In my Web application I need to open an Autodesk inventor exe on the server. I tried some thing but it is not working while hosting in IIS. Here is my code:
Dim info = New System.Diagnostics.ProcessStartInfo()
info.FileName = "C:\Program Files\Autodesk\Inventor 2013\Bin\Inventor.exe"
info.UseShellExecute = True
Dim process = New System.Diagnostics.Process()
process.StartInfo = info
process.Start()
What is the problem. anyone have any idea?
Before doing anything, that exe file should be runnable by IIS and network accounts.
The problem is probably a permissions thing.
Your IIS/asp.net process doesn't have security access to that folder to execute the app.
Broadly speaking you need to give the permissions to the user so it can execute the app.
First go to the files on your server that are inside a valid website via RDC and right click on them, then go to properties and click Security tab.
You will see some user accounts and permissions. Depending the server setup (dif versions of IIS, running plesk, etc) you might have different names but look for something thats has iis in the name.
You need to then goto the autodesk exe and give the permissions for the account you found so that it can execute it.
Related
I have a powershell script file called Script1.ps1 And I execute it from a web application in ASP.NET with the following code:
process.StartInfo.FileName = #"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe";
process.StartInfo.Arguments = $"-File \"{ScriptNameOne}\" \"{param1}\" \"{param2}\" \"{param3}\"";
process.StartInfo.UseShellExecute = true;
process.Start();
The problem is when I deploy my web app in IIS the process doesn't start.
I don't get any error, just my powershell doens't run.
the code works fine in my IIS express from visual Studio, because my user in the computer is executing all the process, so I have permissions to every source in the machine.
Important: I need to execute this powershell script LOCALLY IN THE SERVER WHERE THE SITE IS.
I know that is user/permissions Issue, so...
In IIS, which permissions do I need?
What of all IIS users should I use?
Do I need give permissions in the folder where the powershell.exe is?
ASP.NET Web page and server control code executes in the context of the ASP.NET worker process on the Web server. If you use the Start method in an ASP.NET Web page or server control, the new process executes on the Web server with restricted permissions. The process does not start in the same context as the client browser, and does not have access to the user desktop.
Give permission for ASP.NET worker process account
to interact with desktop or allow ASP.NET worker process to run in SYSTEM account.
To know how to allow worker process to run in SYSTEM account and to know the default permissions of ASPNET account, check this article INFO: Process and Request Identity in ASP.NET: http://support.microsoft.com/default.aspx?scid=kb;en-us;317012
Enable IIS Admin Service to interact with desktop
To configure this, follow this steps.
a. Open Control Panel and follow these steps: For Windows NT: click Services. For Windows 2000, Windows XP, and .NET Server: click Administrative Tools, and then click Services.
b. Double-click IIS Admin Service.
c. On the Log On tab, select the Allow Service to Interact with Desktop check box. Remember to run IIS Admin Service as a local system.
d. Stop and restart the IIS Admin Service.
More infor about this question you can refer to this link: https://stackoverflow.com/a/4679686/13336642.
WHAT WORKED FOR ME:
Right click the directory where the .EXE file is and select Properties
Select the Security tab
Click the Edit button and then Add button
Click the Locations button and make sure that you select your computer
Enter IIS AppPool<appoolname> (eg: IIS AppPool\DefaultAppPool)
https://support.pkware.com/home/smar/latest/sem-knowledge-base/kb-granting-folder-permissions-to-iis-application-pools
I have an API in mvc4 that call to .exe file via 'Process' class.
This .exe using log4net, and run another .exe that export files to directory and subdirectories. In the end of the process, the .exe post to http API.
Process p = new Process();
p.StartInfo.FileName = ConfigurationManager.AppSettings["ExtractToolPath"];
p.StartInfo.Arguments = this.strcommand;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.UseShellExecute = false;
p.StartInfo.Verb = "runas";
p.StartInfo.RedirectStandardInput = true;
p.Start();
string s = p.StandardOutput.ReadToEnd();
p.WaitForExit();
String 's' returns with "" (blank string).
The s paramter get what was printed to the Console window. And I did a print in the begining of the .exe, therefor I know it even not started the process.
