Impersonation and WinSCP :: Support Forum

nyates
Joined:: 2015-02-10
Posts:: 3
Location:: Melbourne

Impersonation and WinSCP

2015-02-10 01:24

We have an application that for security reasons has to run using impersonation. We're using the WinSCP .Net Library, but when we use this, it launches a copy of WinSCP that uses the credentials of the logged in user rather than the impersonated credentials. This means that FTP operations fail because they don't have the required access rights to the folders we're using. Is there any way to get the WinSCP .Net wrapper to launch WinSCP with the impersonated credentials that our application is using?

Thanks.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,441
Location:: Prague, Czechia

Re: Impersonation and WinSCP

2015-02-12

How specifically do you run your application using impersonation?

Reply with quote

nyates
Joined:: 2015-02-10
Posts:: 3
Location:: Melbourne

Re: Impersonation and WinSCP

2015-02-13 04:30

Were using this class from Code Project, and code roughly like the example below.
https://www.codeproject.com/Articles/10090/A-small-C-Class-for-impersonating-a-User

Impersonator impersonator = new Impersonator("secureUser", "ourDomain", "secureUserPassword"); 
 
//
// Other code here runs correctly as 'secureUser'
//
 
// Then this is running WinSCP as the logged in user. We know this because
// We're getting access denied for the folder on our network that we're trying to download to.
// I can also see WinSCP in task manager under the logged in user
// If an admin user logs in then the FTP download works.
 
using (WinSCP.Session session = new WinSCP.Session())
{
    // Connect               
    session.Open(sessionOptionsForExternalFTPSite);
 
    RemoteDirectoryInfo rd = session.ListDirectory(sessionOptionsForExternalFTPSite);
    RemoteFileInfoCollection rfc = rd.Files;
 
    foreach (RemoteFileInfo rf in rfc)
    {
        if (rf.Name.Contains(fromFileNameStart))
        {
              fileList.Add(rf.Name);
        }
    }
 
    TransferOptions transferOptions = new TransferOptions();
    transferOptions.TransferMode = TransferMode.Binary;
    transferOptions.FileMask = fileMask; 
 
    transferResult = session.GetFiles(FTPDownloadDir, toFilePath, false, transferOptions);
 
    // Throw on any error
    transferResult.Check(); // Access denied error!
}
 
return fileList; //

Thanks.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,441
Location:: Prague, Czechia

Re: Impersonation and WinSCP

2015-02-16

Please, download source code of WinSCP .NET assembly (dotnet folder of WinSCP source code package).
Go to dotnet\Internal\ExeSessionProcess.cs. By the end of ExeSessionProcess constructor code, where Process instance is created, add

_process.StartInfo.UserName = ...;
_process.StartInfo.Password = ...;

Let us know if that helps.

Reply with quote

nyates
Joined:: 2015-02-10
Posts:: 3
Location:: Melbourne

Re: Impersonation and WinSCP

2015-02-17 05:48

Hi, I added this code..

_process.StartInfo.UserName = "secureUserName";
_process.StartInfo.Password = new System.Security.SecureString();
 
string passwd = "securePassword";
foreach (char c in passwd)
{
     _process.StartInfo.Password.AppendChar(c);
}
_process.StartInfo.Domain = "OurDomain";

It's trying to start WinSCP as the secure user but it looks like it's failing, because WinSCP is trying to create a log file in the logged in users application data folder.

WinSCP process terminated with exit code -1073741502 and output "", without responding (response log file C:\Users\loggedinuser\AppData\Local\Temp\8\wscp0C24.035EF4D2.tmp was not created). This could indicate lack of write permissions to the log folder or problems starting WinSCP itself.

That wouldn't work for us as we'd need to go round changing permissions on the Temp folder for every user that wanted to use the application.

Thanks.

Reply with quote