We want to run a process under the context of a service account. Can a method within a WPF application be executed (using Process.Start) impersonated with a service user account (domain) without a windows service?
If possible, how can this be achieved?
OP:
Can a method within a WPF application be executed (using Process.Start) impersonated with a service user account (domain) without a windows service?
You can impersonate a user regardless of what type the calling process is. i.e. WPF, Windows Service, Console App. It does not matter. However on Windows Vista and later the process must be running as an administrator.
Example courtesy of MSDN
string userName, domainName;
// Get the user token for the specified user, domain, and password using the
// unmanaged LogonUser method.
// The local machine name can be used for the domain name to impersonate a user on this machine.
Console.Write("Enter the name of the domain on which to log on: ");
domainName = Console.ReadLine();
Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName);
userName = Console.ReadLine();
Console.Write("Enter the password for {0}: ", userName);
...
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(userName, domainName, Console.ReadLine(),
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeTokenHandle);
...
using (safeTokenHandle)
{
...
using (WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()))
{
using (WindowsImpersonationContext impersonatedUser = newId.Impersonate())
{
// Check the identity.
Console.WriteLine("After impersonation: "
+ WindowsIdentity.GetCurrent().Name);
}
}
}
For more information and the complete example, I recommend viewing the link above as I didn't wish to quote the entire sample.