Launch Shell process under different identity

[Guest]

Hello Folks

I have been having headache solving this and now I need your help

I have developed an windows application which access network resources under differnt authenticated identity and not the client who is running the application

The application runs on client machine and it has to access a network folder by impersonationg a specific user and downloads the file on client computer

Now when user clicks on download/copy button I change the Application identity to a user who has access to that network share and try downloading it by launchihng a shell process
Here is the problem, When I change the application identity and try launching the shell copy command nothing happens the shell opens up for a second and closes. If I remove the impersonation then I am able to launch the shell and file gets copied
If I use the impersonation code the shell launches and nothing happens and the shell command is just to execute a bat file
c:\abc.bat

Is there anything I have to do to launch a shell when the windows application is runing under different identity

Any help is greatly appreciated

Thank
Aja

 

[Eric Cadwell]

Does the user account your impersonating have a domain or local computer
account? They may not have access to the network.
What method are you using to perform the impersonation?
Try putting a pause statement in your .bat file to see what is going on.

HTH;
Eric Cadwell
http://www.origincontrols.com

 

[Guest]

Yes It's a domain service accout and it has proper permissions to access the domain network folder. With in the code I did a messagebox display method and it showed the impersonated account as the current changed identity. The issus is Shell opens up for a second and closes

I am using these dll in order to impersonat
[DllImport("advapi32.dll")
public static extern int LogonUserA(String lpszUserName,
String lpszDomain
String lpszPassword
int dwLogonType,
int dwLogonProvider
ref IntPtr phToken)
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken)

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)
public static extern bool RevertToSelf()

[DllImport("kernel32.dll", CharSet=CharSet.Auto)
public static extern bool CloseHandle(IntPtr handle)
There is nothing wring with the impersonation code as I could see the changed identity in a message box
I am simply doing this after the identity is change
System.Diagnostics.Process.Start(cmd); where cmd is a pth to bat file

thank
Aja

 

[Chris Conner]

I have run into the same problem and have had solved it using a different
approach:

Depending on what you need to do, use of the following two ways:

1) If the clients are Windows XP or higher machines, use the RUNAS command
instead. This way, you can still Shell execute the process with the current
user credentials and pass the credentials you want to run to this.
OR
2) Create a service account (my choice) that has network rights that runs on
the users machine and create a process file for it to execute. As an
example, have it create a folder in your program files\<application>\process
directory. Create a directory monitor in the service to process the text in
these files as commands to be executed. THIS IS DANGEROUS if you do not have
any kind of security. What I do is encrypt the contents of the file with a
key that is decryted with by the service. Once you have read in the
information - just delete the file and process those commands. The service
will have full local admin rights as well as whatever network rights you
give this service.

=-Chris

Yes It's a domain service accout and it has proper permissions to access

the domain network folder. With in the code I did a messagebox display
method and it showed the impersonated account as the current changed
identity. The issus is Shell opens up for a second and closes.

I am using these dll in order to impersonate
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
There is nothing wring with the impersonation code as I could see the

changed identity in a message box.