Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Impersonation and WinSCP

You can use Session.XmlLogPath to make it log to a folder you can write to.
nyates

Re: Impersonation and WinSCP

Hi, I added this code..
_process.StartInfo.UserName = "secureUserName";
_process.StartInfo.Password = new System.Security.SecureString();
 
string passwd = "securePassword";
foreach (char c in passwd)
{
     _process.StartInfo.Password.AppendChar(c);
}
_process.StartInfo.Domain = "OurDomain";

It's trying to start WinSCP as the secure user but it looks like it's failing, because WinSCP is trying to create a log file in the logged in users application data folder.
WinSCP process terminated with exit code -1073741502 and output "", without responding (response log file C:\Users\loggedinuser\AppData\Local\Temp\8\wscp0C24.035EF4D2.tmp was not created). This could indicate lack of write permissions to the log folder or problems starting WinSCP itself.

That wouldn't work for us as we'd need to go round changing permissions on the Temp folder for every user that wanted to use the application.

Thanks.
martin

Re: Impersonation and WinSCP

Please, download source code of WinSCP .NET assembly (dotnet folder of WinSCP source code package).
Go to dotnet\Internal\ExeSessionProcess.cs. By the end of ExeSessionProcess constructor code, where Process instance is created, add
_process.StartInfo.UserName = ...;
_process.StartInfo.Password = ...;

Let us know if that helps.
nyates

Re: Impersonation and WinSCP

Were using this class from Code Project, and code roughly like the example below.
https://www.codeproject.com/Articles/10090/A-small-C-Class-for-impersonating-a-User
Impersonator impersonator = new Impersonator("secureUser", "ourDomain", "secureUserPassword"); 
 
//
// Other code here runs correctly as 'secureUser'
//
 
// Then this is running WinSCP as the logged in user. We know this because
// We're getting access denied for the folder on our network that we're trying to download to.
// I can also see WinSCP in task manager under the logged in user
// If an admin user logs in then the FTP download works.
 
using (WinSCP.Session session = new WinSCP.Session())
{
    // Connect               
    session.Open(sessionOptionsForExternalFTPSite);
 
    RemoteDirectoryInfo rd = session.ListDirectory(sessionOptionsForExternalFTPSite);
    RemoteFileInfoCollection rfc = rd.Files;
 
    foreach (RemoteFileInfo rf in rfc)
    {
        if (rf.Name.Contains(fromFileNameStart))
        {
              fileList.Add(rf.Name);
        }
    }
 
    TransferOptions transferOptions = new TransferOptions();
    transferOptions.TransferMode = TransferMode.Binary;
    transferOptions.FileMask = fileMask;
 
    transferResult = session.GetFiles(FTPDownloadDir, toFilePath, false, transferOptions);
 
    // Throw on any error
    transferResult.Check(); // Access denied error!
}
 
return fileList; //

Thanks.
martin

Re: Impersonation and WinSCP

How specifically do you run your application using impersonation?
nyates

Impersonation and WinSCP

We have an application that for security reasons has to run using impersonation. We're using the WinSCP .Net Library, but when we use this, it launches a copy of WinSCP that uses the credentials of the logged in user rather than the impersonated credentials. This means that FTP operations fail because they don't have the required access rights to the folders we're using. Is there any way to get the WinSCP .Net wrapper to launch WinSCP with the impersonated credentials that our application is using?

Thanks.