Process start and Impersonation

Question

I have problem with starting processes in impersonated context in ASP.NET 2.0.

I am starting new Process in my web service code. IIS 5.1, .NET 2.0

[WebMe         


        

Answer 1

It looks like you're trying to have the IIS service impersonate a user with higher privileges than the service itself (in this case, an administrator). Windows blocks this as a security hole, since at that point you're basically begging someone to take over your system. There may be a way to work around this limitation, but don't do that--it's for your own good.

Instead, have IIS impersonate a user with limited permissions, who has exactly the rights that you need it to have. E.g. create a user account that owns only the folders that you want your web service to write to, or whatever other combination of rights is appropriate. If impersonating a limited user, you won't see this error code, but should still be able to call the benign executable you have here.