Important: When I remove the log4net logger, the 's' parameters gets some output, but it's failes when tring to do any command that requieres write permissions.
I tried to give the IIS executable permission, and immpersonation with admin username and password. I did my directories 'share' to everyone. Nothing helped.
Did you try setting the application pool identity to an administrator? Or giving write permissions on the directory to the application pool identity?
The credentials used to do the writing are the ones in the application pool identity.
I had a similar context when an ASP.NET Core application deployed on IIS had to start a process (with some parameters) from Program Files (clearly outside web application folder) which output data in some directory within a user profile (also, outside web application folder).
When run from command prompt, the command required elevation (User Account Control).
In order to make it run from IIS:
IIS AppPool\YourPool had to be able to write into output directory
I have created a bat file within Web application directory that contained the command to be issued
IIS AppPool\YourPool was not included within Administrators user group
This was tested on a Windows 7 x64.
I've got an ASP.NET application that can connect to Oracle when it's started by Visual Studio Development Server, but when I deploy it to my local IIS, it does not connect, showing the "ORA-12154: TNS:could not resolve the connect identifier specified" error.
My connection string was:
Data Source=ABC; User Id=USER; Password=PASSWORD;
Tt's using TNS. My tnsnames.ora is located at C:\oracle\instantclient_10_2\network\admin, and my ORACLE_HOME system variable is pointing to C:\oracle\instantclient_10_2.
To make it work, I changed the connection string to:
"SERVER=(DESCRIPTION =(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST = server1.theplaceiwork.com)(PORT = 1521))(ADDRESS = (PROTOCOL = TCP)(HOST = server2.theplaceiwork.com)(PORT = 1521))(LOAD_BALANCE = yes))(CONNECT_DATA =(SERVER = DEDICATED)(SERVICE_NAME = ABC)(FAILOVER_MODE =(TYPE = SELECT)(METHOD = BASIC))));uid=USER;pwd=PASSWORD;"
So TNS is used no longer.
But I'd like to know why I can connect using TNS while debbuging with Visual Studio, but when using IIS I can't.
Any tips?
PS. I can use SqlDeveloper with TNS showing no connection errors.
Thanks
Make sure Network Service has access to your TNS directories or change your App Pool to run as you.
Found answer here:
Granting access to IIS 7.5 ApplicationPoolIdentity
When using "ApplicationPoolIdentity" with IIS 7.5 the corresponding
user is (a virtual system user):
IIS AppPool\<AppPoolName>
You can grant this user permissions and check security setting by
searching for this user. See the full explanation here:
http://www.iis.net/learn/manage/configuring-security/application-pool-identities
So basically just give permission to Oracle folder to the App Pool virtual user.
The difference is:
When you are debugging in Visual Studio you are in the security of the logged in user (you)
When you are running in IIS you are in the security context of the identity of the application pool. Default is Network Service.
In my case, I use Windows 7, IIS 7, Visual Studio 2010. For some reason I have installed 2 Oracle clients, 10.2 and 11.2 (I have 2 TNSNAMES.ORA in two differents path). When I use F5, Visual Studio use one TNSNAME and when I use IIS, It use the other TNSNAME!
If I use CMD and write:
tnsping ORCL
It give me the Oracle vertion I use is: 10.2 and not 11.2.
I try turn off the Windows Firewall and not work.
I try login in IIS->AppPool with my Windows Account and either not work.
Finally to fix (after 2 days reading a lot of solutions in stackoverflow and others):
I give read access to both path C:\oracle\product and C:\app\user\product to Everyone account user, because I not found Network Service account.
In IIS -> AppPool, I set ApplicationPoolIdentity to my Pool.
In IIS I recycle the AppPool and Restart my WebSite.
and It Works!
I'd configured my app pool to run in the context of ApplicationPoolIdentity as #Jaanus describes.
The virtual account "IIS AppPool\MyAppPoolName" had been granted read and execute permission on the Oracle folder, however, permissions weren't being inherited from this folder. I had to traverse the Oracle folder structure to see where permissions inheritance was stopping and explicitly enable it from that point.
