Starting a process with a user name and password

c# process.start processstartinfo
Yonatan Nir picture Yonatan Nir · Jul 28, 2013 · Viewed 29.8k times · Source

I know that you can run a process with a given username/password in the following way:

var processInfo = new ProcessStartInfo
{
    WorkingDirectory = workingDirectory,
    FileName = "a name",
    UserName = loggedUserName, 
    Password = "password",
    Domain = userNameDomain,
    UseShellExecute = false,
};
Process.Start(processInfo);

The problem I'm facing is that I don't want to write the actual password as a part of the code and the process won't start if I leave the Password attribute empty... How can I safely start the process without exposing the password as a hard coded string in the code?

Answer

Steve picture Steve · Jul 28, 2013

The ProcessStartInfo.Password is not a simple string that you can write down and assign to the property. What you need is a SecureString instance and a SecureString cannot be created passing a simple string to its constructor. Obviously the OS has no API or method that allows a non trusted program to retrieve the password of the current user (it would be the biggest security bug ever heard of).

So, in my thinking, you are left with only one option. Ask your user to type again the password and the resulting input should be transformed into a SecureString

This example is an extension method for the string class that I have seen here

using System.Security;

// ...

public static SecureString ConvertToSecureString(this string password)
{
    if (password == null)
        throw new ArgumentNullException("password");

    unsafe
    {
        fixed (char* passwordChars = password)
        {
            var securePassword = new SecureString(passwordChars, password.Length);
            securePassword.MakeReadOnly();
            return securePassword;
        }
    }
}

you could use it to transform the password typed by your user and start the process

using(frmGetPassword fgp = new frmGetPassword())
{
     if(DialogResult.OK == fgp.ShowDialog())
     {
         SecureString ss = fgp.Password.ConvertToSecureString();
         var processInfo = new ProcessStartInfo
         {
             WorkingDirectory = workingDirectory,
             FileName = "a name",
             UserName = loggedUserName, 
             Password = ss,
             Domain = userNameDomain,
             UseShellExecute = false,
         };
         Process.Start(processInfo);
     }
}

Related questions

Process.start: how to get the output?

I would like to run an external command line program from my Mono/.NET app. For example, I would like to run mencoder. Is it possible: To get the command line shell output, and write it on my text box? …

Read More
How do I start a process from C#?

How do I start a process, such as launching a URL when the user clicks a button?

Read More
How can I run an EXE program from a Windows Service using C#?

How can I run an EXE program from a Windows Service using C#? This is my code: System.Diagnostics.Process.Start(@"E:\PROJECT XL\INI SQLLOADER\ConsoleApplication2\ConsoleApplication2\ConsoleApplication2\bin\Debug\ConsoleApplication2.exe"); When I run this service, the application …

Read More