Starting up Windows Program from a webform with current users's authentication

[Kristof Despiere]

Suppose you have one domain, filled with a couple of users. What needs to be
done now is I need to start a windows application from a webform by pressing
a button on the webform (for example).

The problem is that the user who "owns" the service is always the ASPNET
account. That's not good since you don't see the actual application (because
it's owned by ASPNET). I've tried changed the processmodel section in the
machine.config file to "SYSTEM" instead of "MACHINE" but that didn't work.
It was the same thing except the process owner was now "SYSTEM" and should
be my logged on (authenticated) user. The reason why that is needed is
because the application detects the current users login and compares that
with the membership of a certain group.

My next step was to try impersonation, but that doesn't work yet. See
snippet of code below. I don't know what i do wrong but i keeps functioning
as the ASPNET account. I also tried giving the ASPNET account the rights of
("Act as a part of the operating system") but that does nothing again. What
am i missing here. Ah, in the web.conf impersonation is set to true but
still doesn't work.

Help would be strongly appreciated.
Kristof

System.Security.Principal.WindowsImpersonationContext impersonationContext;

impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();

System.Diagnostics.Process myProcess = new System.Diagnostics.Process();

myProcess.StartInfo.FileName = "test.exe";

myProcess.StartInfo.WorkingDirectory = @"D:\test";

myProcess.Start();

impersonationContext.Undo();

 

[bruce barker]

you need to turn anonymous off on the website. then set impersonation on in
the web config.

note: your windows app must be written to run without a window, or you will
get a permission error when it starts up, as access to the desktop will be
denied.

-- bruce (sqlwork.com)

 

[Kristof Despiere]

Did that (anonymous off and impersonation=true)
And it should be a windows application with window that should be started up
from the webform. The only problem is that it keeps starting up with the
wrong "user owner". Task Manager=>Processes keeps showing the "ASPNET" user
as the owner.

 

[Alvin Bruney [MVP]]

The problem is that the user who "owns" the service is always the ASPNET
what service are you talking about?

machine.config file to "SYSTEM" instead of "MACHINE" but that didn't

you are bumping the rights of everything on the server up a notch. This is
certainly not recommended.

you will first need to find out the identity that the web page is under. It
may not be what you think. Use this line of code to find out what identity
the process is running under. Once you find the correct identity, you can
either use impersonation to set the application to run under the proper
account or you can impersonate thru code. You will need to add the
appropriate rights on the directory housing the windows application. You
should configure it for read permissions by adding the identity to be
impersonated to the ACL.

Response.Write("<script>alert('"+System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString()+"')</script>");

 

[Kristof Despiere]

I meant thread instead of service. Ok time to go a bit more specific

When you customize MS CRM, you can add a button in for example the accounts
or contacts pages. But you can only assign url's to that button.
On the other hand i have a windows applications that uses windows
authentication to detect te permission etc.. of the logged on user (which
also deals with accounts/contacts/...)
The meaning is that when someone clicks the button in MS CRM, a url will be
openened (for example "http://testserver/test.aspx?accountID=334" or sth
like that). Then the webform should detect if the windows application is
open. If it is, just navigate to the proper record of the windows appl., if
the application is not active at the moment, it should start the application
(with authenticated user impersonation), and navigate to the right record.
But even when I include impersonation when I instantiate a
System.Diagnostics.Process (with impersonationContext) it start the windows
application with the "ASPNET" account. Since it's the wrong account, the
application won't show up since it needs to be started up with the current
user.
Thanx for the help btw
The last things you said i need to check out, I've detected that part
"System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString()" by
inputting it in a textbox on the page on Page_Load. I shows the right user
"DOMAIN/USERNAME" (So that should be OK too)
About that :

Once you find the correct identity, you can
either use impersonation to set the application to run under the proper
account or you can impersonate thru code. You will need to add the
appropriate rights on the directory housing the windows application. You
should configure it for read permissions by adding the identity to be
impersonated to the ACL.

Should take a look, probably that or not I'll get back to you once i've
tried

Kristof

PS :> > machine.config file to "SYSTEM" instead of "MACHINE" but that didn't

you are bumping the rights of everything on the server up a notch. This is
certainly not recommended.

I've turned that back to machine since i didn't help anyway

what service are you talking about?

you are bumping the rights of everything on the server up a notch. This is
certainly not recommended.

you will first need to find out the identity that the web page is under. It
may not be what you think. Use this line of code to find out what identity
the process is running under. Once you find the correct identity, you can
either use impersonation to set the application to run under the proper
account or you can impersonate thru code. You will need to add the
appropriate rights on the directory housing the windows application. You
should configure it for read permissions by adding the identity to be
impersonated to the ACL.

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok

Did that (anonymous off and impersonation=true)
And it should be a windows application with window that should be started
up
from the webform. The only problem is that it keeps starting up with the
wrong "user owner". Task Manager=>Processes keeps showing the "ASPNET"
user
as the owner.


on
in needs
to
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();