Hidden Gem for Least Privilege Development

I was reading through a recent Keith Brown article on security in the .net Framework 2.0, and noticed this little gem:


Besides a whole boatload of new tracing and debugging features, better event log support and even a Stopwatch, there's a hidden gem lurking inside of the Process class: the ability to invoke CreateProcessWithLogonW without having to explicitly use P/Invoke. This is the "run as" feature in Windows that developers use all the time to run programs using alternate credentials when testing. Now it's easy to use programmatically from managed code:

 void RunNotepadAsThisUser(string authority, string principal, SecureString password) { Process.Start(@"c:\windows\notepad.exe", principal, password, authority).Dispose(); } 

Note the use of SecureString—that's the only trick here because where do you get one of those? One way would be to use one of the Win32 credential APIs such as CredUIPromptForCredentials to ask the user for a password, and then stuff the unmanaged string into a SecureString instance that you can pass to the Process.Start method. Then you would carefully zero out the buffer that held the password. I'm looking forward to having the credentials API wrapped in the .NET Framework. Maybe we'll get lucky and see it emerge in the next Beta.

Cool! Being able to use RunAs (or its programmatic equivalent) from managed code could definitely be helpful in simplifying the use of least privilege. Read the whole thing for more interesting info on security changes in the upcoming release of the .net Framework 2.0, including much-simplified encryption support for .config files.