All geek questions in one place

PSCredentials from current user

I have been a member of SO for a year, and this is my first question!

I am currently developing a WinForms application in C # that invokes PowerShell scripts. It is not intended to be a comprehensive handler for all PowerShell features, but just performs a small selection of scripts with only simple, pre-agreed parameters.

Some scenarios require elevated permissions to succeed. No problem - it seems like at least 2 ways:

1. Impersonation. The application authorizes and calls credentials for these credentials. I used to run into a problem because an outstanding / elevated user may not have permission to invoke powershell commands on the user's local computer - since the local computer may not have the corresponding ExecutionPolicy, and therefore the elevated user will have to access the registry to change this. I have no way to change permissions. Which leads me to:

2. Credentials as a variable. Just. Scripts have such a variable as:

[PSCredential]$credential

which the application can provide by asking the user for the username and password for this account.

My question is this: is there a way to get the PSCredential object from the current user who is logging in as a default for my application?
I have not seen anything to suggest that this can be done, so if someone could fill me with a question why this is so, I would be glad to hear that. It would be possible to make the application work as an administrator if that helps.

Thank you for your time.

+6
source share
2 answers

There is really no way to get the credentials for the current user without asking the user to enter them. First, it’s pretty simple to get a plain text password from the SecureString password property of the PSCredential instance.

+1
source

I am sure that you can achieve this with the System.Security.Principal class. It has a static method called getCurrent (). This method returns the WindowsIdentity object of the current user. Try to find it. If I find an article, I will edit this answer

EDIT

I found an example, it is pretty straight forward (there is also a code tab with a complete example - https://code.msdn.microsoft.com/windowsdesktop/Add-Window-Authentication-833ba913#content

EDIT v.2

  private WindowsIdentity GetloggedinUser() { System.Security.Principal.WindowsIdentity currentUser =System.Security.Principal.WindowsIdentity.GetCurrent(); return currentUser; }

After using this method, you have already received an instance of the currently logged in user (such as WindowsIdentity). In the link below you can see the properties of the WindowsIdentity class http://msdn.microsoft.com/en-US/library/system.security.principal.windowsidentity.aspx

I am not familiar with powershell, but I use this class in my company for some of our private domain applications, and it works well.

-2
source

Source: https://habr.com/ru/post/979519/

More articles:


All Articles