Databases
StackOverflow2013
Postsdbo
POProcess.Start() throws "Access Denied" after Impersonation
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POProcess.Start() throws "Access Denied" after Impersonation
    primarykey
    data
    text
    <p>I'm having a problem executing a file from a file server using Process.Start() + Impersonation. Please help me to solve my problem. Is there another way to do this?</p> <p>This is the button click event.</p> <pre><code>private void btnOpen_Click(object sender, EventArgs e) { try { newUser = cls.ImpersonateUser("username", "domain", "password"); string fileName = @"\\network_computer\Test\Test.doc"; System.Diagnostics.Process.Start(fileName); } catch (Exception ex) { throw ex; } finally { if (newUser != null) newUser.Undo(); } } </code></pre> <p>This is the impersonation class.</p> <pre><code>public class clsImpersonate { #region 'Impersonation' // group type enum public enum SECURITY_IMPERSONATION_LEVEL : int { SecurityAnonymous = 0, SecurityIdentification = 1, SecurityImpersonation = 2, SecurityDelegation = 3 } // obtains user token [DllImport("advapi32.dll", SetLastError = true)] public static extern bool LogonUser(string pszUsername, string pszDomain, string pszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); // closes open handes returned by LogonUser [DllImport("kernel32.dll", CharSet = CharSet.Auto)] public extern static bool CloseHandle(IntPtr handle); // creates duplicate token handle [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle); private System.Security.Principal.WindowsImpersonationContext newUser; public WindowsImpersonationContext ImpersonateUser(string sUsername, string sDomain, string sPassword) { // initialize tokens IntPtr pExistingTokenHandle = new IntPtr(0); IntPtr pDuplicateTokenHandle = new IntPtr(0); pExistingTokenHandle = IntPtr.Zero; pDuplicateTokenHandle = IntPtr.Zero; // if domain name was blank, assume local machine if (sDomain == "") sDomain = System.Environment.MachineName; try { string sResult = null; const int LOGON32_PROVIDER_DEFAULT = 0; // create token const int LOGON32_LOGON_INTERACTIVE = 2; //const int SecurityImpersonation = 2; // get handle to token bool bImpersonated = LogonUser(sUsername, sDomain, sPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref pExistingTokenHandle); // did impersonation fail? if (false == bImpersonated) { int nErrorCode = Marshal.GetLastWin32Error(); sResult = "LogonUser() failed with error code: " + nErrorCode + "\r\n"; // show the reason why LogonUser failed //MessageBox.Show(sResult, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } // Get identity before impersonation sResult += "Before impersonation: " + WindowsIdentity.GetCurrent().Name + "\r\n"; bool bRetVal = DuplicateToken(pExistingTokenHandle, (int)SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, ref pDuplicateTokenHandle); // did DuplicateToken fail? if (false == bRetVal) { int nErrorCode = Marshal.GetLastWin32Error(); CloseHandle(pExistingTokenHandle); // close existing handle sResult += "DuplicateToken() failed with error code: " + nErrorCode + "\r\n"; // show the reason why DuplicateToken failed //MessageBox.Show(sResult, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); return null; } else { // create new identity using new primary token WindowsIdentity newId = new WindowsIdentity(pDuplicateTokenHandle); WindowsImpersonationContext impersonatedUser = newId.Impersonate(); // check the identity after impersonation sResult += "After impersonation: " + WindowsIdentity.GetCurrent().Name + "\r\n"; //MessageBox.Show(sResult, "Success", MessageBoxButtons.OK, MessageBoxIcon.Information); return impersonatedUser; } } catch (Exception ex) { throw ex; } finally { // close handle(s) if (pExistingTokenHandle != IntPtr.Zero) CloseHandle(pExistingTokenHandle); if (pDuplicateTokenHandle != IntPtr.Zero) CloseHandle(pDuplicateTokenHandle); } } #endregion } </code></pre>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USAin Ronquillo
    1. USAin Ronquillo
    plurals
    1. This table or related slice is empty.
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. COYou have to make sure that the account that execute your program have the rights to execute the program your trying to launch with the `process.start`
      singulars
      1. POProcess.Start() throws "Access Denied" after Impersonation
      1. USRahul
    2. COStart your program with Administrator rights.
      singulars
      1. POProcess.Start() throws "Access Denied" after Impersonation
      1. USWarlock
    3. CO@Rahul - The account I'm using have a full access to that path.
      singulars
      1. POProcess.Start() throws "Access Denied" after Impersonation
      1. USAin Ronquillo
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload