Asp.net launcher with administrator account

Question

Asp.net launcher with administrator account

I need to start a single console application from an ASP.NET application using an administrator account and enable desktop interaction. I tried the code below, the console application is working fine, but in the NETWORK SERVICE account. Any ideas on running the console under an administrator account?

string enginePath = Server.MapPath(@"~/engine/MyConsole.exe"); System.Diagnostics.ProcessStartInfo info = new System.Diagnostics.ProcessStartInfo(enginePath, ""); System.Diagnostics.Process p = System.Diagnostics.Process.Start(info); p.WaitForExit();

Regards, Thomas

+5

asp.net permissions administrator

Tomas Dec 9 '09 at 13:14

source share

3 answers

Pharabus · Answer 1 · 2009-12-09T13:17:38+0000

you can use impersonation, there is an example here

Personally, I don’t like impersonation in asp.net, you need to deal with passwords that do not change or do not change in code. Unable to run what you want as an asp.net user?

edit:

You could axially impersonate a network service using "NETWORK SERVICE" as the username, which at least fixes the password problems a bit,

James · Answer 2 · 2009-12-09T13:22:17+0000

You can use the manifest file and embed it in the console application, which will instruct it to always run under the administrator account. See an example .

If this does not work for you, you can try passing the credentials of the administrator account to ProcessStartInfo , for example

 string enginePath = Server.MapPath(@"~/engine/MyConsole.exe"); System.Diagnostics.ProcessStartInfo info = new System.Diagnostics.ProcessStartInfo(enginePath, ""); info.UserName = "Administrator"; info.Password = "Password"; System.Diagnostics.Process p = System.Diagnostics.Process.Start(info); p.WaitForExit();

Dave mateer · Answer 3 · 2009-12-09T13:27:43+0000

Another user has already suggested impersonation. If it is good enough, you will go. As he said, however, there are some maintenance headaches to resolve and some security implications.

Some parameters that I used in the past that may or may not be applicable in your situation:

If the task is in a predictable schedule, just add it to the scheduled tasks in Windows, set the appropriate work account (administrator or something else) and release. I believe that there are also ways to programmatically launch a scheduled task, but I never had to do this. A Google search should catch you.
Implement the console application logic as a service running under the corresponding account. Then the service listens for a “trigger” from your web application — a file crash or something simpler.

In any case, the idea is to avoid storing any accounts on your ASP page and not grant these process rights that they do not need.

Asp.net launcher with administrator account

More articles: