I have an executable file that works fine by hand locally. It converts a file to another new file by some parameters. I'm using ASP.Net and that executable installed win2003 server
sp2. I can use it from local but, I can't execute the program from a web browser using system.diagnosting.process. When I use that, I can see the process in task manager with user name "NETWORK SERVICE", and it won't dissappear without ending process by hand and won't work.
I tried impersonation, try as a web service, edited local policies, apply all privilages, etc...
Is there any suggestions about this problem?
How about creating an app pool in IIS. Assign it the local account ('by hand locally') . Assign the application to this newly created app pool and see if it works.
You can also use procmom to see why the original process hung under "NETWORK SERVICE", probably registry access or something else.
Related
Goal:
I periodically upload new .exe file to windows server 2003 via FTP and I want to run it manually by hitting Url of a web site on same server. Exe needs to be run under an Admin account, and not the NETWORK SERVICE account.
What I achieved so far:
I have been able to successfully run applications like notepad under the Admin account on the server via a web request by using any of these:
PsExec,
.net process.Start() with credentials supplied to process.StartInfo and even
by impersonating admin and then using process.Start without credentials (http://www.f4cio.com/programmatically-impersonate-in-csharp)
The problem:
The above methods run my exe but Task Manager, or a call to System.Security.Principal.WindowsIdentity.GetCurrent().Name shows me that it is running under NETWORK SERVICE.
I suspect that this file has added security constraints because it arrived from ftp link. Checking run-as-administrator in properties of file is not an option because file will be replaced periodically and all needs to be automated. Also manual server configuration should be minimal or ideally non-existent. Code-only single-web-page solution is ideal. Editing both that asp.net web page and exe is ok. (I tried something with exe self-restarting).
Not sure about this, but I suspect this has to do with you website running under the NETWORK SERVICE user. Whatever privileges your website-user has, the same are probably granted / passed on as you try to run your executable.
Is this server on an internal network or protected in some other way? (I should hope so!). If so, you might try changing App Pool that the website is running under to an admin account (in IIS, right click the App Pool running the site, select Advanced Settings, and look for the Identity setting). If I'm right, that will allow you to run your executable as an admin too.
Be aware however, that this may increase the security risk of your setup: Allowing your site to run under an admin account means easier access to your entire server if anyone is able to penetrate whatever security measures you have in place. Make sure access to this server is tightly limited, and preferably, that it in turn does not have access to other systems, since that would in turn make them vulnerable by extension.
I want to run an exe on client system from my c# asp.net website. When I use Process.Start()
it throws an error:
The requested operation requires elevation.
How do I set permissions to run that exe?
You can't spawn processes on the client machine from server-side code.
When you use Process.Start in server-side code, it is attempting to execute the process there, on the server where the website is hosted. If you wanted to create processes on the clients computer then you would need to expose a download for them (and not in employing subterfuge, like malign sites might do to install software - supply it gracefully, and normally (and with permission)), or a Silverlight application or something along those lines.
The bottom line is that the code you want to execute (even if that is just to spawn a process) must reside on the client, and be executed there.
You can't run an application from a web server like that. You will have to have the user download the application by supplying the EXE, a setup file or using ClickOnce.
Or you can develop an ActiveX control that you can have the browser automatically download from a Trusted Internet Zone.
Once downloaded, proper signing with a certificate (signed from the trusted (corporate) root certificate) will avoid the user getting a prompt to ask whether he wishes to allow the ActiveX control to install/be activated -
The ActiveX control can subsequently do anything the interactively logged on user could. This means that to actually install a program you'd need to elevate (UAC on Vista+); But if the goal was just to run a standalone executable, you should be good to go.
This all assumes white-hat purposes in a (larger) corporate setting, because it relies on PKI infrastructure and central browser policies, to name just two.**
This would, really, lead to some excellent questions on serverfault or superuser
I noticed you said you wanted to run an exe file on the client, but you didn't say explicitly that the exe is on the server and you want to push it to the client. Everyone seems to be assuming that is the case.
You CAN accomplish this fairly easily with a small JavaScript if you have a few prerequisites:
The executable is already present on the client machine.
All of your clients are running IE
You can enforce a policy to put your site in the Intranet or Trusted
Sites zone.
So basically this means it's a corporate intranet application. I am assuming this is probably the case since, well, if you were expecting to do this with a public app, I would be surprised.
For the script to accomplish this, please see my answer to this question:
How can I get a program on a client machine to run from an ASP.NET page?
I'm trying to run an exe with parameters from a web application.
I'm using Process.start() but it does not seem to run on iis!
It works fine when running from iis express. I'm publishing the application to my local iis as a test but it does nothing.
