We have an app that can run as a command line executable or a windows service (via ServiceBase). It depends on user-specific config files that are stored in a subdirectory of that returned by
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData).
When run as a cmd exe, it returns the user's %localappdata% it's fine. However, when installed and run as a windows service, the user is LocalSystem and the above code returns
C:\Windows\System32\config\systemprofile\AppData\Local
We'd like to avoid using RunAsAService perms (we have verified that it works), but we need to get the logged-on user's %localappdata% directory. How do we go about getting that directory for the logged-on user, rather than the system user?
Related
Im hosting an asp.net application in IIS8 on windows server 2012.
this application suppose to execute an batch file.
it works perfect if i execute the application with visual studio in debug mode. but when i upload it to the IIS the application cant execute the batch file.
i tried to change the batch file with exe file. same problem.
the batch file suppose to execute from the application(WCF application) that in the IIS:
System.Diagnostics.Process proc = new System.Diagnostics.Process();
proc.StartInfo.WorkingDirectory = #"C:\path";
proc.StartInfo.FileName = #"C:\path\executer.bat";
proc.Start();
proc.Close();
please help,
Most likely the problem you are experiencing is due to permissions. You need to check what account the IIS Application Pool that your app is running under is configured for and whether that account has rights to run your batch file or the commands within that batch file.
When running in Visual Studio you're likely running IIS Express as the interactive user.
When running under IIS by default you're running under ApplicationPoolUser identity which has no rights to execute code, has no file access or anything else. Unless you've explicitly set a different account with appropriate file access rights to the batch file, and rights to execute the commands inside of the batch file, you won't be able to run the batch file from within IIS. To change that change the Application Pool user identity to a user that does have rights to both read and execute the batch file on disk and has any rights required to run what's executing in the batch file.
Make sure any folder or file accessed by your application have permissions granted to the AppPoolUser account. It is also important to check your applications resource folders too. For example, if you are writing logs, make sure you give the appPool user account enough permission to write to that file.
Your code is working fine . May be there is some issue in batch file i faced before .My batch file is
start "" BATCHLOG.exe
where BATCHLOG.exe is the executable
Some times batchfile named only
BATCHLOG.exe
does not work correctly on windows scheduler so may be in that case of yours
I have an C#, .Net 4.6.1 Windows Forms Application running on Windows Server Platforms (2008 or higher) which requires to be "Run as Administrator". Elevated privileges are required because the application changes User Access Rights on various folders (underneath the IIS Default Web Site Root if that matters).
I have no luck in detecting if the application has been "Run as Administrator". If I start the application normally (that is not as Administrator) the following code
var isAdmin = WindowsIdentity.GetCurrent().Owner.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid);
returns true but the code which changes some User Access Rights on a Directory fails with a Insufficient Privileges Error.
If I run the application as administrator the above check also returns true, but the changing of User Access rights works just fine.
Other attempts I have made without success:
Using the GetTokenInformation method inside the advapi32.dll as suggested here
Adding a manifest file to the application where I set the requestedExecutionLevel to requireAdministrator
Thanks in advance for any help.
The following must work (I hope so; I have a Windows client and it's working with me).
var Identity = WindowsIdentity.GetCurrent();
var Principal = new WindowsPrincipal(Identity);
bool IsAdmin = Principal.IsInRole(WindowsBuiltInRole.Administrator);
Try to change the permissions of a known folder and if there is an exception then you know the program has not been run as administrator.
I just registered at AWS services (micro, free) and trying to deploy asp.net mvc 4 application.
Everything is working fine, web application deployed and running (the web part, database, etc), but when i am trying to write to filesystem (for example, when i`m saving a file), i'm gettig an exception
System.UnauthorizedAccessException: Access to the path
'C:\inetpub\wwwroot.logs\xxx.log
The folder "C:\inetpub\wwwroot\.logs" exists.
I tried to grant a permission to folder to DefaultAppPool using commands.
I have following web project structure:
WebHost
.ebextensions
aws.config
aws.cofig has following content:
container_commands:
01-logscreate:
command: "mkdir C:\inetpub\wwwroot\.logs > create-logs.log"
cwd: "C:/inetpub/wwwroot/.ebextensions"
01-logspermission:
command: "icacls \"C:/inetpub/wwwroot/.logs\" /grant DefaultAppPool:(OI) (CI) > p-logs.log"
cwd: "C:/inetpub/wwwroot/.ebextensions"
When i accessing the file, i resolving the full path using
HostingEnvironment.MapPath("~/.logs/xxx.log")
But when i trying to write to this file, a get an exception.
Relative path of '.ebextensions' in deployment package is
Content\D_C.git\udsmonitoring.app\WebHost\obj\Debug\Package\PackageTmp\.ebextensions
Thanx in advance
The app pool that gets deployed runs with limited permissions. It doesn't have access to write to that directory.
Further, you really shouldn't need to be writing logs to the instance file system itself. These instances are transient. If you need a logging solution, consider using CloudWatch or LogEntries. Both probably fit into your existing code base with only a config file change required. In general, if what you're doing ends up with you needing to remote into the EC2 instance to do or see something, consider taking an alternate approach.
Finally, if you really do have a need to write to that directory from within the context of your app, you can add a command in your ebextensions that uses appcmd to set the app pool identity to one with greater privileges...or have a command that sets the directory permissions explicitly.
I have programmed a Windows Service that is calling another service over the network.
The other service's IP is defined in the hosts file.
The Windows Service is running as local system.
On Windows Server 2008 this works fine. The IP from the hosts file is used.
On Windows 7, the IP from the hosts file is not used. Instead it uses normal DNS.
If I use a normal user instead of local system, the behaviour is correct. The same as on Windows Server 2008. The host file is used.
I can reliably switch between local system and a normal user for the same service binary without touching the hosts file, the error is reproducable. So it's not about caching anything anywhere or having a wrong hosts file.
Is there anything in Windows 7 I missed? Why would a service running as local system not use the hosts file?
The reason why it works as normal user could be this: you could have a duplicate hosts file in %LOCALAPPDATA%\VirtualStore, which is a redirection folder for programs running as non-admin and trying to write to system locations. If this is the case, then you actually see wrong hosts file when you think you edit the system's one!
The other reason could be wrong permissions set to file. Please try point 5 from https://serverfault.com/a/452269
First close other runnings applications and have a look at your system logs
You can run anything as system to debug like explorer.exe or cmd.exe
with the folowing command using PSTools you could then browser your hosts and check it
psexec -i -s cmd.exe
psexec -i -s ping your.host
Avoid multiple entry for the same host on hosts file
Even if you talked about it i post some debug commands
ipconfig /flushdns
nbtstat -R (reset netbios)
You can check DNS Cache
ipconfig /displaydns | more
Windows set the hosts file location with this registry key
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
Check proxy config it could bypass hosts
Check "etc" directory permission and "hosts" file permission
I wrote a service and in the code I tried to get the AppData folder's path:
C:\Users\[Username]\AppData\
I tried:
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)
But I got:
C:\Windows\system32\config\systemprofile\AppData
You're getting the AppData folder of the Account running the service. (System Account)
There is no other user involved in it.
If you want a particular user's AppData folder, run the Windows Service under that user's account.