0

I want to create a windows service, and be able to impersonate a user that is logged into the box by grabbing the context, maybe through the getprocesses function or the ManagementObject code.

I don't have a password, but the user will be logged into the box where the service is running. This context will then be used for impersonation.

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Jeffrey Kinzer
  • 149
  • 7

1 Answers1

1

I'm not sure that what you want to do as described is possible. Without a password, you cannot impersonate another user, unless their is some sort of coordination between your service, and the user you want to impersonate.

This thread has good information about how to impersonate a user: How do you do Impersonation in .NET?

In order to impersonate the user, you need the Win32 user token. You usually get this via the Win32 LogonUser, which requires a password.

You can work around this however, by having the user that you want to impersonate to initiate a request with your service. You can do this via a start up task, manual user action, or other methods. If you are able to do this, you might want to consider us WCF to create your service. WCF allows you to configure your service to impersonate the user that is making the service call.

Community
  • 1
  • 1
John Atwood
  • 1,505
  • 10
  • 19
  • Essentially i want to be able to have a windows service that may process 10 different things, those things will need to run with a context that we don't have the "passwords" from, however we have a web service that can return whatever context we want from it, then we want to impersonate that context, launch the code, then revert back to the original context. – Jeffrey Kinzer Jun 24 '13 at 18:59
  • This sounds like it will work. Is the windows service calling the web service to get the context, or is the web service calling the windows service and passing it the context information. Either way you should be able to get the information you need to make the impersonation from the web service using: ServiceSecurityContext.Current.WindowsIdentity – John Atwood Jun 24 '13 at 20:18
  • The web service will "Create" a context based on a domain,userid,password stored elsewhere. NetworkCredential is the only thing I've found so far that will allow me to create some credentials, and I can return that, but I am not sure how to set this as the active credential once it retuns from the web service. – Jeffrey Kinzer Jun 24 '13 at 20:42
  • This thread: http://stackoverflow.com/questions/125341/how-do-you-do-impersonation-in-net, has some code that you can use to impersonate the user in your windows service. Also check out the example here: http://msdn.microsoft.com/en-us/library/system.security.principal.windowsimpersonationcontext.aspx – John Atwood Jun 24 '13 at 21:57
  • I've used all of that sort of coding...Works great...However, that doesn't match the condition I stated above. I want to call a webservice. Let the webservice establish a context (not use, but create)..Return that context/logon..or whatever....and when it returns in my service I want to do the impersation with it...do wht I need to do, and then drop the impersonation. I've tried returning the the safetokenhandle or impersonation object out of the web service, but when i try to use it, it fails, because it wants to serialize the "function" in either case. – Jeffrey Kinzer Jun 25 '13 at 13:44