impersonation

I have a class library that keeps system-wide configuration data in the registry (HKLM\Software\XXX). This library is used in various applications (services, windows forms, web apps, console apps) on various versions of Windows (XP, 2003, 7, 2008 R2). Because of this, the identity of the app is not consistent and may not even be a member of the machine's Administrators group. So I've created an AD domain admin user and do impersonation to gain write access to the registry. This works perfectly in XP/2003, but not in UAC-enabled systems (7/2008R2). It is my understanding that only interactive

I'm trying to enable passthrough or impersonation authentication inside an ASP.NET website that uses the TFS2010 API. I've got this working correctly with Cassini, however with IIS 7.5 (Windows 7) something is going wrong. I found this blog post on the subject, and tried the following: private static void Test() { TfsTeamProjectCollection baseUserTpcConnection = new TfsTeamProjectCollection(new Uri(Settings.TfsServer)); // Fails as 'baseUserTpcConnection' isn't authenticated IIdentityManagementService ims = baseUserTpcConnection.GetService<IIdentityManagementService>(); // Read out the

Trying to start process with another access token, without success, it runs as the non-impersonated user. using (WindowsIdentity identity = new WindowsIdentity(token)) using (identity.Impersonate()) { Process.Start("blabla.txt"); } How to make this work properly? You need to set the ProcessStartInfo.UserName and Password properties. With UseShellExecute set to false. If you only have a token then pinvoke CreateProcessAsUser(). Try this example from http://msdn.microsoft.com/en-us/library/w070t6ka.aspx private static void ImpersonateIdentity(IntPtr logonToken) { // Retrieve the Windows identity

I have a C# console application that needs to read a shared file on a machine in another domain. When the application tries to access the file an exception occurs as the local user does not have permission to access the shared resource. Currently I overcome this problem manually by open the shared folder from the run and put the username and password into the windows authentication dialog then run the application. How can I do it programmatically? a) p/invoke LogonUser with LOGON32_LOGON_NEW_CREDENTIALS and create a new WindowsIdentity with the new token, then use normal file access. b) p

I am trying to impersonate a domain user in a windows service with the service logged in as the Local System Account. So far, I am only able to get this to work by logging the service and set the process using the user credentials, like the following. ProcessStartInfo startInfo = new ProcessStartInfo(); startInfo.FileName = CommandDetails.Command; startInfo.WorkingDirectory = Settings.RoboCopyWorkingDirectory; startInfo.Arguments = commandLine; startInfo.UseShellExecute = false; startInfo.CreateNoWindow = true; startInfo.RedirectStandardError = true; startInfo.RedirectStandardOutput = true; //

Here's my Windows/.NET security stack: A Windows Service running as LocalSystem on a Windows Server 2003 box. A .NET 3.5 Website running on the same box, under "default" production server IIS settings (so probably as NETWORKSERVICE user?) On my default VS2008 DEV environment I have this one method, which gets called from the ASP.NET app, which works fine: private static void StopStartReminderService() { ServiceController svcController = new ServiceController("eTimeSheetReminderService"); if (svcController != null) { try { svcController.Stop(); svcController.WaitForStatus