3


This

var psi = new ProcessStartInfo("cmd")
            {
                Verb = "runas",
                UseShellExecute = true,
                Arguments = "/user:domain\\username"
            };
        var ps = Process.Start(psi);

does not start the command line window with the given credentials nor asks for password. I'd like to know how to use it properly.

I was told, that one shouldn't use the StartInfo.UserName, Domain and Password method because it's not safe.

Nash
  • 69
  • 9
  • what exactly is unsafe about it? – nozzleman Oct 27 '16 at 13:26
  • "Please DON'T save passwords inside your source code!" So I've been told. – Nash Oct 27 '16 at 13:27
  • no need to save it, you can promt the user for it by yourself and pass it to your `ProcessStartInfo` before actually starting it ;) – nozzleman Oct 27 '16 at 13:30
  • The concern isn't about using them at all, the concern is with embedding secrets into your script. There are many secure techniques to get credentials, keys, and other secrets into a script without storing the values in the script itself. – codewario Oct 15 '21 at 19:56

1 Answers1

0

I wouldn't say that it is insecure to use such built in .NET functionality: Just don't save plaintext passwords in and you're good to go. Just provide all the non-critical properties to your ProcessStartInfo just as .NET wants you to, and then promt the user for the password:

var psi = new ProcessStartInfo("cmd")
{
    UseShellExecute = true,
    UserName = "username",
    Domain = "domain"
};

SecureString password = new SecureString();

Console.WriteLine("Please type in the password for 'username':");
var readLine = Console.ReadLine(); // this should be masked in some way.. ;)

if (readLine != null)
{
    foreach (var character in readLine)
    {
        password.AppendChar(character);
    }

    psi.Password = password;
}

var ps = Process.Start(psi);

However, as my comment states, you should mask the password-promt in some way. see Password masking console application for an example on how to achieve this...

Community
  • 1
  • 1
nozzleman
  • 9,529
  • 4
  • 37
  • 58