none
Creating a new process under alternate credentials

    Question

  • We have a .NET 2.0 Window Service written in C# that periodically writes EDI transactions to a text file. We have another completely separate application that reads this text file and imports the transactions into a third-party accounting package. In certain cases (when a particular option is set) the Window Service needs to automatically import these transactions into the accounting package by automatically launching the separate application. The import application works both from UI or command-line prompts that automate (without user intervention) the process.

    We use the system.diagnostic.process class to launch the import utility from the Window Service. It does successfully launch the separate application asynchronously but a DCOM error "The server {49073E6E-C47A-41DD-BF5A-01184439577C} did not register with DCOM within the required timeout". The problem I believe is that our import utility requires that the accounting package be open as the utility connects (via DCOM components) to the accounting package. Since the Window Service is running under LOCAL SYSTEM and the accounting package is open under the currently active user I believe the DCOM component fails to connect.

    We need a way to launch the import utility (from the Window service) so that its under the same user context as the open accounting package. I tried a couple of different ways to do this but none of them worked.

    1) I changed the Web Service project to the user account. I found 2 ways to do this. By changing the Window Service project, or by just changing it in the Admin tools - Services utility. When I changed it to the current user, I no longer could check the "Allow Service to interact with desktop" checkbox. Because of this I think the connection components (in the import utility) can't find the currently open instance of the accounting package.

    2) I tried modifying our System.Diagnostic.Process.StartInfo code by adding the User, PW and Domain in code. This always results in an "ACCESS DENIED" error.

    THe second error led me to a link where someone needed similar functionality (Launch an application from a Window Service to a specific user context) and they went

    much farther than time allows me to.

    http://www.astahost.com/info.php/creating-new-process-under-alternate-credentials-createprocessasuser_t12663.html

    This link has a link to an old VC6.0 project that will do the functionality required. I'd have to launch this process passing it the code to launch our import utility. This application however is a less than ideal solution as its all ugly API code in an old VC++ 6.0 project. It does however successfully launch and import the transactions into the accounting package.

    Is there a better more effecient way to do what were trying to do? I've read this all started with XP SP2. Please let me know if there is a better way to accomplish this.

    Also, is there any way to simply open the third-party accounting package under NT AUTHORITY\SYSTEM. Then everything would probably work without any code changes.

    Thanks

    Friday, March 02, 2007 7:01 PM