Joined: 29 Mar 2008
|Posted: Sat Mar 29, 2008 2:24 pm Post subject: How to spawn a process (running with specified credentials)
I'm developing a windows service which needs the ability to spawn a process, running under a given user (specified at runtime) and need to redirect it's stdout, stdin, stderr file descriptors to a file on a network share.
After investigating a lot on the subject, i have concluded i will need to PInvoke CreateProcessWithLogonW or CreateProcessAS from my code.
This is needed because, although i'm currently impersonating the user before trying to use .NET's ProcessStartInfo() and Process() and specifying the relevant username, domain and password for the selected user, the process is already running in a different security context (associated to the user which runs the windows service).
From what i've read, this means i will only be able to Impersonate the user if i PInvoke LogonUser() (which i'm currently doing) on the current thread. This will cause any spawned process to run on the same security context as the user running the windows service so the execution will fail.
I do know i need to PInvoke either CreateProcessWithLogonW or CreateProcessAS so i can successfully spawn a process on the correct security context (and i found a working example here -> http://www.dotnet247.com/247reference/msgs/21/107676.aspx) but i have NO IDEA how to redirect the stdout, stdin and stderr file descriptors.
I also found that i will need to use a piping mechanism to associate the managed FileStream i create to the unmanaged file descriptors i need to get. (It seems i will need to PInvoke CreatePipe for that -> http://www.eggheadcafe.com/software/aspnet/31702097/redirecting-sdtin-stdout.aspx).
Although i, apparently, have all the necessary information need to solve my problem on the above links, i have NO idea how to put it all together since my "Managed / Unmanaged integration skills via PInvoke" are quite limited Surprise)
Could somebody help me put up an example based on this information? I would be ever so grateful!
Thanks in advance,