Impersonation + Process.Start
-
I have to run several secuential proceses, some of them impersonated from the main identity of the program. Using .Net 2.0, the a "ProcessStartInfo" instance, can impersonate, but the password must be a "SecureString". I have the Username and the Password on a encrypted file, but when I decrypt the tye file, password this make is readable (wich we all know is bad thing). The constructor of "SecureString", does not take a String as parameter, so I mahe this (check the sample):
System.Diagnostics.ProcessStartInfo _ps = new System.Diagnostics.ProcessStartInfo();
_ps.FileName = _command;
_ps.CreateNoWindow = false;
_ps.Arguments = _arguments;
_ps.UseShellExecute = false;//Load the SecureString (This can be worst way)
SecureString _psw = new SecureString();string _password = "123456";
foreach (char Character in _password.ToCharArray())
{
_psw.AppendChar(Character);
}_psw.MakeReadOnly();
_ps.LoadUserProfile = false;
_ps.UserName = "User";
_ps.Password = _psw;System.Diagnostics.Process _process = new System.Diagnostics.Process();
_process.Start(_ps);
_process.WaitForExit();Now There is way to solve the clear-password-in-memory problem? The user account is a restricted account, but with access to some processes wich we don't want to be publicaly accessed.
I'm on a Fuzzy State: Between 0 an 1
-
I have to run several secuential proceses, some of them impersonated from the main identity of the program. Using .Net 2.0, the a "ProcessStartInfo" instance, can impersonate, but the password must be a "SecureString". I have the Username and the Password on a encrypted file, but when I decrypt the tye file, password this make is readable (wich we all know is bad thing). The constructor of "SecureString", does not take a String as parameter, so I mahe this (check the sample):
System.Diagnostics.ProcessStartInfo _ps = new System.Diagnostics.ProcessStartInfo();
_ps.FileName = _command;
_ps.CreateNoWindow = false;
_ps.Arguments = _arguments;
_ps.UseShellExecute = false;//Load the SecureString (This can be worst way)
SecureString _psw = new SecureString();string _password = "123456";
foreach (char Character in _password.ToCharArray())
{
_psw.AppendChar(Character);
}_psw.MakeReadOnly();
_ps.LoadUserProfile = false;
_ps.UserName = "User";
_ps.Password = _psw;System.Diagnostics.Process _process = new System.Diagnostics.Process();
_process.Start(_ps);
_process.WaitForExit();Now There is way to solve the clear-password-in-memory problem? The user account is a restricted account, but with access to some processes wich we don't want to be publicaly accessed.
I'm on a Fuzzy State: Between 0 an 1
If you want to be secure, you can never store the password as a plain string. You'll need to read in the password character-by-character, decrypting each character. Once you've done this, you can clear out the contents of your character array. The reason this is more secure is that strings, once created, cannot be cleared (since they are immutable). The .NET GC can even move strings around in memory, thus leaving your password in multiple places in memory. thus, there's a good chance someone inspecting your process's memory or the page file could discover your password. If you read your password in as a character array, you can construct a SecureString from it, after which you should immediately clear your character array. This makes it extremely difficult for someone to discover your password as the window of opportunity to intercept your password is very low. Here's[^] an excellent article on the purpose and uses of SecureString. Optionally, you could read the password in as a string, then use unsafe code to clear the string in-place. I don't recommend doing this, but if you're up to it, here's an article[^] that will get you started in the right direction.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: Messianic Instrumentals (with audio) The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
-
If you want to be secure, you can never store the password as a plain string. You'll need to read in the password character-by-character, decrypting each character. Once you've done this, you can clear out the contents of your character array. The reason this is more secure is that strings, once created, cannot be cleared (since they are immutable). The .NET GC can even move strings around in memory, thus leaving your password in multiple places in memory. thus, there's a good chance someone inspecting your process's memory or the page file could discover your password. If you read your password in as a character array, you can construct a SecureString from it, after which you should immediately clear your character array. This makes it extremely difficult for someone to discover your password as the window of opportunity to intercept your password is very low. Here's[^] an excellent article on the purpose and uses of SecureString. Optionally, you could read the password in as a string, then use unsafe code to clear the string in-place. I don't recommend doing this, but if you're up to it, here's an article[^] that will get you started in the right direction.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: Messianic Instrumentals (with audio) The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
I should also mention that you could remove any heap allocations by creating a character array allocated on the stack. You can do this using unsafe code and the stackalloc C# keyword.
char* password = stackalloc char[200];
// read in your password, character-by-character, placing it into the password variable
...
//Now create a secure string from the stack allocated password char*.
SecureString securePassword = new SecureString(password, passwordLength);The above has the added benefit of the password never touching the heap, which makes it even more difficult to intercept.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: Messianic Instrumentals (with audio) The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
-
I should also mention that you could remove any heap allocations by creating a character array allocated on the stack. You can do this using unsafe code and the stackalloc C# keyword.
char* password = stackalloc char[200];
// read in your password, character-by-character, placing it into the password variable
...
//Now create a secure string from the stack allocated password char*.
SecureString securePassword = new SecureString(password, passwordLength);The above has the added benefit of the password never touching the heap, which makes it even more difficult to intercept.
Tech, life, family, faith: Give me a visit. I'm currently blogging about: Messianic Instrumentals (with audio) The apostle Paul, modernly speaking: Epistles of Paul Judah Himango
This is much better code than the one i've made... Thanks!
I'm on a Fuzzy State: Between 0 an 1