I am using SSPI to perform single sign-on which works.
After successful single sign-on I get the user token as following:
HANDLE tempHandle;
if (!QuerySecurityContextToken(&tnS->hctxt, &tempHandle))
{
MyDbg("SSO: Could not obtain token for user");
}
if (!DuplicateTokenEx(tempHanle, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenPrimary, &tnS->htok))
{
MyDbg("SSO: Could not duplicate token");
}
But later on when I use this token (tempHandle) in call to createProcessAsUser, the process creation failed with following error message:
Process has terminated prematurely: ExitCode = 0xC0000142 [{DLL Initialization Failed} Initialization of the dynamic link library %hs failed. The process is terminating abnormally.]
It seems that the token is lacking permissions. I have read that the QuerySecurityContextToken returns an impersonate token which lacks permissions while LogonUser returns a primary token. I cannot use LogonUser as I do not have the user password.
How do I get a Primary Token for user when using SSPI?
I can call createProcessAsUser using system account but it is not desired.
User contributions licensed under CC BY-SA 3.0