Process start and Impersonation

Question

I have problem with starting processes in impersonated context in ASP.NET 2.0.

I am starting new Process in my web service code. IIS 5.1, .NET 2.0

[WebMethod]
public string HelloWorld()
{
    string path = @"C:\KB\GetWindowUser.exe";
    ProcessStartInfo startInfo = new ProcessStartInfo();
    startInfo.WorkingDirectory = Path.GetDirectoryName(path);
    startInfo.FileName = path;
    startInfo.UseShellExecute = false;
    startInfo.CreateNoWindow = true;
    startInfo.ErrorDialog = false;
    startInfo.RedirectStandardOutput = true;
    startInfo.RedirectStandardError = true;
    Process docCreateProcess = Process.Start(startInfo);

    string errors = docCreateProcess.StandardError.ReadToEnd();
    string output = docCreateProcess.StandardOutput.ReadToEnd();
}

The "C:\KB\GetWindowUser.exe" is console application containing following code:

static void Main(string[] args)
{
    Console.WriteLine("Windows: " + WindowsIdentity.GetCurrent().Name);
}

When I invoke web service without impersonation, everything works fine.

When I turn on impersonation, following error is written in "errors" variable in web service code:

Unhandled Exception: System.Security.SecurityException: Access is denied.\r\n\r\n at System.Security.Principal.WindowsIdentity.GetCurrentInternal(TokenAccessLevels desiredAccess, Boolean threadOnly)\r\n at System.Security.Principal.WindowsIdentity.GetCurrent()\r\n at ObfuscatedMdc.Program.Main(String[] args)\r\nThe Zone of the assembly that failed was:\r\nMyComputer

Impersonated user is local administrator and has access to C:\KB\GetWindowUser.exe executable.

When I specify window user explicitly in ProcesStartInfo properties Domain, User and Password, I got following message: http://img201.imageshack.us/img201/5870/pstartah8.jpg

Is it possible to start process with different credentials than ASPNET from asp.net (IIS 5.1) ?

Answer 1

You have to put privileged code into the GAC (or run in Full trust).

The code in the GAC must assert the XXXPermission, where XXX is what ever permission you are requesting, be it impersonation, access to the harddrive or what have you.

You should revert the assert immediately afterwords.

You should make sure that the API on your DLL that you put in the GAC has no opportunities for abuse. For example, if you were writing a website for letting users backup the server via a command line application, your API should old expose a method like "BackUp()" and not "LaunchAribitraryProcess(string path)"

The web.config file must have impersonation set up as well, or you will run into NTFS permission problems as well as CAS.

Here is the complete explanation.