what parameter is QuerySecurityContextToken looking for when calling from C#?

0

I'm trying to get QuerySecurityContextToken to return the parentHandle, but I'm not sure what to pass in as the phContext parameter. I have the user token via WindowsIdentity object, not a phContext I can pass in. I thoguht I could just pass in the context from WindowsIdentity.AccessToken but that doesn't seem right since AccessToken is a safehandle and I have no way to create the IntPtr that QuerySecurityContextToken is looking for.

I know that IIS already decrypts the user token and context for me via InitializeSecurityContext(), but I don't know how to reference it.

 using (var context = ((WindowsIdentity)User.Identity).AccessToken)
 {
            try
            {
                int iResultOfCreateProcessAsUser;

                var CurrentIdentity = ((WindowsIdentity)User.Identity).Token;

                IntPtr parentHandle = IntPtr.Zero;

                CloneParentProcessToken.QuerySecurityContextToken(ref context, out parentHandle);
IntPtr parentProcessHandle = Process.GetCurrentProcess().Handle;


                IntPtr childProcessHandle = CreateProcessAsUser();

                IntPtr lpTargetHandle = IntPtr.Zero;

                if (CloneParentProcessToken.DuplicateHandle(parentProcessHandle, parentHandle, childProcessHandle, out lpTargetHandle,
                    ProcessUtility.TOKEN_DUPLICATE, true, (uint)0x00000002))
                {

                    int childHandleProcessID = CloneParentProcessToken.GetProcessId(lpTargetHandle);

                    IntPtr newChildProcess = ProcessUtility.OpenProcess(ProcessUtility.ProcessAccessFlags.All, true, childHandleProcessID);
                    IntPtr newProcessAccessTokenHandle = IntPtr.Zero;
                    if (ProcessUtility.OpenProcessToken(newChildProcess, ProcessUtility.TOKEN_IMPERSONATE, out newProcessAccessTokenHandle))
                    {

                        if (CloneParentProcessToken.ImpersonateLoggedOnUser(newProcessAccessTokenHandle))
                        {

                            MyProcess myProc = (MyProcess)Process.GetProcessById(childHandleProcessID);

                            myProc.OpenWithStartInfo();

                        }
                        else
                        {
                            iResultOfCreateProcessAsUser = Marshal.GetLastWin32Error();
                            throw new Exception("ERROR ImpersonateLoggedOnUser:  Error Code -" + iResultOfCreateProcessAsUser);
                        }
                    }
                    else
                    {
                        iResultOfCreateProcessAsUser = Marshal.GetLastWin32Error();
                        throw new Exception("ERROR OpenProcessToken failed.  Error Code -" + iResultOfCreateProcessAsUser);
                    }

                }
                else
                {
                    iResultOfCreateProcessAsUser = Marshal.GetLastWin32Error();
                    throw new Exception("ERror DuplicateHandle failed.  Error Code -" + iResultOfCreateProcessAsUser);
                }





            }
            catch (Exception e)
            {
                int res = Marshal.GetLastWin32Error();
                _logger.Error("StartProcessAsCurrentUser: CreateProcessAsUser failed.  Error Code -" + res);

                throw;
            }

}
c#
winapi
iis
kerberos
sspi
asked on Stack Overflow Aug 12, 2019 by jangooni

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0