There are three projects in this solution: RunAs, UseRunAsControl, and ProcessToStart. RunAs is the focus of this solution; it contains the class that wraps
CreateProcessWithLogonW. UseRunAsControl defines and makes use of a simple control implementing the
RunAs class and is meant to test and show its functionality. ProcessToStart is simply a form that shows the domain and username of the user whose syntax it is running under. This is merely there to start with the UseRunAsControl to demonstrate its functionality.
To see the solution in action, grab a second set of credentials (make some dummy ones on your local machine, perhaps). Run UseRunAsControl.exe and provide the credentials. Click on "Command..." and browse to ProcessToStart.exe. Click on "Run Command". Provided the credentials are correct, you will see a
MessageBox containing the process ID of the new process. ProcessToStart will display the username that it is running as. If the credentials that UseRunAsControl.exe is running under has enough privileges, when you close ProcessToStart, you will see another
MessageBox notifying you that the process has ended. If the user does not have privileges to the new process, you will see a
MessageBox notifying you of this, and when ProcessToStart.exe exits, you will not receive any notice.
RunAs class is simple. Add a reference to the assembly and include the namespace
VastAbyss. There is an overloaded static method named
StartProcess in the class. This simple overload provides standard functionality that starts the executable as the user and loads the profile. A word of caution with using this method is that if the command line is C:\Program Files\Some Directory\Some.exe, if a Program.exe exists in C:\, it will be started and this may be seen as a security flaw. It is due to the way that
CreateProcessWithLogonW parses and searches the command line (space-delimited). To avoid this, surround the command line in quotes. All of the overloads return a
Process. If the process failed to start, it will be null and a
Win32Exception will be thrown. Below is a sample of the simple usage:
string username = "SomeUser";
string domain = "SomeDomain";
string password = "I'll never tell!";
string commandline = "\"C:\\Program Files\\Some Directory\\Some.exe\"";
Process proc = RunAs.StartProcess(username, domain, password,
proc.EnableRaisingEvents = true;
proc.Exited += new EventHandler(processExited);
catch (Win32Exception w32e)
To avoid the security risk of using command line, use one of the other overloads of
StartProcess() to provide the executable in appname instead of command line (command line must be used to provide parameters to the executable if needed; i.e., c:\myapp.exe /q /t). These overloads provide many more options for creating the new process.
Enums are provided for supplying the values of the flags. Additional overloads can easily be added to provide full control over creating the new process. The
struct definition for
StartUpInfo is public and can be used with the last overload to provide the maximum amount of control.
I have added a default constructor to the
RunAs class. This constructor initializes the properties to the following values:
Password (empty string ""),
StartUpInfo instance with the following values set:
cb is set to the size of the new instance,
dwFlags is set to
dwYCountChars is set to 50,
lpTitle is set to
CurrentProcess.MainWindowTitle). After initialization, these values can be changed and the non-static method
StartProcess can be called.
I will leave the below code included although the focus of this project is to implement the
RunAs class and not this control. This control merely serves as an example of how the
RunAs class can be used. I removed the
RunAsControl from the RunAs project and placed it in the UseRunAsControl project.
RunAsControl can be quickly added to a Windows Form and the four events wired up. That's all there is to it. Below is an example usage:
RunAsControl m_runAsCtl = new RunAsControl();
m_runAsCtl.ProcessStarted += new ProcessStartedEventHandler(m_pStarted);
m_runAsCtl.ProcessFailed += new ProcessFailedEventHandler(m_pFailed);
m_runAsCtl.ProcessEnded += new ProcessEndedEventHandler(m_pEnded);
I referred to the MSDN documentation for the
STARTUPINFO, etc... functions,
structs, and constants. Most of the comments in the source code are either direct quotes from this documentation or adaptations of information from that documentation.
I would like to thank those who provided feedback to this project. I have incorporated the suggestions and fixed the bugs that I found. I hope that this makes the project better, but if there are still things that you think are wrong with it, I welcome more constructive criticism.