1

I have a website where I click a button and a process its supposed to start. The problem is that I have to start that new process with other user and its starting with the user currently running the site in IIS.

Even when I Log inside the RunImpersonated the current user, the log its correct with the user that I want but than in the task manager the username running the process that I start its the website one. I don't want to wait for the process to complete, just start the thing and go on with my life. Can anyone help me please? A little bit lost, don t know what to test anymore.

Thanks in advance

Here is the code:

UserCredentials credentials = new UserCredentials(specificTool.Username, specificTool.PlainPassword);
using (SafeAccessTokenHandle userHandle = credentials.LogonUser(LogonType.Batch))
{
    WindowsIdentity.RunImpersonated(userHandle, () =>
    {
        var teste = WindowsIdentity.GetCurrent().Name;
        LoggerStatic.Info(teste);
        var proc = new Process
        {
            StartInfo = new ProcessStartInfo
            {
                FileName = cmdToUse,
                Arguments = argsToUse,
                WindowStyle = ProcessWindowStyle.Hidden,
                WorkingDirectory = toolPath,
                UseShellExecute = false
            }
        };

        proc.Start();
    });
};
return true;
ManelAcacio
  • 21
  • 5
  • Have you considered just using `ProcessStartInfo.Password` and providing username and password to it? – Charlieface Apr 11 '22 at 13:53
  • Thanks for the help. I get AccessDenied that way. And if I use WMI Connection I get Code 8 that means "Unkown Failure". This way I get the task running but its with the wrong user – ManelAcacio Apr 11 '22 at 13:55
  • `LoggerStatic.Info(teste);` What is the result? – Charlieface Apr 11 '22 at 14:00
  • The correct user that I want to run the task with. But than after proc.Start() I see in the task manager that it started not with the correct user (the one that appears in the line in your question) but with the user that the site is running with. – ManelAcacio Apr 11 '22 at 14:07
  • Does this answer your question? [.Net Core Impersonation not working with Process.Start](https://stackoverflow.com/questions/59307181/net-core-impersonation-not-working-with-process-start) – Charlieface Apr 11 '22 at 14:14
  • Without the WindowStyle Hidden is the same result. I will try what they say in that post and I will report back. Thanks – ManelAcacio Apr 11 '22 at 14:18
  • `Process.Start()` ignores impersonation. Diagnosing why you're getting an "access denied" when you use `ProcessStartInfo` is the way to go, because that *is* the correct way to do it. The most obvious problem might be incorrect credentials, or forgetting to set the `Domain` property while the user is not in UPN format. – Jeroen Mostert Apr 11 '22 at 14:39
  • Thanks @JeroenMostert. I was using like I use in cmd like DOMAIN\User but I changed to that you said. I cleaned the username of the domain and put the Domain in the ProcessStartInfo and if I am running in debug VS2019 it works, it creates the process with right user. Now when I deploy to the server and use it there it does give process created but two errors in event viewer appear, one my executable and other conhost.exe, both with APPCRASH reason and 0xc0000142 code. In the target machine I can run the executable in cmd with no problems. FYI the exe its made by me in golang and compiled. – ManelAcacio Apr 11 '22 at 15:29
  • `0xc0000142` is `STATUS_DLL_INIT_FAILED`. This could have a *lot* of possible causes, but the most likely is that IIS processes have only a very slim environment block because IIS doesn't load any user profile by default. This may mean that a lot of variables normally taken for granted (notably what's in the `PATH`) are not available and can cause executables to fail. The other difference is that IIS app pools are going to run in a non-interactive session, which can cause failures if attempts are made to access the UI. – Jeroen Mostert Apr 11 '22 at 15:38
  • I went and check and the flag "Load User Profile" is False in my application Pool. Maybe thats why? – ManelAcacio Apr 11 '22 at 15:55

0 Answers0