.Net offers multiple ways to manage impersonation and its level. The important point to understand is what is being impersonated: the thread or the process also is the impersonation happening on the process or is it happening only on the network. Below classes will show you how to impersonate in all this cases.
First class: ImpersonateManager – allows starting impersonation and will apply to the thread scope. You will need to allow unsafe code in your project build properties. Below program is an example of using the ImpersonateManager.
The ImpersonateManager.cs is like this:
Now this might not be enough for your need, you might need more than thread impersonation.
There are basically two main logon scenarios in this case:
1) The user you want to impersonate is on the same domain as the current process
- Load the profile in the registry (like runas /profile)
- Sample with: ProcessImpersonator.ImpersonateProcess_WithProfile()
2) The user you want to impersonate is on a domain without trust relationship
- Use the specified credentials on the network only (like runas /netuse)
- Sample with : ProcessImpersonator.ImpersonateProcess_NetCredentials()
Below program do exactly this, it will start another executable (located in the same folder and having a name of test.exe).
ProcessImpersonator.cs looks like this:
For more information on the topic:
MSDN – CreateProcessWithLogonW.
MSDN – WindowsIdentity.
Geeks with blogs – Managed CreateProcessWithLogonW.
The use of CreateProcessWithLogonW is only working in case the parrent process is started on a user that has access tot the desktop.
If you try to change the user from System to Administrator with that function you’ll not be able to show any window on the screen.
CreateProcessAsUser should be used to solve this issue.
Thanks, your code seems to work great so far even with dot net 2.x
Do you have code that works at the thread level to logon on to a different domain? Your example only works for me if on the same domain.
Hi Dan, sorry for late answer…
Above sample should work I think, as long as there is a trust relationship between both domain. Can you give it a try?
Thanks for sharing this piece of code. It worked like a charm. I had a requirement to launch a msi as a different user from the service and this code helped me a lot.
what is the domain??? can you give an example on domain….
HI Yusuf, I am talking about the application domain (http://msdn.microsoft.com/en-us/library/system.appdomain.aspx). You can either have trust relationship or not.
Hope this help.
Thank you very much! You saved me!
Hi I have used this ProcessImpersonator.cs looks like this: here
and i modified a bit Just i have added commandLine and returning process ID, i will use this command line another console app.exe to connect remote machine but it is not connecting(I have pass all valid arguement. ) please help me out this
I have a web application i.e. MVC and I want to impersonate the user to invoke a command prompt and pass some commandline agruments to the command prompt and receive the console output so with the above code will it be possible?
Pingback: Edit registry key of other user - MicroEducate