According to msdn :
ASP.NET Web page and server control code executes in the context of
the ASP.NET worker process on the Web server. If you use the Start
method in an ASP.NET Web page or server control, the new process
executes on the Web server with restricted permissions. The
process does not start in the same context as the client browser, and
does not have access to the user desktop.
Which account precisely is the "restricted permissions" ?
Example :
- I'm logged to win7 as
RoyiN
- windows authentication is enabled
- Impersonation is enabled as
BobK
at web.config ( all over the site) - The
W3WP
user isUserA
(not network nor ApplicationPoolIdentity).
In C# I do Process.start("....cmd.exe...")
( with Startinfo
credentials as : "Martin
","Password
","Domain
")
-
Who is the efficient
account
which finally runscmd.exe
? -
To whom "restricted permissions" is actually regarding ?
Best Answer
Impersonation won't come into play here, since under the hood,
Process.Start
is relying on one of two native Win32 calls:If ProcessStartInfo.UserName is provided:
CreateProcessWithLogonW
And if not:
CreateProcess
The
null
s passed into CreateProcess are what's probably biting you; from MSDN:Note it says from process token, not calling thread - the impersonated identity doesn't get a chance to join the party since it's bound to the thread.