I'm trying to start a .NET application under a different user from a .NET service. The idea is to create a sandboxed hosting application in windows. In the service, I programatically created the user in windows, create a folder for that user, and download the host .exe from a server into that folder. I then I run the host .exe using System.Diagnostics.Process. Here is the StartInfo for the process:
_process = new Process
{
StartInfo =
{
Arguments = " -debug",
FileName = instanceDirectory + "host.exe",
WorkingDirectory = instanceDirectory,
UseShellExecute = false,
RedirectStandardError = true,
RedirectStandardOutput = true,
RedirectStandardInput = true,
UserName = Helpers.GetUserNameForInstance(_hostid),
Password = _hostpass,
Domain = ""
},
EnableRaisingEvents = true
};
When I run the service as a SERVICE, the process crashes instantly with an error code of -1073741502. but when I run the service as the same user specified in the windows service but interactively in the console, everything works fine. This only happens whenever running the service as a SERVICE and not directly in the console.
Any help would be MUCH appreciated. This has been a headache for a long time now and this is a last resort :(
I would try to create the process under the impersonated context of the newly created user as below.
0xc0000142
(-1073741502) is STATUS_DLL_INIT_FAILED:As the website TenaciousImpy gave pointed out, you need to give the account permissions to the window station and desktop. But if the program is interactive, you need to set the session ID of the process token as well.
It seems like using the
new Process()
with a username and password and the Service mode "doesn't compute" :)Quote from MSDN:
Furthermore, looking at the CreateProcessWithLogonW documentation:
There is no lpDesktop in the .NET StartupInfo, on the other hand the SERVICE user has no desktop, which could cause your problem.
Long story short, try to set the
LoadUserProfile
totrue
to load the user's information from the registry, or maybe you need to set the working directory, etc.To further investigate, your should check your environment and maybe log which files are accessed using FileMon.
A double hop between servers may cause the service credentials to get dropped, maybe setting up Kerberos would solve this issue.
http://neverknewthat.wordpress.com/2009/05/14/kerberos/