I have a web service which needs to execute a command on the server it's sitting on. Specifically, I'm running the "net start [certain service]" command. The problem lies in the permissions... the web service is running as NETWORK SERVICE, which doesn't have the appropriate permissions to execute this command. Is there a way (possibly using Windows.Security) such that I can execute this as a higher privileged user.
** The command executes fine when ran locally, but this needs to be executed through the service (the point of the service...)
When attempting to impersonate a user, (using MSDN example, http://msdn.microsoft.com/en-us/library/chf6fbt4.aspx):
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
static public string Impersonate(string userName, string domainName, string password)
{
IntPtr tokenHandle = new IntPtr(0);
IntPtr dupeTokenHandle = new IntPtr(0); string output = "";
try { const int LOGON32_PROVIDER_DEFAULT = 0; const int LOGON32_LOGON_INTERACTIVE = 2; output += "Set Token to ptrzero"; tokenHandle = IntPtr.Zero;output += "getting return value"; //Call LogonUser to obtain a handle to an access token bool returnValue = LogonUser(userName, domainName, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref tokenHandle); output += "LogonUser called"; if (!returnValue) { int ret = Marshal.GetLastWin32Error(); output += "\n LogonUser failed with error code: " + ret.ToString(); } else output += "\nLogonUser succeeded!"; //check the identity: output += "\n current: " + WindowsIdentity.GetCurrent().Name; WindowsIdentity newId = new WindowsIdentity(tokenHandle); WindowsImpersonationContext impersonatedUser = newId.Impersonate(); //Check: output += "\n after: " + WindowsIdentity.GetCurrent().Name; } catch (Exception ex) { output += ex.ToString(); } return output;
}
I call the function to perform a shell execution, (Prior to execution I check if the current user is correct; which says the "current user" is my administrative-privileged account), but it still won't execute the same commands.
Environment.UserName
- it should match whatWindowsIdentity.GetCurrent().Name
returns. – Tim Robinson