How do I use impersonation on a C# Winforms application to run with admin privileges?

Question

How do I use impersonation to run a C# Winforms application with admin privileges? Can anyone throw some light on this?

Answer 1

Following line of code may help you to achieve your goal. I found this in a "Code Project" article.

check full article : http://www.codeproject.com/KB/dotnet/UserImpersonationInNET.aspx

using System.Security.Principal;
using System.Runtime.InteropServices;


//the following code executed before you perform your task

if ( ! ImpersonationUtil.Impersonate( _userName, _password, _domain ) )

{
MessageBox.Show("Impersonation failed.");
return;
}

//Perform task as this user here...

//After your task, do this:
ImpersonationUtil.UnImpersonate();


Here is the code for the ImpersonationUtil class:

/// <summary>
/// Impersonate a windows logon.
/// </summary>
public class ImpersonationUtil {

/// <summary>
/// Impersonate given logon information.
/// </summary>
/// <param name="logon">Windows logon name.</param>
/// <param name="password">password</param>
/// <param name="domain">domain name</param>
/// <returns></returns>
public static bool Impersonate( string logon, string password, string
domain ) {
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;

if( LogonUser( logon, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0 ) {

if ( DuplicateToken( token, 2, ref tokenDuplicate ) != 0 ) {
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if ( null != impersonationContext ) return true;
}
}

return false;
}

/// <summary>
/// Unimpersonate.
/// </summary>
public static void UnImpersonate() {
impersonationContext.Undo();
}

[DllImport("advapi32.dll", CharSet=CharSet.Auto)]
public static extern int LogonUser(
string lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken );

[DllImport("advapi32.dll",
CharSet=System.Runtime.InteropServices.CharSet.Aut o,
SetLastError=true)]
public extern static int DuplicateToken(
IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken );

private const int LOGON32_LOGON_INTERACTIVE = 2;
private const int LOGON32_LOGON_NETWORK_CLEARTEXT = 4;
private const int LOGON32_PROVIDER_DEFAULT = 0;
private static WindowsImpersonationContext impersonationContext;
}

Answer 2

There is a similar question on SO:
How to run c# application with admin creds?

There are some codeproject impersonation resources:
http://www.codeproject.com/KB/cs/cpimpersonation1.aspx
http://www.codeproject.com/KB/cs/zetaimpersonator.aspx

Check out WindowsIdentity class in System.Security.Principal.

There is an Impersonate() method that will do what you are trying to accomplish. The missing link with this class is that you have to obtain an access token handle to use it. The only way I know of doing this is by pinvoking one of the Win32 security functions like LogonUser().

Source:
http://www.developmentnow.com/g/36_2005_4_0_0_511838/Run-with-Administrator-Credentials.htm

You can also set up special XML in application manifest, which will force your application to always run as an administrator.
http://www.enusbaum.com/blog/2007/08/26/how-to-run-your-c-application-as-administrator-in-windows-vista/