Topic "Impersonation and WinSCP"

Author Message
nyates
[View user's profile]

Joined: 2015-02-10
Posts: 3
Location: Melbourne
We have an application that for security reasons has to run using impersonation. We're using the WinSCP .Net Library, but when we use this, it launches a copy of WinSCP that uses the credentials of the logged in user rather than the impersonated credentials. This means that FTP operations fail because they don't have the required access rights to the folders we're using. Is there any way to get the WinSCP .Net wrapper to launch WinSCP with the impersonated credentials that our application is using?

Thanks.
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
How specifically do you run your application using impersonation?
_________________
Martin Prikryl
nyates
[View user's profile]

Joined: 2015-02-10
Posts: 3
Location: Melbourne
prikryl wrote:
How specifically do you run your application using impersonation?


Were using this class from Code Project, and code roughly like the example below.
https://www.codeproject.com/Articles/10090/A-small-C-Class-for-impersonating-a-User


Impersonator impersonator = new Impersonator("secureUser", "ourDomain", "secureUserPassword");

//
// Other code here runs correctly as 'secureUser'
//

// Then this is running WinSCP as the logged in user. We know this because
// We're getting access denied for the folder on our network that we're trying to download to.
// I can also see WinSCP in task manager under the logged in user
// If an admin user logs in then the FTP download works.

using (WinSCP.Session session = new WinSCP.Session())
{
// Connect
session.Open(sessionOptionsForExternalFTPSite);

RemoteDirectoryInfo rd = session.ListDirectory(sessionOptionsForExternalFTPSite);
RemoteFileInfoCollection rfc = rd.Files;

foreach (RemoteFileInfo rf in rfc)
{
if (rf.Name.Contains(fromFileNameStart))
{
fileList.Add(rf.Name);
}
}

TransferOptions transferOptions = new TransferOptions();
transferOptions.TransferMode = TransferMode.Binary;
transferOptions.FileMask = fileMask;

transferResult = session.GetFiles(FTPDownloadDir, toFilePath, false, transferOptions);

// Throw on any error
transferResult.Check(); // Access denied error!
}

return fileList; //

Thanks.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
Please, download source code of WinSCP .NET assembly (dotnet folder of WinSCP source code package).
Go to dotnet\Internal\ExeSessionProcess.cs. By the end of ExeSessionProcess constructor code, where Process instance is created, add

Code:
_process.StartInfo.UserName = ...;
_process.StartInfo.Password = ...;


Let us know if that helps.
nyates
[View user's profile]

Joined: 2015-02-10
Posts: 3
Location: Melbourne
prikryl wrote:
Please, download source code of WinSCP .NET assembly (dotnet folder of WinSCP source code package).
Go to dotnet\Internal\ExeSessionProcess.cs. By the end of ExeSessionProcess constructor code, where Process instance is created, add

Code:
_process.StartInfo.UserName = ...;
_process.StartInfo.Password = ...;


Let us know if that helps.


Hi, I added this code..

_process.StartInfo.UserName = "secureUserName";
_process.StartInfo.Password = new System.Security.SecureString();

string passwd = "securePassword";
foreach (char c in passwd)
{
_process.StartInfo.Password.AppendChar(c);
}
_process.StartInfo.Domain = "OurDomain";

It's trying to start WinSCP as the secure user but it looks like it's failing, because WinSCP is trying to create a log file in the logged in users application data folder.

WinSCP process terminated with exit code -1073741502 and output "", without responding (response log file C:\Users\loggedinuser\AppData\Local\Temp\8\wscp0C24.035EF4D2.tmp was not created). This could indicate lack of write permissions to the log folder or problems starting WinSCP itself.

That wouldn't work for us as we'd need to go round changing permissions on the Temp folder for every user that wanted to use the application.

Thanks.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
You can use Session.XmlLogPath to make it log to a folder you can write to.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License