Hi

In my webservice, for certain requests, I need to start another
process on the server side.
To start My process, I need to have administrative rights, so i'm
using the impersonation mechanism using a predefined fixed user
account on server machine.
All works fine, no problem, but after the process starts, I need to
"revert" to ASPNET or NETWORK SERVICES user account priviledges. This
part is what I'm missing.

To impersonate, i'm using this code:

public static bool impersonateValidUser(String userName, String
domain, String password) {
    WindowsIdentity tempWindowsIdentity;
    IntPtr token = IntPtr.Zero;
    IntPtr tokenDuplicate = IntPtr.Zero;

    if(WinAPI.RevertToSelf()) {
        if(WinAPI.LogonUserA(userName, domain, password,
WinAPI.LOGON32_LOGON_INTERACTIVE,
            WinAPI.LOGON32_PROVIDER_DEFAULT, ref token) != 0) {
            if(WinAPI.DuplicateToken(token, 2, ref tokenDuplicate) != 0) {
                tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
                impersonationContext = tempWindowsIdentity.Impersonate();
                if (impersonationContext != null) {
                    WinAPI.CloseHandle(token);
                    WinAPI.CloseHandle(tokenDuplicate);
                    return true;
                }
            }
        }
    }
    if(token!= IntPtr.Zero)
        WinAPI.CloseHandle(token);
    if(tokenDuplicate!=IntPtr.Zero)
        WinAPI.CloseHandle(tokenDuplicate);
    return false;
}

I tried using the above method like this:

//save current user account:
string name = Environment.UserName;
string domain = Environment.UserDomainName;

bool b = impersonateValidUser("admin_user", "domain", "pass");
//b gets the value of true, so impersonation succeeded
//now, start the process
....
//succeeded
//trying to revert to previous user account (ASPNET or NETWORK
SERVICES for server systems):
b = impersonateValidUser(name, domain, string.Empty);
//b is false - it seems that the ASPNET has a default password (?)

Any ideas? Thanks.