I've tried setting the iis admin service to enable interactions with the desktop and ive told iis to connect as my user credentials and set the application pool to use the same user credentials but still nothing works!
is there anything else someone can advise to get this working!
Cheers.
UPDATE
I got iis to run the process by setting the application pool identity to local system and double checking the credentials for the site.
But as expected the applications do not interact with the desktop, so creating a file from command line is simple, but running an application with parameters do not have the application open.
At the moment iis admin service has interact with desktop checked and is using the local system account.
Ok so this isn't really an answer but in the end I got process.start to work by setting the application pool identity to local system.
But as expected the commands do not interact with the desktop, but this was enough for what my application needs to do.
Sorry for the poor answer.
I have an ASP.NET web application running within IIS. The app pool and the web application are both set to run as a user I created (not NETWORKSERVICE). This user has all the proper permissions (like a pseudo-administrator).
The application calls Process.Start() with a magnet URI. There is an application installed on the webserver which can automatically launch and begin processing the magnet URI. If I enter the magnet URI into the webserver's "Run" box, everything works as expected: the application launches and begins processing the URI in the background. The same happens if I debug the application from within Visual Studio - it works as expected because the IIS Express instance is also running within the same session.
When I invoke the process from my web application when it's in IIS, though, it doesn't throw any exceptions or errors, but it doesn't invoke the application. I'm assuming this is because IIS is executing the application from within a different session that the application lives in, so the application cannot respond to the URI invocation, so the process just quits.
How can I change this line of code to run within the same context as a desktop session so that the application can respond to and process the URI appropriately?
Process.Start("magnet:?xt=urn:btih:0123456789ABCDEF");
If the desktop session does not exist (e.g. that user has not logged into the server), I would expect some sort of catchable exception to be thrown so that a friendly error could be displayed on the website.
ASP.NET Web page and server control code executes in the context of
the ASP.NET worker process on the Web server. If you use the Start
method in an ASP.NET Web page or server control, the new process
executes on the Web server with restricted permissions. The process
does not start in the same context as the client browser, and does not
have access to the user desktop. http://msdn.microsoft.com/de-de/library/e8zac0ca.aspx
When you use Process.Start on IIS 7+, it would start a new process as a service in a 'Session 0' and you can't do anything interactive with that session even you will login with same account on the server. You can however see the process running in the Task Manager (Show processes from all users).
If magnet links are not associated then you can just pass the magnet link as an argument
Process.Start("C:\...\Torrent.exe", "magnet:?...")
If process of the associated exe does not start at all - redirect its output (example) and see what was the problem.
In general, running an external process from web applications is not a good idea and you could consider either a Scheduled Task or Windows Service that polls a common storage repository to see if a batch job should be run and execute your application from there.
Example:
Use aspx to write "magnet:?xt=..." to a text file (c:\magnet.txt)
Create a .bat file with the following content
FOR /F %%x IN (c:\\magnet.txt) DO START %%x
DEL /F c:\magnet.txt
Create a scheduled task that opens the .bat file e.g. every minute
Done!
You can try creating a dedicated regular user account on your server, then use
Process.Start(fileName, userName, password, domain)
to start your process under that user credentials.
Another idea, create a self-hosted WCF service and run it under a logged-in desktop user session. The WCF service would start your "magnet:" app. Call the WCF service from your ASP.NET code (via localhost).
Instead of Process.Start() try using CreateProcessWithLogonW.
Similar question answered in SO: Process.Start() under asp.net?
OK to add clarification after the comments posted and the fact I realise my original question was massively confusing. This is what I am trying to achieve....
This will be an web application running on a local intranet and not over the internet. Ultimately I want to be open a network folder location from within the the web application. So for example the web application creates folders on the file server with a set structure i.e:
\server\jobnumber\exhibitreference\image1
\server\jobnumber\exhibitreference\image2
I want the user to be able to navigate to the record and click a link to open it's matching folder location. The users, web server and file server are all on the same domain.
The code below was just used as an example to try and get it working for a file/folder on my local machine before I moved off to trying a remote folder. I appreciate this was confusing.
Original question
I have created .Net/C# web application and I want to open a text file at a specified location. The code below is working fine when run on IIS Express but once published to IIS it does not work.
At present IIS Express and IIS 7 are running on my local machine. The IIS application pool is configured to run under my domain account (had to do this as we have a double hop issue of authentication to SQL server) So far I have the following code:
ProcessStartInfo processStartInfo = new ProcessStartInfo();
processStartInfo.WorkingDirectory = #"C:\Users\pcustance\Desktop\";
processStartInfo.FileName = #"notepad.exe";
processStartInfo.Arguments = "test.txt";
processStartInfo.WindowStyle = ProcessWindowStyle.Maximized;
processStartInfo.CreateNoWindow = true;
Process process = Process.Start(processStartInfo);
Watching the system processes through task manager I can see that the process "notepad.exe" gets created successfully but no window opens. It says the process is running under "pcustance" account but I can only see it when I select "show processes from all users" in task manager.
