V
vipleo
I am having some issues, when I try to launch another process using
Process.Start(ProcessStartInfo psi) on win xp sp2 box (Other versions
of xp have no issue).
Here is the detail.
Main app checks for updates on startup and if updates are available, it
launches separate exe to copy files.
Before launching new process(exe), I am impersonating admin user as
main app is being launched by non-admin user.
User identity is changed after impersonation, but during update,
"Access is denied" win32Exception is being thrown when main code tries
to launch copier exe.
Impersonation is implemented using following win32 api.
<code>
string domainName = string.Empty;
try
{
// Get current windows identity
string currentWindowsIdentity = WindowsIdentity.GetCurrent().Name;
domainName = currentWindowsIdentity.Substring(0,
currentWindowsIdentity.IndexOf('\\'));
const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 2;
const int SecurityImpersonation = 2;
tokenHandle = IntPtr.Zero;
dupeTokenHandle = IntPtr.Zero;
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(_impersonationUsername,
domainName,_impersonationPassword, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,ref tokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
int errorCode = 0x5; //ERROR_ACCESS_DENIED
throw new System.ComponentModel.Win32Exception(errorCode);
}
// Check the identity.
bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation, ref
dupeTokenHandle);
if (false == retVal)
{
CloseHandle(tokenHandle);
return;
}
// The token that is passed to the following constructor must
// be a primary token in order to use it for impersonation.
WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
_impersonatedUser = newId.Impersonate();
}
catch(Exception ex)
{
}
</code>
I have enabled following security policies for non-admin user:
1) Replace a process level token.
2) Debug programs
3) Adjust memory quotas for a process
NOTE: 'Launching another exe' works fine, if no user impersonation is
used.
Any ideas, what might be wrong ?
~ViPuL
Process.Start(ProcessStartInfo psi) on win xp sp2 box (Other versions
of xp have no issue).
Here is the detail.
Main app checks for updates on startup and if updates are available, it
launches separate exe to copy files.
Before launching new process(exe), I am impersonating admin user as
main app is being launched by non-admin user.
User identity is changed after impersonation, but during update,
"Access is denied" win32Exception is being thrown when main code tries
to launch copier exe.
Impersonation is implemented using following win32 api.
<code>
string domainName = string.Empty;
try
{
// Get current windows identity
string currentWindowsIdentity = WindowsIdentity.GetCurrent().Name;
domainName = currentWindowsIdentity.Substring(0,
currentWindowsIdentity.IndexOf('\\'));
const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 2;
const int SecurityImpersonation = 2;
tokenHandle = IntPtr.Zero;
dupeTokenHandle = IntPtr.Zero;
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(_impersonationUsername,
domainName,_impersonationPassword, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,ref tokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
int errorCode = 0x5; //ERROR_ACCESS_DENIED
throw new System.ComponentModel.Win32Exception(errorCode);
}
// Check the identity.
bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation, ref
dupeTokenHandle);
if (false == retVal)
{
CloseHandle(tokenHandle);
return;
}
// The token that is passed to the following constructor must
// be a primary token in order to use it for impersonation.
WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
_impersonatedUser = newId.Impersonate();
}
catch(Exception ex)
{
}
</code>
I have enabled following security policies for non-admin user:
1) Replace a process level token.
2) Debug programs
3) Adjust memory quotas for a process
NOTE: 'Launching another exe' works fine, if no user impersonation is
used.
Any ideas, what might be wrong ?
~ViPuL