I have an ASP.NET web application running within IIS. The app pool and the web application are both set to run as a user I created (not NETWORKSERVICE). This user has all the proper permissions (like a pseudo-administrator).
The application calls Process.Start() with a magnet URI. There is an application installed on the webserver which can automatically launch and begin processing the magnet URI. If I enter the magnet URI into the webserver's "Run" box, everything works as expected: the application launches and begins processing the URI in the background. The same happens if I debug the application from within Visual Studio - it works as expected because the IIS Express instance is also running within the same session.
When I invoke the process from my web application when it's in IIS, though, it doesn't throw any exceptions or errors, but it doesn't invoke the application. I'm assuming this is because IIS is executing the application from within a different session that the application lives in, so the application cannot respond to the URI invocation, so the process just quits.
How can I change this line of code to run within the same context as a desktop session so that the application can respond to and process the URI appropriately?
Process.Start("magnet:?xt=urn:btih:0123456789ABCDEF");
If the desktop session does not exist (e.g. that user has not logged into the server), I would expect some sort of catchable exception to be thrown so that a friendly error could be displayed on the website.
ASP.NET Web page and server control code executes in the context of
the ASP.NET worker process on the Web server. If you use the Start
method in an ASP.NET Web page or server control, the new process
executes on the Web server with restricted permissions. The process
does not start in the same context as the client browser, and does not
have access to the user desktop. http://msdn.microsoft.com/de-de/library/e8zac0ca.aspx
When you use Process.Start on IIS 7+, it would start a new process as a service in a 'Session 0' and you can't do anything interactive with that session even you will login with same account on the server. You can however see the process running in the Task Manager (Show processes from all users).
If magnet links are not associated then you can just pass the magnet link as an argument
Process.Start("C:\...\Torrent.exe", "magnet:?...")
If process of the associated exe does not start at all - redirect its output (example) and see what was the problem.
In general, running an external process from web applications is not a good idea and you could consider either a Scheduled Task or Windows Service that polls a common storage repository to see if a batch job should be run and execute your application from there.
Example:
Use aspx to write "magnet:?xt=..." to a text file (c:\magnet.txt)
Create a .bat file with the following content
FOR /F %%x IN (c:\\magnet.txt) DO START %%x
DEL /F c:\magnet.txt
Create a scheduled task that opens the .bat file e.g. every minute
Done!
You can try creating a dedicated regular user account on your server, then use
Process.Start(fileName, userName, password, domain)
to start your process under that user credentials.
Another idea, create a self-hosted WCF service and run it under a logged-in desktop user session. The WCF service would start your "magnet:" app. Call the WCF service from your ASP.NET code (via localhost).
Instead of Process.Start() try using CreateProcessWithLogonW.
Similar question answered in SO: Process.Start() under asp.net?
Related
I have an ASPX web application written in C# in which I call a desktop application running on the cloud web server machine from a button on the web page using a ProcessStartInfo object. The application (SetTags) was failing with a security violation when trying to access a Registry key in HKCU/Software. To get around this, I changed the ProcessStartInfo verb from 'open' to 'runas' and set UseShellExecute to true, which should start the desktop application with Administrator privilege. UAC has been turned off on the cloud server machine. However, the desktop application crashes with a security exception recorded in the event log as follows
Exception Info: System.Security.SecurityException
at System.ThrowHelper.ThrowSecurityException(System.ExceptionResource)
at Microsoft.Win32.RegistryKey.OpenSubKey(System.String, Boolean)
at Global.Common..cctor()
Exception Info: System.TypeInitializationException
at Global.Common.ShowUserError(System.String, System.String)
at SetTagsNS.Program.Main(System.String[])
The crash happens before any data can be written to a log file and the Common.ShowUserError code does not contain any explicit Registry calls. It is as follows:
public static void ShowUserError(string sMsg, string sCaption = "")
{
if (CallingArgs == null) MessageBox.Show(sMsg, sCaption);
else
if (CallingArgs.GetUpperBound(0) != -1)
{
if(sErrFile!="")
{
StreamWriter Err = new StreamWriter(sErrFile,true); // 2nd param = true to append error
// Redirect standard error from the console to the error file.
Console.SetError(Err);
Err.Close();
}
else Console.Error.Write(sMsg);
}
else MessageBox.Show(sMsg, sCaption);
}
The desktop application is built in C# using VS2013 as Windows application rather than a console application, but with the option of not showing any windows if it is launched with command line arguments. A console is attached to the application to record messages when the application is launched with command line arguments. This is done in order to use the same code base for a web application and a desktop application.
The desktop application can be run successfully on the cloud web server (Server2016 OS) from an administrator account from a .bat file using the same parameters as used when it is called from aspx page. runas /trustlevel=0x20000 is used to make the application run with only basic user privilege
What can I do to allow to allow the desktop application access to the Registry when it is called from an aspx page?
