.net – Impersonation when running a remote triggered job


My (.NET) app allows users to tweak database values. They will then need to generate reports based on their edits, either Crystal or Reporting Services, but that's not important – what is important is that the generation won't definitely be able occur on their local box, e.g. they might not have Crystal Reports (or whatever) installed on their machine.

So I've set up a Message Queue on a network machine (which can generate the reports) and my app will post a message to that queue sending along an object with all the required information. So far, so good.

I've configured the target queue with a rule and a trigger so any new message will automagically provoke a console app on that remote machine to attempt to deal with the message.

The problem is that although everything works fine, the triggered console app runs as the local machine account. The app needs to interact with the database (which uses integrated authentication).

The console app works perfectly when I run it as an actual user, but not when triggered by Message Queuing.

The question is, can I configure the rule, trigger or console app to run as a specific user? I've tried all the config options that I can seem to see, but to no avail.

Perhaps I can impersonate a user within the app's code itself (in app.config)? It's feasible in ASP.NET code, but not in WinForms code by the look of it.

Edit: The impersonation suggestion works well … right up until the point when I get an error "Access is Denied" from the Process.Start() function, calling startwithcreateprocess().

The user I'm impersonating has permission to run the process on the local box (so it can run natively with no problems).

Best Solution

    Process p = new Process();

    p.StartInfo.UseShellExecute = false;

    SecureString password = new SecureString();
    string pwd = "mysecret123";
    foreach (char c in pwd)

    p.StartInfo.Domain = "DomainHere";
    p.StartInfo.UserName = "Natthawut";
    p.StartInfo.Password = password;

    p.StartInfo.FileName = "cmd";
    p.StartInfo.Arguments = "/c dir";

Refer to .NET Security Blog - http://blogs.msdn.com/shawnfa/archive/2004/06/02/146915.aspx

BTW, I think this is nothing to do with MSMQ :)

EDIT: Maybe I am missing something. Not sure about how MSMQ provokes the new process or it is just your application that is use to start console app.

Related Question