External program execution impersonation mode

4

We've got an legacy CRM system (Server), that uses a mapped network drive. The problem is drive is fully opened for modification by any users.

I'm trying to use user impersonation, in c# .net console application (Client A).

  1. Client A execute an .exe program (console application), that makes impersonation (domain, another user, password).

  2. Then console application map a network folder to a drive:


    
    NETRESOURCE nr = new NETRESOURCE();
    nr.dwType = ResourceType.RESOURCETYPE_DISK;
    nr.lpLocalName = "X:";
    nr.lpRemoteName = @"\\x.x.x.x\folderx";
    nr.lpProvider = null;

    int result = WNetAddConnection2(nr, null, null, 0);
  1. Then, console application try to open a .exe program located into the mapped network drive

    
    Process ExternalProcess = new Process();
    ExternalProcess.StartInfo.FileName = @"X:\subfolder\APP\app.exe"; // Window application
    ExternalProcess.StartInfo.WindowStyle = ProcessWindowStyle.Maximized;
    ExternalProcess.Start();
    ExternalProcess.WaitForExit();

But I get Win32Exception:


    

    Unknown error (0xfffffffe)
    in System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
    in System.Diagnostics.Process.Start()
    in SecureApp.Program.Main(String[] args) en \\vmware-host\Shared Folders\Documents\Visual Studio 2010\Projects\SecureApp\SecureApp\Program.cs:lĂ­nea 142
    in System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
    in System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
    in Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
    in System.Threading.ThreadHelper.ThreadStart_Context(Object state)
    in System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
    in System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    in System.Threading.ThreadHelper.ThreadStart()

The folder sharing properties has the user used in impersonation as the only user who can read & write.

In short, I want my external program to be executed as impersonated user.

Edit

Here's what a I want really do:

  1. Windows user log in into domain
  2. User opens a program that makes impersonation, map network folder to a drive and finally call the CRM executable as impersonated user, BUT, network drive must be only available in the CRM context.

My point is: can I have a mapped network drive available only for a program executed as impersonated user, but not for the Windows user who is currently logged in?

c#
.net
impersonation
asked on Stack Overflow Apr 25, 2016 by Kingslayerpy • edited Apr 26, 2016 by Kingslayerpy

1 Answer

0

You may want to make sure that the network location is trusted:

https://social.msdn.microsoft.com/Forums/vstudio/en-US/e4a65263-24f9-45a6-a2ad-6c26aae36075/how-to-run-net-executable-on-a-network-drive?forum=clr

https://technet.microsoft.com/en-us/library/bb496428.aspx

Depending on your situation, caching the executable on the local machine might be the best option as it would be less vulnerable to network disruptions and you wouldn't have to worry about things changing out from underneath you as the program executes.

answered on Stack Overflow Apr 25, 2016 by Robert

User contributions licensed under CC BY-SA 3.0