4

We've got an legacy CRM system (Server), that uses a mapped network drive. The problem is drive is fully opened for modification by any users.

I'm trying to use user impersonation, in c# .net console application (Client A).

  1. Client A execute an .exe program (console application), that makes impersonation (domain, another user, password).

  2. Then console application map a network folder to a drive:


    
    NETRESOURCE nr = new NETRESOURCE();
    nr.dwType = ResourceType.RESOURCETYPE_DISK;
    nr.lpLocalName = "X:";
    nr.lpRemoteName = @"\\x.x.x.x\folderx";
    nr.lpProvider = null;

    int result = WNetAddConnection2(nr, null, null, 0);
  1. Then, console application try to open a .exe program located into the mapped network drive

    
    Process ExternalProcess = new Process();
    ExternalProcess.StartInfo.FileName = @"X:\subfolder\APP\app.exe"; // Window application
    ExternalProcess.StartInfo.WindowStyle = ProcessWindowStyle.Maximized;
    ExternalProcess.Start();
    ExternalProcess.WaitForExit();

But I get Win32Exception:


    

    Unknown error (0xfffffffe)
    in System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
    in System.Diagnostics.Process.Start()
    in SecureApp.Program.Main(String[] args) en \\vmware-host\Shared Folders\Documents\Visual Studio 2010\Projects\SecureApp\SecureApp\Program.cs:línea 142
    in System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
    in System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
    in Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
    in System.Threading.ThreadHelper.ThreadStart_Context(Object state)
    in System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
    in System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    in System.Threading.ThreadHelper.ThreadStart()

The folder sharing properties has the user used in impersonation as the only user who can read & write.

In short, I want my external program to be executed as impersonated user.

Edit

Here's what a I want really do:

  1. Windows user log in into domain
  2. User opens a program that makes impersonation, map network folder to a drive and finally call the CRM executable as impersonated user, BUT, network drive must be only available in the CRM context.

My point is: can I have a mapped network drive available only for a program executed as impersonated user, but not for the Windows user who is currently logged in?

Kingxlayer
  • 119
  • 5
  • Have you verified that the account in question has read & execute permissions on the target folder and not just read permission? Also, which version of the .Net framework are you using? – Robert Apr 25 '16 at 15:41
  • Yes, Robert. The account has full read & write permission. Framework version is 4. – Kingxlayer Apr 25 '16 at 15:47
  • Does the program work if the executable is stored locally? Also, what happens when you try this: ExternalProcess.StartInfo.FileName = @"\\x.x.x.x\folderx\subfolder\APP\app.exe" – Robert Apr 25 '16 at 16:20
  • Yes, it works if the executable is stored locally. – Kingxlayer Apr 25 '16 at 16:44
  • I also try your suggestion, but same exception is thrown. – Kingxlayer Apr 25 '16 at 16:45

1 Answers1

0

You may want to make sure that the network location is trusted:

https://social.msdn.microsoft.com/Forums/vstudio/en-US/e4a65263-24f9-45a6-a2ad-6c26aae36075/how-to-run-net-executable-on-a-network-drive?forum=clr

https://technet.microsoft.com/en-us/library/bb496428.aspx

Depending on your situation, caching the executable on the local machine might be the best option as it would be less vulnerable to network disruptions and you wouldn't have to worry about things changing out from underneath you as the program executes.

Robert
  • 371
  • 1
  • 7