I'm trying to get QuerySecurityContextToken to return the parentHandle, but I'm not sure what to pass in as the phContext parameter. I have the user token via WindowsIdentity object, not a phContext I can pass in. I thoguht I could just pass in the context from WindowsIdentity.AccessToken but that doesn't seem right since AccessToken is a safehandle and I have no way to create the IntPtr that QuerySecurityContextToken is looking for.
I know that IIS already decrypts the user token and context for me via InitializeSecurityContext(), but I don't know how to reference it.
using (var context = ((WindowsIdentity)User.Identity).AccessToken)
{
try
{
int iResultOfCreateProcessAsUser;
var CurrentIdentity = ((WindowsIdentity)User.Identity).Token;
IntPtr parentHandle = IntPtr.Zero;
CloneParentProcessToken.QuerySecurityContextToken(ref context, out parentHandle);
IntPtr parentProcessHandle = Process.GetCurrentProcess().Handle;
IntPtr childProcessHandle = CreateProcessAsUser();
IntPtr lpTargetHandle = IntPtr.Zero;
if (CloneParentProcessToken.DuplicateHandle(parentProcessHandle, parentHandle, childProcessHandle, out lpTargetHandle,
ProcessUtility.TOKEN_DUPLICATE, true, (uint)0x00000002))
{
int childHandleProcessID = CloneParentProcessToken.GetProcessId(lpTargetHandle);
IntPtr newChildProcess = ProcessUtility.OpenProcess(ProcessUtility.ProcessAccessFlags.All, true, childHandleProcessID);
IntPtr newProcessAccessTokenHandle = IntPtr.Zero;
if (ProcessUtility.OpenProcessToken(newChildProcess, ProcessUtility.TOKEN_IMPERSONATE, out newProcessAccessTokenHandle))
{
if (CloneParentProcessToken.ImpersonateLoggedOnUser(newProcessAccessTokenHandle))
{
MyProcess myProc = (MyProcess)Process.GetProcessById(childHandleProcessID);
myProc.OpenWithStartInfo();
}
else
{
iResultOfCreateProcessAsUser = Marshal.GetLastWin32Error();
throw new Exception("ERROR ImpersonateLoggedOnUser: Error Code -" + iResultOfCreateProcessAsUser);
}
}
else
{
iResultOfCreateProcessAsUser = Marshal.GetLastWin32Error();
throw new Exception("ERROR OpenProcessToken failed. Error Code -" + iResultOfCreateProcessAsUser);
}
}
else
{
iResultOfCreateProcessAsUser = Marshal.GetLastWin32Error();
throw new Exception("ERror DuplicateHandle failed. Error Code -" + iResultOfCreateProcessAsUser);
}
}
catch (Exception e)
{
int res = Marshal.GetLastWin32Error();
_logger.Error("StartProcessAsCurrentUser: CreateProcessAsUser failed. Error Code -" + res);
throw;
}
}
User contributions licensed under CC BY-SA 3.0