How can I launch an Internet Explorer process as another user, a la /netonly?
Question
I'm trying to launch Internet Explorer as another user from our WPF app, so that when our users visit the (internal) website, they silently authenticate via Integrated Windows Authentication.
We do not want to launch iexplore.exe as the other user because of weird deployment/environment issues that occur when you launch a process for the first time on a computer and it attempts to set up IE7/8 for the first time. Though, if you have a solution for how to mute every IE installer on every machine, I'd love to hear it.
Back to my intended question. I'm able to get the exact IE impersonating behavior I want* from the command prompt using runas (thanks to https://serverfault.com/questions/70376/runas-domain-account-still-asks-for-password ):
c:\> runas /noprofile /netonly /user:MyDomain\MyUser iexplore.exe
*note: I can't use runas for our WPF app for many reasons, but the end result is what I want.
Anyway, I'd like the C# equivalent code that does a runas /noprofile /netonly iexplore.exe .
I am halfway there with P/Invoke on CreateProcessWithLogonW . This is what I have:
uint LOGON_NETCREDENTIALS_ONLY = 2;
var lpStartupInfo = new CreateProcessWithLogonW_PInvoke.STARTUPINFO();
CreateProcessWithLogonW_PInvoke.PROCESS_INFORMATION processInformation;
CreateProcessWithLogonW_PInvoke.CreateProcessWithLogonW(
userName,
domain,
pw,
LOGON_NETCREDENTIALS_ONLY,
null,
commandLine,
0,
null,
null,
ref lpStartupInfo,
out processInformation);
This successfully launches Internet Explorer, but does not seem to impersonate the user at all. I am able to impersonate the user via the runas command, so I'm 98% sure the failure to authenticate isn't an IE/zone/password/IIS setting, it's just something I'm not doing right in my call to CreateProcessWithLogonW() .
One thing I've noticed is that the runas /netonly command only works if I add the /noprofile switch, which is something that is stumping me. I have no idea how to set the equivalent of this switch via P/Invoke in C#.
Help is appreciated with either solution (solving the "IE runs a wizard when I launch it the first time", or finding the weirdo P/Invoke setting I'm missing).
2 answers
solution1
4 ACCPTED 2012-08-22 21:06:23
Okay, I was very very close. The magic fix is adding -noframemerging to the iexplore.exe call, which...honestly I'm not sure what it does, it uses the phrase "process frame" which is awesome and perhaps means something to you.
In any case, this appears to be resolved.
var arguments = "-noframemerging " + url;
var pathToIExploreExe = GetFullPathToIExploreExe();
var commandLine = string.Format("\"{0}\" {1}", pathToIExploreExe, arguments);
uint LOGON_NETCREDENTIALS_ONLY = 2;
var lpStartupInfo = new CreateProcessWithLogonW_PInvoke.STARTUPINFO();
CreateProcessWithLogonW_PInvoke.PROCESS_INFORMATION processInformation;
CreateProcessWithLogonW_PInvoke.CreateProcessWithLogonW(
userName,
domain,
pw,
LOGON_NETCREDENTIALS_ONLY,
null,
commandLine,
0,
null,
null,
ref lpStartupInfo,
out processInformation);
solution2
0 2012-08-22 00:48:03
CreateProcessWithLogonW requires that the specified user account must be allowed to log on interactively. Could it be a problem? Try CreateProcessAsUser function if that works.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.