D
dd.squad
When creating a new process, the aspnet worker process always runs it
under the ASPNET user instead of the user that is being impersonated.
After some research, I got around this by invoking the
CreateProcessAsUser win api call. That works ok for executables, but
trying to run batch files gave me an Access is Denied return code (5).
This is apparently because creating a process from a .bat file actually
uses c:\windows\system32\cmd.exe. So I gave the impersonated user
account permission to run cmd.exe, but it still returns with
-1073741502 (0xC0000142 in hex) which has something to do with dll's
not initializing. Looks to me like cmd.exe may require access to some
system dll's that the impersonated user has no access to. If I don't
impersonate, and just let it run with the ASPNET user, it works. We
have a large number of batch files that really need to be run from
impersonated asp.net app. Does anyone have any insight into how to
make this work?
under the ASPNET user instead of the user that is being impersonated.
After some research, I got around this by invoking the
CreateProcessAsUser win api call. That works ok for executables, but
trying to run batch files gave me an Access is Denied return code (5).
This is apparently because creating a process from a .bat file actually
uses c:\windows\system32\cmd.exe. So I gave the impersonated user
account permission to run cmd.exe, but it still returns with
-1073741502 (0xC0000142 in hex) which has something to do with dll's
not initializing. Looks to me like cmd.exe may require access to some
system dll's that the impersonated user has no access to. If I don't
impersonate, and just let it run with the ASPNET user, it works. We
have a large number of batch files that really need to be run from
impersonated asp.net app. Does anyone have any insight into how to
make this work?