Run a Program on a Window Service with Logindata c# WinServices

Question

Im writing a App and a service that acts as a Client<->Server system. The Client is Submitting data to the Server and the server is invoking a 3th party App. that works fine until the 3th party App needs to access our Network drives. As long as the 3th party lib inherits the Login data from the Caller ( LocalService ) and the LocalService is not part of the Domain, the app is not able to access our network drive. So is tried to get the Users Domain data in the client ( that was not a problem ) and Impersonate the Process with ProcessInfo on the server but this faild. After a short google search i saw that it is not possible to user the ProcessInfo.Username and ProcessInfo.Password in windows Services so i used the advapi32 function CreateProcessWithLogonW :

public void Exec(string strProcessFilename, string strCommand, DomainUser user)
{
    string @path = Path.GetDirectoryName(strProcessFilename);
    // Declare variables
    PROCESS_INFORMATION pi;

    var si = new STARTUPINFO { wShowWindow = 0 };
    // Initialize structs
    si.cb = Marshal.SizeOf(si);

    // login and start process
    if (CreateProcessWithLogonW(user.UserName, user.Domain, user.Password, 2, strProcessFilename, string.Format("{0} {1}", 0, strCommand), 1536, IntPtr.Zero, @path, ref si, out pi))
    {
        WaitForSingleObject(pi.hProcess, INFINITE);
        //var process = Process.GetProcessById(pi.dwProcessId);
        //process.WaitForExit();
    }
    else
    {
        throw new Exception("Failed login error: " + Marshal.GetLastWin32Error());
    }
}

this is working fine but when i take a look into the Servers TaskManager, is see that the new process of the 3th Party app is still running with the 'User Name' = 'LOCAL SERVICE'. Is the process now "impersonated" with the given Login data or not?

Answer 1

I found a Solution for that.

I set the dwLogonFlags to 2 that meens LOGON_NETCREDENTIALS_ONLY if you do so, you only act like this user but if you when you call Environment.UserName or else you will get the Caller. now i switched to LOGON_WITH_PROFILE so the system is downloading the hole user from the Domain ... this takes a bit time at the first use but the process is now fully Impersonated.