Starting a process in C# with username & password throws "Access is Denied" exception

c# .net process permissions

16,256

Solution 1

You can use ProcessStartInfo which allows you to specify credentials. The trick is that the password is a secure string, so you have to pass it as a byte array.

The code might look something like:

Dim startInfo As New ProcessStartInfo(programName)
        With startInfo
            .Domain = "test.local"
            .WorkingDirectory = My.Application.Info.DirectoryPath
            .UserName = "testuser"
            Dim pwd As New Security.SecureString
            For Each c As Char In "password"
                pwd.AppendChar(c)
            Next
            .Password = pwd

            'If you provide a value for the Password property, the UseShellExecute property must be false, or an InvalidOperationException will be thrown when the Process..::.Start(ProcessStartInfo) method is called. 
            .UseShellExecute = False

            .WindowStyle = ProcessWindowStyle.Hidden
        End With

Solution 2

Not sure if this is it, but I had a related problem and the answer was that the account didn't have permission to impersonate on the machine. This can be changed by adding the account to the Policy "Impersonate a client after authentication" using the local policy manager on the machine.

16,256

Author by

Admin

Updated on June 20, 2022

Comments

Admin almost 2 years
Inside a .NET 3.5 web app running impersonation I am trying to execute a process via:
```
var process = new Process 
             { StartInfo = 
                    { CreateNoWindow = true, 
                      FileName = "someFileName", 
                      Domain = "someDomain", 
                      Username = "someUserName", 
                      Password = securePassword, 
                      UseShellExecute = false
                    }
             };

process.Start();
```
-Changing the trust mode to full in web.config did not fix.

-Note the var securePassword is a secureString set up earlier in the code.

This throws an exception with 'Access is Denied' as its message. If I remove the username and password information, the exception goes away, but the process starts as aspnet_wp instead of the user I need it to.

I've seen this issue in multiple forums and never seen a solution provided. Any ideas?
Teju MB over 10 years

Suppose the process is an exe of VB6 application.Do i need to amend Vb6 application too on the project load? or To create some GLOBAL parameter in VB6 to catch the UserName or Password sent from this program and to check if these parameter exists then to perform the VB6 application's login screen's login button click.
Teju MB over 10 years

How to add the account to the policy "Impersonate a client after authentication"?
Brian ONeil over 10 years

In Admin tools you will find "Local Security Policy" run that and select "User Rights Assignment". Find the "Impersonate a client after Authentication" in the list and double click it. Then you just need to add the user or a group the user belongs to. You can read more here technet.microsoft.com/en-us/library/dn221967.aspx about what it means to assign this.
Mike L over 10 years

@TejuMB In the original question and in my answer, ProcessStartInfo is only being used to shell out a process as a different Windows user (presumably because the permissions are different). There is an Arguments property on ProcessStartInfo [link]msdn.microsoft.com/en-us/library/… so that you could also send parameters for which you could modify your VB6 app to receive, but that's outside of what this question is about.