Starting up Windows Program from a webform with current users's authentication

Discussion in 'ASP .Net' started by Kristof Despiere, May 28, 2004.

  1. Suppose you have one domain, filled with a couple of users. What needs to be
    done now is I need to start a windows application from a webform by pressing
    a button on the webform (for example).

    The problem is that the user who "owns" the service is always the ASPNET
    account. That's not good since you don't see the actual application (because
    it's owned by ASPNET). I've tried changed the processmodel section in the
    machine.config file to "SYSTEM" instead of "MACHINE" but that didn't work.
    It was the same thing except the process owner was now "SYSTEM" and should
    be my logged on (authenticated) user. The reason why that is needed is
    because the application detects the current users login and compares that
    with the membership of a certain group.

    My next step was to try impersonation, but that doesn't work yet. See
    snippet of code below. I don't know what i do wrong but i keeps functioning
    as the ASPNET account. I also tried giving the ASPNET account the rights of
    ("Act as a part of the operating system") but that does nothing again. What
    am i missing here. Ah, in the web.conf impersonation is set to true but
    still doesn't work.

    Help would be strongly appreciated.
    Kristof

    System.Security.Principal.WindowsImpersonationContext impersonationContext;

    impersonationContext =
    ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();

    System.Diagnostics.Process myProcess = new System.Diagnostics.Process();

    myProcess.StartInfo.FileName = "test.exe";

    myProcess.StartInfo.WorkingDirectory = @"D:\test";

    myProcess.Start();

    impersonationContext.Undo();
    Kristof Despiere, May 28, 2004
    #1
    1. Advertising

  2. Kristof Despiere

    bruce barker Guest

    you need to turn anonymous off on the website. then set impersonation on in
    the web config.

    note: your windows app must be written to run without a window, or you will
    get a permission error when it starts up, as access to the desktop will be
    denied.

    -- bruce (sqlwork.com)



    "Kristof Despiere" <> wrote in message
    news:c9705p$a9a$...
    > Suppose you have one domain, filled with a couple of users. What needs to

    be
    > done now is I need to start a windows application from a webform by

    pressing
    > a button on the webform (for example).
    >
    > The problem is that the user who "owns" the service is always the ASPNET
    > account. That's not good since you don't see the actual application

    (because
    > it's owned by ASPNET). I've tried changed the processmodel section in the
    > machine.config file to "SYSTEM" instead of "MACHINE" but that didn't work.
    > It was the same thing except the process owner was now "SYSTEM" and should
    > be my logged on (authenticated) user. The reason why that is needed is
    > because the application detects the current users login and compares that
    > with the membership of a certain group.
    >
    > My next step was to try impersonation, but that doesn't work yet. See
    > snippet of code below. I don't know what i do wrong but i keeps

    functioning
    > as the ASPNET account. I also tried giving the ASPNET account the rights

    of
    > ("Act as a part of the operating system") but that does nothing again.

    What
    > am i missing here. Ah, in the web.conf impersonation is set to true but
    > still doesn't work.
    >
    > Help would be strongly appreciated.
    > Kristof
    >
    > System.Security.Principal.WindowsImpersonationContext

    impersonationContext;
    >
    > impersonationContext =
    > ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
    >
    > System.Diagnostics.Process myProcess = new System.Diagnostics.Process();
    >
    > myProcess.StartInfo.FileName = "test.exe";
    >
    > myProcess.StartInfo.WorkingDirectory = @"D:\test";
    >
    > myProcess.Start();
    >
    > impersonationContext.Undo();
    >
    >
    >
    >
    bruce barker, May 28, 2004
    #2
    1. Advertising

  3. Did that (anonymous off and impersonation=true)
    And it should be a windows application with window that should be started up
    from the webform. The only problem is that it keeps starting up with the
    wrong "user owner". Task Manager=>Processes keeps showing the "ASPNET" user
    as the owner.