Is the window not launching because somehow it is being run under the wrong account?
I have also tried:
Process.Start("C:\Users\pcustance\Desktop\test.txt");
As before, this works in IIS Express but not on IIS7.
Any help is greatly appreciated.
Solution
At the moment I have had to resort to using Internet Explorer which supports the use of local links out the box. The browser can be pointed at a network location with the following:
file:///\\server\folder\location
or
file://///server/folder/location
All your code runs within asp.net which is hosted in a server (via IIS).
The code you have written will execute in the context of where your asp.net app is hosted.
While doing web development using visual studio, the "server" and the "client" (i.e. the browser) is usually the same computer. The code executes in the context of a localized development server. Your browser will make requests to "that" server. Therefore the code you wrote is bound to give you the illusion that you've started the process - notepad.exe
The stuff you've actually implemented about doesn't apply for web applications in general. It isn't even feasible. Since the "server" and "client" are two different machines now. The closest you can get into implementing this requirement is serving up the file as response. To the end user, this is equivalent to downloading (in most cases).
Edit:
Your options are serving up the file as-is shown in the code:
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Disposition", _
"attachment; filename=""" & filename & """");
This will force user to download the file on the client with a default name as specified by value in filename. Actually you can vary the Content-Disposition part to instruct the browser how to load. However, it depends on the target browser. Here is a small example:
FileStream MyFileStream = new FileStream(#"d:\inetpub\wwwroot\small.txt", FileMode.Open);
long FileSize;
FileSize = MyFileStream.Length;
byte[] Buffer = new byte[(int)FileSize];
MyFileStream.Read(Buffer, 0, (int)MyFileStream.Length);
MyFileStream.Close();
Response.ContentType="text/plain";
Response.AddHeader( "content-disposition","inline; filename=sample.txt");
Response.BinaryWrite(Buffer);
You should research a few articles and experiment. Here are some links to start with:
Content-Disposition:What are the differences between "inline" and "attachment"?
http://www.nullskull.com/articles/20011006.asp
http://www.windowsdevcenter.com/pub/a/dotnet/2002/04/01/asp.html
The intent of your question is still not clear.
Are you...
A. trying to connect to a web application (hosted with IIS) from a client browser and access a file from a network share (relative to the server) for the client to consume?
B. trying to connect to a web application (hosted with IIS) from a client browser and have the application access a file from the network to be used by the server (like a .txt file containing information that the application needs for some processing)?
C. trying to connect to a web application (hosted with IIS) from a client browser and have the hosted application access a file from a network share (relative to the client) for the server to consume?
My assumption is you are attempting (B) and if so, you should use System.IO and access your files programmatically instead of trying to launch a process.
UPDATED BELOW
If you are trying to connect to a web application, and launch a local process (such as notepad.exe) on the client you cannot do so by launching a process. Otherwise MyVirus.com could launch local processes on my machine and that would be a nightmare. The web application is only going to launch processes on the server, never the client.
The best you can do is open the file (from the server) and send a Response back to the client with the contents of the file or send the path and file name to the client and open it via javascript or an HTML5 FileReader.
ADDITIONAL UPDATE
You should be able to open an image (or other content consumable in a browser) from a UNC path as long as you are your Application Pool Identity has permissions and also, are you using impersonation (identity impersonate="true" userName="someaccount" password="somepassword")?
ONE LAST UPDATE
Unfortunately even opening a folder location requires a local process to launch (explorer.exe). That's simply not going to happen with modern browsers for security reasons. You could cook up something wonky like a local windows service on each client machine that checks a database and if it finds x it launches the local explorer.exe to the path stored in the database... but it would have to be checking every second and that sounds like a really bad idea.
Other than that maybe something like this File Explorer Control from Telerik or this File View Control would serve your purposes. (Disclaimer, I don't know anything about either of these controls just thought they might help).
please see this page
http://msdn.microsoft.com/en-us/library/58wxa9w5(v=vs.100).aspx
Most importantly this line
Use when you are working with an existing project or your site targets an older version of IIS, such as IIS 6, and it is not very important that your testing environment match the production environment closely. This server option is the default in Visual Studio. However, the Visual Studio Development Server runs in a different security context than full IIS, and may fail to reveal errors that can occur when you deploy to a production version of IIS.
The issue is that IISExpress and the local dev server run under your security context. This allows them much more freedom to start processes and have access to files on the local system.
IIS however runs in a much stricter security context and has a limited access to the machine at hand. Imagine if IIS could do what you are proposing above. you could basically run any arbitrary code on the webserver.