Process start and Impersonation

Question

I have problem with starting processes in impersonated context in ASP.NET 2.0.

I am starting new Process in my web service code. IIS 5.1, .NET 2.0

[WebMe         


        

Answer 1

You have to put privileged code into the GAC (or run in Full trust).

The code in the GAC must assert the XXXPermission, where XXX is what ever permission you are requesting, be it impersonation, access to the harddrive or what have you.

You should revert the assert immediately afterwords.

You should make sure that the API on your DLL that you put in the GAC has no opportunities for abuse. For example, if you were writing a website for letting users backup the server via a command line application, your API should old expose a method like "BackUp()" and not "LaunchAribitraryProcess(string path)"

The web.config file must have impersonation set up as well, or you will run into NTFS permission problems as well as CAS.

Here is the complete explanation.