c# - bad why Permissions problem when starting .NET app from .NET service as a different user?




2 Answers

I would try to create the process under the impersonated context of the newly created user as below.

[DllImport("advapi32.DLL", SetLastError = true)]
public static extern int LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, out IntPtr phToken);

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);

[DllImport("advapi32.DLL")]
public static extern bool ImpersonateLoggedOnUser(IntPtr hToken);

static void Main()
{             
    IntPtr admin_token = new IntPtr();
    WindowsIdentity wid_admin = null;
    WindowsImpersonationContext wic = null;

    LogonUser("username", "domain", "password", 9, 3, out admin_token);
    wid_admin = new WindowsIdentity(admin_token);
    wic = wid_admin.Impersonate();

    _process = new Process
    {
        StartInfo =
        {
            Arguments = " -debug",
            FileName = instanceDirectory + "host.exe",
            WorkingDirectory = instanceDirectory,
            UseShellExecute = false,
            RedirectStandardError = true,
            RedirectStandardOutput = true,
            RedirectStandardInput = true,
            UserName = Helpers.GetUserNameForInstance(_hostid),
            Password = _hostpass,
            Domain = ""
        },
        EnableRaisingEvents = true
    };

    if (wic != null) wic.Undo();
    CloseHandle(admin_token);
}
windows service in c# example code project

I'm trying to start a .NET application under a different user from a .NET service. The idea is to create a sandboxed hosting application in windows. In the service, I programatically created the user in windows, create a folder for that user, and download the host .exe from a server into that folder. I then I run the host .exe using System.Diagnostics.Process. Here is the StartInfo for the process:

_process = new Process
{
    StartInfo =
    {
        Arguments = " -debug",
        FileName = instanceDirectory + "host.exe",
        WorkingDirectory = instanceDirectory,
        UseShellExecute = false,
        RedirectStandardError = true,
        RedirectStandardOutput = true,
        RedirectStandardInput = true,
        UserName = Helpers.GetUserNameForInstance(_hostid),
        Password = _hostpass,
        Domain = ""
    },
    EnableRaisingEvents = true
};

When I run the service as a SERVICE, the process crashes instantly with an error code of -1073741502. but when I run the service as the same user specified in the windows service but interactively in the console, everything works fine. This only happens whenever running the service as a SERVICE and not directly in the console.

Any help would be MUCH appreciated. This has been a headache for a long time now and this is a last resort :(




0xc0000142 (-1073741502) is STATUS_DLL_INIT_FAILED:

Initialization of the dynamic link library [name] failed. The process is terminating abnormally.

As the website TenaciousImpy gave pointed out, you need to give the account permissions to the window station and desktop. But if the program is interactive, you need to set the session ID of the process token as well.






Related