Impersonation with C#

By | October 15, 2010

.Net offers multiple ways to manage impersonation and its level. The important point to understand is what is being impersonated: the thread or the process also is the impersonation happening on the process or is it happening only on the network. Below classes will show you how to impersonate in all this cases.

First class: ImpersonateManager – allows starting impersonation and will apply to the thread scope. You will need to allow unsafe code in your project build properties.  Below program is an example of using the ImpersonateManager.

The ImpersonateManager.cs is like this:

 

Now this might not be enough for your need, you might need more than thread impersonation.

There are basically two main logon scenarios in this case:

1)      The user you want to impersonate is on the same domain as the current process

  • Load the profile in the registry (like runas /profile)
  • Sample with: ProcessImpersonator.ImpersonateProcess_WithProfile()

2)      The user you want to impersonate is on a domain without trust relationship

  • Use the specified credentials on the network only (like runas /netuse)
  • Sample with : ProcessImpersonator.ImpersonateProcess_NetCredentials()

Below program do exactly this, it will start another executable (located in the same folder and having a name of test.exe).

ProcessImpersonator.cs looks like this:

For more information on the topic:

MSDN – CreateProcessWithLogonW.
MSDN – WindowsIdentity.
Geeks with blogs – Managed CreateProcessWithLogonW.

 
2 Kudos
Don't
move!

8 thoughts on “Impersonation with C#

  1. mihai

    Hello,
    The use of CreateProcessWithLogonW is only working in case the parrent process is started on a user that has access tot the desktop.

    If you try to change the user from System to Administrator with that function you’ll not be able to show any window on the screen.
    CreateProcessAsUser should be used to solve this issue.

    Reply
  2. dan

    Thanks, your code seems to work great so far even with dot net 2.x

    Do you have code that works at the thread level to logon on to a different domain? Your example only works for me if on the same domain.

    Reply
  3. Ahmet Post author

    Hi Dan, sorry for late answer…

    Above sample should work I think, as long as there is a trust relationship between both domain. Can you give it a try?

    Reply
  4. Vish

    Hi

    Thanks for sharing this piece of code. It worked like a charm. I had a requirement to launch a msi as a different user from the service and this code helped me a lot.

    thanks Again

    Vish

    Reply
  5. Tulasi Kumar G M

    Hi I have used this ProcessImpersonator.cs looks like this: here
    and i modified a bit Just i have added commandLine and returning process ID, i will use this command line another console app.exe to connect remote machine but it is not connecting(I have pass all valid arguement. ) please help me out this

    Reply

Leave a Reply to Ahmet Cancel reply