The key to allowing executables running on a web server to behave like the same executable running on the desktop and using the registry is to give the Application Pool in which the web app runs the Identity a privileged account, such as Administrator, rather than the default of ApplicationPoolIdentity. This allows access to the Registry, but other things which desktop apps may use, such as special folder locations (eg AppData) may still be different. (It may be opening a security hole but in my case the server contains no sensitive data.) Then using the runas verb in Process.StartInfo allows the executable to behave as a desktop executable does.
In retrospect, the suggestion that the web app should simply share some of the code base (as suggested) would probably have been less work, but as I am very familiar with desktop app development I thought that the best approach would be simply to remove the UI when running the exe from a command line, and just let the web app deal with the interface. As ever, experience keeps a dear school. Once the pitfalls are known (registry access, special folders, any UI interaction) it's certainly possible to operate in this way. Judging from the number of people wanting to find out why bat files run on a web server desktop but not when run from a web app these differences should be more widely known.
Goal:
I periodically upload new .exe file to windows server 2003 via FTP and I want to run it manually by hitting Url of a web site on same server. Exe needs to be run under an Admin account, and not the NETWORK SERVICE account.
What I achieved so far:
I have been able to successfully run applications like notepad under the Admin account on the server via a web request by using any of these:
PsExec,
.net process.Start() with credentials supplied to process.StartInfo and even
by impersonating admin and then using process.Start without credentials (http://www.f4cio.com/programmatically-impersonate-in-csharp)
The problem:
The above methods run my exe but Task Manager, or a call to System.Security.Principal.WindowsIdentity.GetCurrent().Name shows me that it is running under NETWORK SERVICE.
I suspect that this file has added security constraints because it arrived from ftp link. Checking run-as-administrator in properties of file is not an option because file will be replaced periodically and all needs to be automated. Also manual server configuration should be minimal or ideally non-existent. Code-only single-web-page solution is ideal. Editing both that asp.net web page and exe is ok. (I tried something with exe self-restarting).
Not sure about this, but I suspect this has to do with you website running under the NETWORK SERVICE user. Whatever privileges your website-user has, the same are probably granted / passed on as you try to run your executable.
Is this server on an internal network or protected in some other way? (I should hope so!). If so, you might try changing App Pool that the website is running under to an admin account (in IIS, right click the App Pool running the site, select Advanced Settings, and look for the Identity setting). If I'm right, that will allow you to run your executable as an admin too.
Be aware however, that this may increase the security risk of your setup: Allowing your site to run under an admin account means easier access to your entire server if anyone is able to penetrate whatever security measures you have in place. Make sure access to this server is tightly limited, and preferably, that it in turn does not have access to other systems, since that would in turn make them vulnerable by extension.
I wrote a C# application using RESTful web services. This application should interact periodically with our server application. I want this program to keep running in the background even if the user logs out of the computer. How can I do this in C#?
If you don't want your application to stop when the user logs out, then the application can't be running in the user's session (really a WinStation). That implies your app needs to run in a different session. The sessions that don't logout are service sessions. Run Task Manager and add the Session ID column, and view all processes, and you'll see what I mean.
So your application needs to run as, or be launched by, a service.
In addition to the first answer don't keep the service running under the specific user account. If you do so then also it won't work if you logged off.
OK to add clarification after the comments posted and the fact I realise my original question was massively confusing. This is what I am trying to achieve....
This will be an web application running on a local intranet and not over the internet. Ultimately I want to be open a network folder location from within the the web application. So for example the web application creates folders on the file server with a set structure i.e:
\server\jobnumber\exhibitreference\image1
\server\jobnumber\exhibitreference\image2
I want the user to be able to navigate to the record and click a link to open it's matching folder location. The users, web server and file server are all on the same domain.
The code below was just used as an example to try and get it working for a file/folder on my local machine before I moved off to trying a remote folder. I appreciate this was confusing.
Original question
I have created .Net/C# web application and I want to open a text file at a specified location. The code below is working fine when run on IIS Express but once published to IIS it does not work.
At present IIS Express and IIS 7 are running on my local machine. The IIS application pool is configured to run under my domain account (had to do this as we have a double hop issue of authentication to SQL server) So far I have the following code:
ProcessStartInfo processStartInfo = new ProcessStartInfo();
processStartInfo.WorkingDirectory = #"C:\Users\pcustance\Desktop\";
processStartInfo.FileName = #"notepad.exe";
processStartInfo.Arguments = "test.txt";
processStartInfo.WindowStyle = ProcessWindowStyle.Maximized;
processStartInfo.CreateNoWindow = true;
Process process = Process.Start(processStartInfo);
Watching the system processes through task manager I can see that the process "notepad.exe" gets created successfully but no window opens. It says the process is running under "pcustance" account but I can only see it when I select "show processes from all users" in task manager.
Is the window not launching because somehow it is being run under the wrong account?
I have also tried:
Process.Start("C:\Users\pcustance\Desktop\test.txt");
As before, this works in IIS Express but not on IIS7.
Any help is greatly appreciated.