    "bruce barker" <> wrote in message
    news:u8$...
    > you need to turn anonymous off on the website. then set impersonation on

    in
    > the web config.
    >
    > note: your windows app must be written to run without a window, or you

    will
    > get a permission error when it starts up, as access to the desktop will be
    > denied.
    >
    > -- bruce (sqlwork.com)
    >
    >
    >
    > "Kristof Despiere" <> wrote in message
    > news:c9705p$a9a$...
    > > Suppose you have one domain, filled with a couple of users. What needs

    to
    > be
    > > done now is I need to start a windows application from a webform by

    > pressing
    > > a button on the webform (for example).
    > >
    > > The problem is that the user who "owns" the service is always the ASPNET
    > > account. That's not good since you don't see the actual application

    > (because
    > > it's owned by ASPNET). I've tried changed the processmodel section in

    the
    > > machine.config file to "SYSTEM" instead of "MACHINE" but that didn't

    work.
    > > It was the same thing except the process owner was now "SYSTEM" and

    should
    > > be my logged on (authenticated) user. The reason why that is needed is
    > > because the application detects the current users login and compares

    that
    > > with the membership of a certain group.
    > >
    > > My next step was to try impersonation, but that doesn't work yet. See
    > > snippet of code below. I don't know what i do wrong but i keeps

    > functioning
    > > as the ASPNET account. I also tried giving the ASPNET account the rights

    > of
    > > ("Act as a part of the operating system") but that does nothing again.

    > What
    > > am i missing here. Ah, in the web.conf impersonation is set to true but
    > > still doesn't work.
    > >
    > > Help would be strongly appreciated.
    > > Kristof
    > >
    > > System.Security.Principal.WindowsImpersonationContext

    > impersonationContext;
    > >
    > > impersonationContext =
    > >

    ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
    > >
    > > System.Diagnostics.Process myProcess = new System.Diagnostics.Process();
    > >
    > > myProcess.StartInfo.FileName = "test.exe";
    > >
    > > myProcess.StartInfo.WorkingDirectory = @"D:\test";
    > >
    > > myProcess.Start();
    > >
    > > impersonationContext.Undo();
    > >
    > >
    > >
    > >

    >
    >
    Kristof Despiere, May 29, 2004
    #3
  4. > The problem is that the user who "owns" the service is always the ASPNET
    what service are you talking about?

    > machine.config file to "SYSTEM" instead of "MACHINE" but that didn't

    you are bumping the rights of everything on the server up a notch. This is
    certainly not recommended.

    you will first need to find out the identity that the web page is under. It
    may not be what you think. Use this line of code to find out what identity
    the process is running under. Once you find the correct identity, you can
    either use impersonation to set the application to run under the proper
    account or you can impersonate thru code. You will need to add the
    appropriate rights on the directory housing the windows application. You
    should configure it for read permissions by adding the identity to be
    impersonated to the ACL.

    Response.Write("<script>alert('"+System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString()+"')</script>");


    --
    Regards,
    Alvin Bruney
    [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
    Got tidbits? Get it here... http://tinyurl.com/27cok
    "Kristof Despiere" <> wrote in message
    news:c9aaon$ck1$...
    > Did that (anonymous off and impersonation=true)
    > And it should be a windows application with window that should be started
    > up
    > from the webform. The only problem is that it keeps starting up with the
    > wrong "user owner". Task Manager=>Processes keeps showing the "ASPNET"
    > user
    > as the owner.
    >
    >
    > "bruce barker" <> wrote in message
    > news:u8$...
    >> you need to turn anonymous off on the website. then set impersonation on

    > in
    >> the web config.
    >>
    >> note: your windows app must be written to run without a window, or you

    > will
    >> get a permission error when it starts up, as access to the desktop will
    >> be
    >> denied.
    >>
    >> -- bruce (sqlwork.com)
    >>
    >>
    >>
    >> "Kristof Despiere" <> wrote in message
    >> news:c9705p$a9a$...
    >> > Suppose you have one domain, filled with a couple of users. What needs

    > to
    >> be
    >> > done now is I need to start a windows application from a webform by

    >> pressing
    >> > a button on the webform (for example).
    >> >
    >> > The problem is that the user who "owns" the service is always the
    >> > ASPNET
    >> > account. That's not good since you don't see the actual application

    >> (because
    >> > it's owned by ASPNET). I've tried changed the processmodel section in

