Geek Answers Handbook

Running a command from an ASP.NET application pool identifier

I start the executable process from my ASP.NET application when the user clicks a button. This process creates several files and serves them to the end user. I can’t understand what is happening or not working, but it didn’t work until I set admin to the user as the identifier of the application pool on the server. I am using IIS7.

using (var proc = new Process()) { proc.StartInfo.FileName = Server.MapPath("~/Testing/Demo/MyExe.exe"); proc.StartInfo.Arguments = String.Format("\"{0}\"", commandFilePath); proc.StartInfo.UseShellExecute = true; proc.Start(); proc.WaitForExit(); }

I guess this is generally bad. Can you give me an idea of ​​what needs to be done to enable this for a regular ApplicationPoolIdentity account?

Thanks!

+7
source share
4 answers

Thank you all for your help. All I had to do was install the StartInfo.WorkingDirectory file somewhere that I could write.

  using (var proc = new Process()) { proc.StartInfo.FileName = Server.MapPath("~/Testing/Demo/MyEXE.exe"); proc.StartInfo.Arguments = String.Format("\"{0}\"", commandFile); proc.StartInfo.WorkingDirectory = savePath; proc.Start(); proc.WaitForExit(); }

This leads to the fact that temp files are written to a non-system folder and therefore do not require any elevated permissions for the application pool.

+1
source

First of all, why do you need a shell to execute it? Not a console application - do you open any window?

Secondly, you need to redirect input and output.

And finally, what you need to do is put in the directory in which your script is running permission for the user under your pool control. And remove Admin from your pool.

 proc.StartInfo.UseShellExecute = false; proc.StartInfo.CreateNoWindow = false; proc.StartInfo.RedirectStandardError = true; proc.StartInfo.RedirectStandardOutput = true; proc.StartInfo.RedirectStandardInput = true; proc.Start(); proc.StandardInput.Flush(); proc.StandardInput.Close(); proc.WaitForExit(); proc.Close();

So, for example, if you add your pool to run under UserA, go to your directory in which your program is running and add permission for UserA so that it can run programs in this directory. If your program also uses other directories for reading and writing, also add permission for UserA for these.

I can’t understand what this process is or doesn’t

You can see if you use Process Explorer on the server and see if it will start, if it is closed, if it is stopped, but stay there.

+3
source

This is probably a file / execute permission issue. Try granting execute permissions for ApplicationPoolIdentity permissions for ~/Testing/Dema/MyExe.exe and read for commandFilePath . You mentioned that your process creates files. You will need to grant modify or full control permissions to ApplicationPoolIdentity in the folder where the files will be created. Below is a list of permissions .

See the permission assignment for the ApplicationPoolIdentity account for information on granting permissions.

The security event log should record errors made with permission. Check if you have access rights issues. System and application logs may also contain information about the problem.

Process Explorer can also display file access requests. The following is a technical article about troubleshooting with Process Explorer .

+2
source

Whenever you start a process from an ASP.NET page, it runs in the context of the workflow security, privileges of the application pool account. This is not like you typically run MyExe.exe, in which case it will be launched using a registered account. It is because of this that your code worked when you gave the administrator account in the application pool.

There are many ways to solve this problem.

One of the easiest would be to change the application pool identifier in the Network Service and add the network service to the permissions of the folders in which MyExe.exe will access the file form.

Hope this helps.

+1
source

More articles:


All Articles