Impersonating in C# not working for runspace (powershell)

Question

I have a problem with impersonating a user in C#:

I impersonate with the known funtion used in thousands of examples:

using(Impersonator impClass = new Impersonator(_domain, _userName, _password)) ...

After impersonation I run

System.Security.Principal.WindowsIdentity.GetCurrent().Name

and get the correct (impersonated) user.

So impersonation is generally working.

BUT if I open a runspace (powershell) after impersonation, the old user from before impersonation is being used.

Here's some of the code I use:

using(Impersonator impClass = new Impersonator(_domain, _userName, _password))     
{ 
    Runspace runspace = RunspaceFactory.CreateRunspace();
    runspace.Open();

    logger.Debug("after imp windows: " + System.Security.Principal.WindowsIdentity.GetCurrent().Name);

    using (Pipeline pipeline = runspace.CreatePipeline())
    {
        List<Command> commandList = new List<Command>();
        Command cmd = new Command("whoami");
        commandList.Add(cmd);

        foreach (Command command in commandList)
        {
            pipeline.Commands.AddScript(command.ToString());                                                                                     pipeline.Commands.AddScript(command.ToString());
        }

        var res = pipeline.Invoke();
    }
}

Here is what the log is saying:

Windows Identity: "impersonatedUser" <- correct

WhoAmI From Powershell: "NotImpersonatedUser" <- incorrect

I really don't know what I am doing wrong. Please help, I've wasted so many hours already...

This is a part of the impersonation class I am using:

  private void ImpersonateValidUser(
            string userName,
            string domain,
            string password)
        {
            WindowsIdentity tempWindowsIdentity = null;
            IntPtr token = IntPtr.Zero;
            IntPtr tokenDuplicate = IntPtr.Zero;

            try
            {
                if (RevertToSelf())
                {
                    if (LogonUser(
                        userName,
                        domain,
                        password),
                        LOGON32_LOGON_INTERACTIVE,
                        LOGON32_PROVIDER_DEFAULT,
                        ref token) != 0)
                    {
                        if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
                        {
                            tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
                            impersonationContext = tempWindowsIdentity.Impersonate();

                        }
                        else
                        {
                            throw new Win32Exception(Marshal.GetLastWin32Error());
                        }
                    }
                    else
                    {
                        throw new Win32Exception(Marshal.GetLastWin32Error());
                    }
                }
                else
                {
                    throw new Win32Exception(Marshal.GetLastWin32Error());
                }
            }
            finally
            {
                if (token != IntPtr.Zero)
                {
                    CloseHandle(token);
                }
                if (tokenDuplicate != IntPtr.Zero)
                {
                    CloseHandle(tokenDuplicate);
                }
            }
        }

What is the `Impersonator` class? Is it your own impersonation implementation? — Mathias R. Jessen, Feb 02 '16 at 16:13
No, I used this example: http://www.codeproject.com/Articles/10090/A-small-C-Class-for-impersonating-a-User Also in the eventlogs it looks good: Special privileges assigned to new logon. — LayerAccess, Feb 02 '16 at 16:28
I also use the same impersonation function for another project (permission on filesystem) and its working great, so I think the impersonation itself is working fine. — LayerAccess, Feb 02 '16 at 17:18
I added the private function of the impersonation function to the question. — LayerAccess, Feb 02 '16 at 17:25

Impersonating in C# not working for runspace (powershell)

0 Answers0