    > the
    >> > machine.config file to "SYSTEM" instead of "MACHINE" but that didn't

    > work.
    >> > It was the same thing except the process owner was now "SYSTEM" and

    > should
    >> > be my logged on (authenticated) user. The reason why that is needed is
    >> > because the application detects the current users login and compares

    > that
    >> > with the membership of a certain group.
    >> >
    >> > My next step was to try impersonation, but that doesn't work yet. See
    >> > snippet of code below. I don't know what i do wrong but i keeps

    >> functioning
    >> > as the ASPNET account. I also tried giving the ASPNET account the
    >> > rights

    >> of
    >> > ("Act as a part of the operating system") but that does nothing again.

    >> What
    >> > am i missing here. Ah, in the web.conf impersonation is set to true
    >> > but
    >> > still doesn't work.
    >> >
    >> > Help would be strongly appreciated.
    >> > Kristof
    >> >
    >> > System.Security.Principal.WindowsImpersonationContext

    >> impersonationContext;
    >> >
    >> > impersonationContext =
    >> >

    > ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
    >> >
    >> > System.Diagnostics.Process myProcess = new
    >> > System.Diagnostics.Process();
    >> >
    >> > myProcess.StartInfo.FileName = "test.exe";
    >> >
    >> > myProcess.StartInfo.WorkingDirectory = @"D:\test";
    >> >
    >> > myProcess.Start();
    >> >
    >> > impersonationContext.Undo();
    >> >
    >> >
    >> >
    >> >

    >>
    >>

    >
    >
    Alvin Bruney [MVP], May 29, 2004
    #4
  5. I meant thread instead of service. Ok time to go a bit more specific

    When you customize MS CRM, you can add a button in for example the accounts
    or contacts pages. But you can only assign url's to that button.
    On the other hand i have a windows applications that uses windows
    authentication to detect te permission etc.. of the logged on user (which
    also deals with accounts/contacts/...)
    The meaning is that when someone clicks the button in MS CRM, a url will be
    openened (for example "http://testserver/test.aspx?accountID=334" or sth
    like that). Then the webform should detect if the windows application is
    open. If it is, just navigate to the proper record of the windows appl., if
    the application is not active at the moment, it should start the application
    (with authenticated user impersonation), and navigate to the right record.
    But even when I include impersonation when I instantiate a
    System.Diagnostics.Process (with impersonationContext) it start the windows
    application with the "ASPNET" account. Since it's the wrong account, the
    application won't show up since it needs to be started up with the current
    user.
    Thanx for the help btw :p
    The last things you said i need to check out, I've detected that part
    "System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString()" by
    inputting it in a textbox on the page on Page_Load. I shows the right user
    "DOMAIN/USERNAME" (So that should be OK too)
    About that :
    > Once you find the correct identity, you can
    > either use impersonation to set the application to run under the proper
    > account or you can impersonate thru code. You will need to add the
    > appropriate rights on the directory housing the windows application. You
    > should configure it for read permissions by adding the identity to be
    > impersonated to the ACL.

    Should take a look, probably that or not :p I'll get back to you once i've
    tried

    Kristof

    PS :> > machine.config file to "SYSTEM" instead of "MACHINE" but that didn't
    > you are bumping the rights of everything on the server up a notch. This is
    > certainly not recommended.

    I've turned that back to machine since i didn't help anyway :p


    "Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message
    news:u%...
    > > The problem is that the user who "owns" the service is always the ASPNET

    > what service are you talking about?
    >
    > > machine.config file to "SYSTEM" instead of "MACHINE" but that didn't

    > you are bumping the rights of everything on the server up a notch. This is
    > certainly not recommended.
    >
    > you will first need to find out the identity that the web page is under.

