Impersonation and WinSCP

Advertisement

nyates
Joined:
Posts:
3
Location:
Melbourne

Impersonation and WinSCP

We have an application that for security reasons has to run using impersonation. We're using the WinSCP .Net Library, but when we use this, it launches a copy of WinSCP that uses the credentials of the logged in user rather than the impersonated credentials. This means that FTP operations fail because they don't have the required access rights to the folders we're using. Is there any way to get the WinSCP .Net wrapper to launch WinSCP with the impersonated credentials that our application is using?

Thanks.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,252
Location:
Prague, Czechia

Re: Impersonation and WinSCP

How specifically do you run your application using impersonation?
_________________
Martin Prikryl

Reply with quote

nyates
Joined:
Posts:
3
Location:
Melbourne

Re: Impersonation and WinSCP

martin wrote:

How specifically do you run your application using impersonation?

Were using this class from Code Project, and code roughly like the example below.
https://www.codeproject.com/Articles/10090/A-small-C-Class-for-impersonating-a-User


Impersonator impersonator = new Impersonator("secureUser", "ourDomain", "secureUserPassword");

//
// Other code here runs correctly as 'secureUser'
//

// Then this is running WinSCP as the logged in user. We know this because
// We're getting access denied for the folder on our network that we're trying to download to.
// I can also see WinSCP in task manager under the logged in user
// If an admin user logs in then the FTP download works.

using (WinSCP.Session session = new WinSCP.Session())
{
// Connect
session.Open(sessionOptionsForExternalFTPSite);

RemoteDirectoryInfo rd = session.ListDirectory(sessionOptionsForExternalFTPSite);
RemoteFileInfoCollection rfc = rd.Files;

foreach (RemoteFileInfo rf in rfc)
{
if (rf.Name.Contains(fromFileNameStart))
{
fileList.Add(rf.Name);
}
}

TransferOptions transferOptions = new TransferOptions();
transferOptions.TransferMode = TransferMode.Binary;
transferOptions.FileMask = fileMask;

transferResult = session.GetFiles(FTPDownloadDir, toFilePath, false, transferOptions);

// Throw on any error
transferResult.Check(); // Access denied error!
}

return fileList; //

Thanks.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,252
Location:
Prague, Czechia

Re: Impersonation and WinSCP

Please, download source code of WinSCP .NET assembly (dotnet folder of WinSCP source code package).
Go to dotnet\Internal\ExeSessionProcess.cs. By the end of ExeSessionProcess constructor code, where Process instance is created, add

_process.StartInfo.UserName = ...;
_process.StartInfo.Password = ...;    

Let us know if that helps.

Reply with quote

nyates
Joined:
Posts:
3
Location:
Melbourne

Re: Impersonation and WinSCP

martin wrote:

Please, download source code of WinSCP .NET assembly (dotnet folder of WinSCP source code package).
Go to dotnet\Internal\ExeSessionProcess.cs. By the end of ExeSessionProcess constructor code, where Process instance is created, add

_process.StartInfo.UserName = ...;
_process.StartInfo.Password = ...;    

Let us know if that helps.

Hi, I added this code..

_process.StartInfo.UserName = "secureUserName";
_process.StartInfo.Password = new System.Security.SecureString();

string passwd = "securePassword";
foreach (char c in passwd)
{
_process.StartInfo.Password.AppendChar(c);
}
_process.StartInfo.Domain = "OurDomain";

It's trying to start WinSCP as the secure user but it looks like it's failing, because WinSCP is trying to create a log file in the logged in users application data folder.

WinSCP process terminated with exit code -1073741502 and output "", without responding (response log file C:\Users\loggedinuser\AppData\Local\Temp\8\wscp0C24.035EF4D2.tmp was not created). This could indicate lack of write permissions to the log folder or problems starting WinSCP itself.

That wouldn't work for us as we'd need to go round changing permissions on the Temp folder for every user that wanted to use the application.

Thanks.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,252
Location:
Prague, Czechia

Re: Impersonation and WinSCP

You can use Session.XmlLogPath to make it log to a folder you can write to.

Reply with quote

Advertisement

You can post new topics in this forum