Similar to So
Linq - Left Join on Multiple (Or) Conditions
How to Form a Correct MySQL Connection String
How to Convert a Utf-8 String into Unicode
C# Reflection - Get Field Values from a Simple Class
How to Test for the Presence of an Action Filter with Constructor Arguments
How to Sort a List of Objects by a Specific Field in C#
C# 4.0, Optional Parameters and Params Do Not Work Together
Simultaneous Read-Write a File in C#
ASP.NET Use SQLconnection Connect MySQL