C# .NET - Creating a windows user account - Asked By Dave Becker on 18-Dec-06 11:26 AM

I have an app which needs to create a windows user account (I won't bore you with specifics) and I am using the code shown below. The code works fine when logged in locally but not when accessing via public address. The server is 2003 Standard it is not part of a domain nor a domain controller. Any ideas???

try
    {

      // local vars to imitate parameters
      string s_Username = "TestUser";
      string s_Password = "password";
      string s_Description = "Test User Account";

      DirectoryEntry AD = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
      // create a new user
      DirectoryEntry NewUser = AD.Children.Add(s_Username, "user");
      // set the properties
      NewUser.Invoke("SetPassword", new object[] { s_Password });
      NewUser.Invoke("Put", new object[] { "Description", s_Description });
      // commit the changes
      NewUser.CommitChanges();
      lblResult.Text = "Success!!";
    }
    catch (Exception err)
    {
      // set the error message
      lblResult.Text = err.Message;
    }

Create a Local Windows User Account [C#/.NET] - K Pravin Kumar Reddy replied to Dave Becker on 18-Dec-06 11:38 AM

Using the Windows net command, it’s easy to create local Windows User Accounts. The syntax for the net command is:

net user [username] [password] /ADD

The following C# function takes in three parameters -- username, password and home directory.

using System.Diagnostics;

public void CreateLocalUser(string username, string password, string homedir)
  {
  if (!Directory.Exists(homedir))
    Directory.CreateDirectory(homedir);
  
  Process MyProc = new Process();
  MyProc.StartInfo.WorkingDirectory = "C:\WINNT\SYSTEM32";
  MyProc.StartInfo.FileName = "net.exe";
  MyProc.StartInfo.UseShellExecute = false;
  MyProc.StartInfo.RedirectStandardError = true;
  MyProc.StartInfo.RedirectStandardInput = true;
  MyProc.StartInfo.RedirectStandardOutput = true;
  MyProc.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
  
  MyProc.StartInfo.Arguments = @" user " + username + @" " + password + @" /ADD /ACTIVE:YES " +
    @"/EXPIRES:NEVER /FULLNAME:" + username + @" /HOMEDIR:""" + 
    homedir + @""" /PASSWORDCHG:NO /PASSWORDREQ:YES";
  
  MyProc.Start();
  MyProc.WaitForExit();
  MyProc.Close();
  }

It assumes a few settings for the user and creates a local User account. You can alter the settings to anything you want. Try “net help user” in your DOS prompt for what each of the switches mean/do.

reference

http://www.thejackol.com/2004/08/03/create-a-local-windows-user-account-cnet/

It's all about credentials and permissions. - Peter Bromberg replied to Dave Becker on 18-Dec-06 12:21 PM

If you are logged on locally as an Administrator (most people are, even though there are some very good reasons to run as least privilege), then you probably have the credentials and permission set to add a new Windows User.

However when you run your app from the public Internet, IIS will run it either as <IUser_MachineName> or the ASPNET account, both of which are weak accounts by design.  So you either need to give them permissions / roles allowing adding of users, or run your web app impersonating a different account that does.