    It
    > may not be what you think. Use this line of code to find out what identity
    > the process is running under. Once you find the correct identity, you can
    > either use impersonation to set the application to run under the proper
    > account or you can impersonate thru code. You will need to add the
    > appropriate rights on the directory housing the windows application. You
    > should configure it for read permissions by adding the identity to be
    > impersonated to the ACL.
    >
    >

    Response.Write("<script>alert('"+System.Security.Principal.WindowsIdentity.G
    etCurrent().Name.ToString()+"')</script>");
    >
    >
    > --
    > Regards,
    > Alvin Bruney
    > [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
    > Got tidbits? Get it here... http://tinyurl.com/27cok
    > "Kristof Despiere" <> wrote in message
    > news:c9aaon$ck1$...
    > > Did that (anonymous off and impersonation=true)
    > > And it should be a windows application with window that should be

    started
    > > up
    > > from the webform. The only problem is that it keeps starting up with the
    > > wrong "user owner". Task Manager=>Processes keeps showing the "ASPNET"
    > > user
    > > as the owner.
    > >
    > >
    > > "bruce barker" <> wrote in message
    > > news:u8$...
    > >> you need to turn anonymous off on the website. then set impersonation

    on
    > > in
    > >> the web config.
    > >>
    > >> note: your windows app must be written to run without a window, or you

    > > will
    > >> get a permission error when it starts up, as access to the desktop will
    > >> be
    > >> denied.
    > >>
    > >> -- bruce (sqlwork.com)
    > >>
    > >>
    > >>
    > >> "Kristof Despiere" <> wrote in message
    > >> news:c9705p$a9a$...
    > >> > Suppose you have one domain, filled with a couple of users. What

    needs
    > > to
    > >> be
    > >> > done now is I need to start a windows application from a webform by
    > >> pressing
    > >> > a button on the webform (for example).
    > >> >
    > >> > The problem is that the user who "owns" the service is always the
    > >> > ASPNET
    > >> > account. That's not good since you don't see the actual application
    > >> (because
    > >> > it's owned by ASPNET). I've tried changed the processmodel section in

    > > the
    > >> > machine.config file to "SYSTEM" instead of "MACHINE" but that didn't

    > > work.
    > >> > It was the same thing except the process owner was now "SYSTEM" and

    > > should
    > >> > be my logged on (authenticated) user. The reason why that is needed

    is
    > >> > because the application detects the current users login and compares

    > > that
    > >> > with the membership of a certain group.
    > >> >
    > >> > My next step was to try impersonation, but that doesn't work yet. See
    > >> > snippet of code below. I don't know what i do wrong but i keeps
    > >> functioning
    > >> > as the ASPNET account. I also tried giving the ASPNET account the
    > >> > rights
    > >> of
    > >> > ("Act as a part of the operating system") but that does nothing

    again.
    > >> What
    > >> > am i missing here. Ah, in the web.conf impersonation is set to true
    > >> > but
    > >> > still doesn't work.
    > >> >
    > >> > Help would be strongly appreciated.
    > >> > Kristof
    > >> >
    > >> > System.Security.Principal.WindowsImpersonationContext
    > >> impersonationContext;
    > >> >
    > >> > impersonationContext =
    > >> >

    > >

    ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
    > >> >
    > >> > System.Diagnostics.Process myProcess = new
    > >> > System.Diagnostics.Process();
    > >> >
    > >> > myProcess.StartInfo.FileName = "test.exe";
    > >> >
    > >> > myProcess.StartInfo.WorkingDirectory = @"D:\test";
    > >> >
    > >> > myProcess.Start();
    > >> >
    > >> > impersonationContext.Undo();
    > >> >
    > >> >
    > >> >
    > >> >
    > >>
    > >>

    > >
    > >

    >
    >
    Kristof Despiere, May 29, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. titof
    Replies:
    0
    Views:
    485
    titof
    Jul 24, 2003
  2. timmso
    Replies:
    1
    Views:
    465
    Alex Papadimoulis
    Dec 12, 2003
  3. =?Utf-8?B?bXN1aw==?=

    Using one webform to set a value on another webform

    =?Utf-8?B?bXN1aw==?=, Jul 12, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    440
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Jul 12, 2006
  4. =?Utf-8?B?Vk1J?=

    Moving value from popup Webform to main Webform?

    =?Utf-8?B?Vk1J?=, Oct 9, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    553
    GroupReader
    Oct 9, 2006
  5. Luqman
    Replies:
    2
    Views:
    651
    Steve C. Orr [MCSD, MVP, CSM, ASP Insider]
    Apr 11, 2007
Loading...

Share This Page