none
impersonating user and Invoking cmd.exe using Web Application RRS feed

  • Question

  • I'm using a MVC application and I want to impersonate user and invoke cmd.exe and pass agruments to the command line. 

    I want to check under which account the command prompt is being invoked so I have used whoami command in the command line. But I would invoke a powershell and pass agruments in the command line.

    If I remove the RunAs verb and simply invoke the command prompt it is showing iis apppool\defaultapppool.
    But I want to use runas verb with username and password to invoke command prompt 

    string _commandParameter = @"whoami";
                try
                {
    
                    var process = new Process
                    {
                        StartInfo =
                                    {
                                        CreateNoWindow = true,
                                        UseShellExecute = false,
                                        RedirectStandardOutput = true,
                                        RedirectStandardInput = true,
                                        RedirectStandardError = true,
                                        Verb = "runas",
                                        FileName = @"C:\Windows\System32\cmd.exe",                                    
                                        Domain = "dir",
                                        UserName = userID,
                                        Password = GetSecureString(userpassword),
                                        Arguments = _commandParameter 
                                    }
                    };
                    process.Start();
    
                    string readToEndOutput = process.StandardOutput.ReadToEnd();
                    string readToEndError = process.StandardError.ReadToEnd();
    
                    process.WaitForExit();
    }
                catch (Exception ex)
                {
                    log.Info("error as StackTrace Exception in Input ActionResult  -" + ex.StackTrace.ToString());
                    log.Info("error as Message Exception in Input ActionResult -" + ex.Message.ToString());
                }
    public static SecureString GetSecureString(string str)
            {
                SecureString result = new SecureString();
                try
                {
                    if (string.IsNullOrWhiteSpace(str))
                        return null;
                    else
                    {
                        foreach (char c in str.ToCharArray())
                            result.AppendChar(c);
                        return result;
    
                    }
                }
                catch (Exception ex)
                {
                    log.Info("Cannot create password-" + ex.StackTrace.ToString());
    
                }
                return result;
            }

    The output 

    But I'm receiving error which I can view in windows eventviewer

    The same code if I run through a console application is working as expected. 

    • Moved by CoolDadTx Monday, January 8, 2018 3:25 PM ASP.NET related
    Monday, January 8, 2018 11:21 AM

All replies