Solution
At the moment I have had to resort to using Internet Explorer which supports the use of local links out the box. The browser can be pointed at a network location with the following:
file:///\\server\folder\location
or
file://///server/folder/location
All your code runs within asp.net which is hosted in a server (via IIS).
The code you have written will execute in the context of where your asp.net app is hosted.
While doing web development using visual studio, the "server" and the "client" (i.e. the browser) is usually the same computer. The code executes in the context of a localized development server. Your browser will make requests to "that" server. Therefore the code you wrote is bound to give you the illusion that you've started the process - notepad.exe
The stuff you've actually implemented about doesn't apply for web applications in general. It isn't even feasible. Since the "server" and "client" are two different machines now. The closest you can get into implementing this requirement is serving up the file as response. To the end user, this is equivalent to downloading (in most cases).
Edit:
Your options are serving up the file as-is shown in the code:
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Disposition", _
"attachment; filename=""" & filename & """");
This will force user to download the file on the client with a default name as specified by value in filename. Actually you can vary the Content-Disposition part to instruct the browser how to load. However, it depends on the target browser. Here is a small example:
FileStream MyFileStream = new FileStream(#"d:\inetpub\wwwroot\small.txt", FileMode.Open);
long FileSize;
FileSize = MyFileStream.Length;
byte[] Buffer = new byte[(int)FileSize];
MyFileStream.Read(Buffer, 0, (int)MyFileStream.Length);
MyFileStream.Close();
Response.ContentType="text/plain";
Response.AddHeader( "content-disposition","inline; filename=sample.txt");
Response.BinaryWrite(Buffer);
You should research a few articles and experiment. Here are some links to start with:
Content-Disposition:What are the differences between "inline" and "attachment"?
http://www.nullskull.com/articles/20011006.asp
http://www.windowsdevcenter.com/pub/a/dotnet/2002/04/01/asp.html
The intent of your question is still not clear.
Are you...
A. trying to connect to a web application (hosted with IIS) from a client browser and access a file from a network share (relative to the server) for the client to consume?
B. trying to connect to a web application (hosted with IIS) from a client browser and have the application access a file from the network to be used by the server (like a .txt file containing information that the application needs for some processing)?
C. trying to connect to a web application (hosted with IIS) from a client browser and have the hosted application access a file from a network share (relative to the client) for the server to consume?
My assumption is you are attempting (B) and if so, you should use System.IO and access your files programmatically instead of trying to launch a process.
UPDATED BELOW
If you are trying to connect to a web application, and launch a local process (such as notepad.exe) on the client you cannot do so by launching a process. Otherwise MyVirus.com could launch local processes on my machine and that would be a nightmare. The web application is only going to launch processes on the server, never the client.
The best you can do is open the file (from the server) and send a Response back to the client with the contents of the file or send the path and file name to the client and open it via javascript or an HTML5 FileReader.
ADDITIONAL UPDATE
You should be able to open an image (or other content consumable in a browser) from a UNC path as long as you are your Application Pool Identity has permissions and also, are you using impersonation (identity impersonate="true" userName="someaccount" password="somepassword")?
ONE LAST UPDATE
Unfortunately even opening a folder location requires a local process to launch (explorer.exe). That's simply not going to happen with modern browsers for security reasons. You could cook up something wonky like a local windows service on each client machine that checks a database and if it finds x it launches the local explorer.exe to the path stored in the database... but it would have to be checking every second and that sounds like a really bad idea.
Other than that maybe something like this File Explorer Control from Telerik or this File View Control would serve your purposes. (Disclaimer, I don't know anything about either of these controls just thought they might help).
please see this page
http://msdn.microsoft.com/en-us/library/58wxa9w5(v=vs.100).aspx
Most importantly this line
Use when you are working with an existing project or your site targets an older version of IIS, such as IIS 6, and it is not very important that your testing environment match the production environment closely. This server option is the default in Visual Studio. However, the Visual Studio Development Server runs in a different security context than full IIS, and may fail to reveal errors that can occur when you deploy to a production version of IIS.
The issue is that IISExpress and the local dev server run under your security context. This allows them much more freedom to start processes and have access to files on the local system.
IIS however runs in a much stricter security context and has a limited access to the machine at hand. Imagine if IIS could do what you are proposing above. you could basically run any arbitrary code on the webserver.
I have an executable file that works fine by hand locally. It converts a file to another new file by some parameters. I'm using ASP.Net and that executable installed win2003 server
sp2. I can use it from local but, I can't execute the program from a web browser using system.diagnosting.process. When I use that, I can see the process in task manager with user name "NETWORK SERVICE", and it won't dissappear without ending process by hand and won't work.
I tried impersonation, try as a web service, edited local policies, apply all privilages, etc...
Is there any suggestions about this problem?
How about creating an app pool in IIS. Assign it the local account ('by hand locally') . Assign the application to this newly created app pool and see if it works.
You can also use procmom to see why the original process hung under "NETWORK SERVICE", probably registry access or something else.