Creating a New Process with Different Credentials in a .NET App
I just answered a question over on the www.asp.net security forum in which the poster was attempting to use this code from CodeProject in an ASP.NET application. The code creates a RunAs class and control for launching new processes under user-defined credentials.
Several comments:
- The sample code is a pretty nice example of using the Win32 API from a .NET application. The sample is a WinForms app, and I can see that there might be some contexts in which this would be a useful control.
- The code is not going to work in an ASP.NET application under the default security configuration. The author of the CodeProject article makes no claims that it could or should, so this certainly isn't a flaw in the article.
- But the .NET framework has the features you need to do this without resorting to the Win32 API. Check out the Process class in System.Diagnostics, and there are probably other ways to do it, all of which probably involve creating a new WindowsPrincipal object to associate with the process.
The main issue that the poster raised calls for clarity about where code access security stops and OS security takes over.