Using WindowsIdentity to connect to ManagementScope(WMI)

Question

I have a .net core application that is hosted on IIS. This application utilizes System.Management to connect to other machines to gather information.

I am noticing that some of my calls are getting an access denied response. The application pool is running as a user that is an admin on the remote machines. However the ManagementScope does not appear to be using the Application pool's identity.

I was wondering if there is a way to use the WindowsIdentity while connecting to the remote machine?

I am looking for something like the following.

private ManagementScope GetManagementScope(string machineName)
{
    WindowsIdentity identity = WindowsIdentity.GetCurrent();
    
    ConnectionOptions options = new ConnectionOptions
    {
        Impersonation = ImpersonationLevel.Impersonate,
        Username = identity.Name 
        // Something here to pass along the password?
    };

    ManagementPath path = new ManagementPath
    {
        Server = machineName,
        NamespacePath = "\\root\\MicrosoftIISv2"
    };

    return new ManagementScope(path, options);
}

I have tried hard coding the User name and password and that works fine but I would really like to use the Application pools identity.

score 0 · Answer 1 · answered Sep 29 '22 at 12:04

0

I think, and hope, there is no way to retrieve the password. The only way is to pass it as external parameter and possibly stored in a secure application.

Maybe you can consider to store this secret in Azure Key Vault and retrieve that setting.

answered Sep 29 '22 at 12:04

user2896152

762
1
9
32

Using WindowsIdentity to connect to ManagementScope(WMI)

1 Answers1