Process with Verb = “runas” does not start with the credentials defined in Arguments

Question

This

var psi = new ProcessStartInfo("cmd")
            {
                Verb = "runas",
                UseShellExecute = true,
                Arguments = "/user:domain\\username"
            };
        var ps = Process.Start(psi);

does not start the command line window with the given credentials nor asks for password. I'd like to know how to use it properly.

I was told, that one shouldn't use the StartInfo.UserName, Domain and Password method because it's not safe.

Answer 1

I wouldn't say that it is insecure to use such built in .NET functionality: Just don't save plaintext passwords in and you're good to go. Just provide all the non-critical properties to your ProcessStartInfo just as .NET wants you to, and then promt the user for the password:

var psi = new ProcessStartInfo("cmd")
{
    UseShellExecute = true,
    UserName = "username",
    Domain = "domain"
};

SecureString password = new SecureString();

Console.WriteLine("Please type in the password for 'username':");
var readLine = Console.ReadLine(); // this should be masked in some way.. ;)

if (readLine != null)
{
    foreach (var character in readLine)
    {
        password.AppendChar(character);
    }

    psi.Password = password;
}

var ps = Process.Start(psi);

However, as my comment states, you should mask the password-promt in some way. see Password masking console application for an example on how to achieve this...