Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CreateProcessAsUserW - ERROR

Status
Not open for further replies.

tEkHEd

IS-IT--Management
Jan 29, 2003
261
GB
Hi.

I am no longer able to use the API call above with Windows XP SP2 or Windows Server 2003. I understand that this is due to the way in which this api call has been amended in the new versions of the OS if called by a service.

To work around this I wanted to use impersonation on a seperate thread.

To setup the impersonation I utilise the LogonUser and DuplicateToken APIs.

Code:
Public Sub BeginImpersonation()
        Const LOGON32_PROVIDER_DEFAULT As Integer = 0
        Const LOGON32_LOGON_INTERACTIVE As Integer = 2
        Const SecurityImpersonation As Integer = 2

        Dim win32ErrorNumber As Integer
        Console.WriteLine(_password)
        _tokenHandle = IntPtr.Zero
        _dupeTokenHandle = IntPtr.Zero

        If Not LogonUser(_username, _domainname, _password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, _tokenHandle) Then
            win32ErrorNumber = System.Runtime.InteropServices.Marshal.GetLastWin32Error()
            Throw New ImpersonationException(win32ErrorNumber, GetErrorMessage(win32ErrorNumber), _username, _domainname)
        End If

        If Not DuplicateToken(_tokenHandle, SecurityImpersonation, _dupeTokenHandle) Then
            win32ErrorNumber = System.Runtime.InteropServices.Marshal.GetLastWin32Error()

            CloseHandle(_tokenHandle)
            Throw New ImpersonationException(win32ErrorNumber, "Unable to duplicate token!", _username, _domainname)
        End If

        Dim newId As New System.Security.Principal.WindowsIdentity(_dupeTokenHandle)
        _impersonatedUser = newId.Impersonate()

        Dim newPrin As New System.Security.Principal.WindowsPrincipal(newId)
        _Principal = newPrin

        Console.WriteLine("Token impersonated as: " & newId.Name)
        WindowsIdentity = newId
    End Sub

I then create the new thread and assign a principal to the thread.

Code:
Dim trd as system.Threading.Thread
trd.Principal = _Principal

My question involes how to actually launch a process on the thread that I have just created so that it is launch under the credential of the duplicate token (i.e. impersonated user)?

I was under the impression that if I just created a delegate for a subroutine that performed that function and called the delegate by a:

Code:
Private Delegate Sub RunCommand()

Private Sub ThreadAndLaunch
    Dim t As New Thread(AddressOf RunCommand)
    t.CurrentPrincipal = _Principal
    t.start()
End Sub

this would start my command under the credential of the thread. This doesn't seem to be the case though and the process is launched under my own context.

Can anyone help out with this?

Thanks in advance.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top