I found the problem using Process Monitor from SysInternals / Microsoft:
Start capturing
Run the code that accesses the Oracle resources and wait for the exception to be raised by Visual Studio.
Stop capturing.
Filter the Result field for the string "ACCESS DENIED".
Posting my case because it took entirely too long to figure out.
I didn't have access to adjusting the folder permissions and setting the Application Pool Identity did nothing.
Ended up having to edit the Anonymous Authentication credentials of the individual site to my own and the application pool to Network Service. Hopefully this will help someone in a similarly frustrating situation one day.
If you are using ApplicationPoolIdentity, Make sure ApplicationPoolIdentity has access to your TNS directories.
See here how to authorize:
IIS7 Permissions Overview - ApplicationPoolIdentity
I had this issue and tried everything above with no luck. So posting one more thing that was overlooked that could be at cause. Your sqlnet.ora file (same directory as the tnsnames.ora) must exist and have TNS properly configured:
#SQLNET.AUTHENTICATION_SERVICES = (NTS)
NAMES.DIRECTORY_PATH = (EZCONNECT,TNSNAMES)
EZCONNECT is optional but it's very useful in some situations, so I included it.
It was this last thing that enabled my app to work. Hope this helps.
When I run System.Diagnostics.Process.Start from my console application it works but the same code when I run from my web service hosted in IIS doesn't work.
Is it some thing to do with ASP.Net privileges?? if yes how can I configure it from my C# code.
ASP.NET Web page and server control code executes in the context of the ASP.NET worker process on the Web server. If you use the Start method in an ASP.NET Web page or server control, the new process executes on the Web server with restricted permissions. The process does not start in the same context as the client browser, and does not have access to the user desktop.
http://msdn.microsoft.com/en-us/library/0w4h05yb.aspx
- Give permission for ASP.NET worker process account
to interact with desktop or allow ASP.NET worker process to run in SYSTEM account.
To know how to allow worker process to run in SYSTEM account
and to know the default permissions of ASPNET account, check this article
INFO: Process and Request Identity in ASP.NET: http://support.microsoft.com/default.aspx?scid=kb;en-us;317012
- Enable IIS Admin Service to interact with desktop
To configure this, follow this steps.
a. Open Control Panel and follow these steps:
For Windows NT: click Services.
For Windows 2000, Windows XP, and .NET Server: click Administrative Tools, and then click Services.
b. Double-click IIS Admin Service.
c. On the Log On tab, select the Allow Service to Interact with Desktop check box.
Remember to run IIS Admin Service as a local system.
d. Stop and restart the IIS Admin Service.
Changing the AppPool worked for me.
IIS > Application Pools
Select Advance Setting for the website
Change Identity to LocalSystem
Restart IIS
I had a similar problem, and the ability to access the desktop from the service wasn't the problem. It worked fine when not impersonating another user, but when trying to run the process as a different user it failed.
The first thing to do when it won't start is find out all the information you can about the problem. The first question is whether Process.Start returned true or false. Secondly, did you get any kind of exception when trying to start the process.
Before you can investigate fully it relevant to know whether Process.Start was run using UseShellExecute or not - this has to be false for impersonation, but otherwise you can choose whether to use it and it calls different Win32 functions depending on this setting.
If you're doing a process that needs to run as another user, don't bother trying to use .NET impersonation - the StartInfo username, password, domain are what you need to set. However, under IIS you've got some additional lockdown, and the only solution I found on Windows Server 2008 actually involved some Win32 calls and implementations of abstract security libraries. Many of the scenarios you can run into are outlined here: http://asprosys.blogspot.co.uk/2009/03/perils-and-pitfalls-of-launching.html
The sample code from that page shows how to call the library and add Windows Station and Desktop access to a user before starting a process as that user. This was what I needed to get Process.Start to work from IIS, having ruled out UAC, DEP and any other three letter acronym I could think of ;)
I had tried upper solutions but didn't work for me. What I need was, a command should run via Windows Command Prompt as Administration.
Below the codes that didn't work but need to execute:
Process sysProcess = new Process();
sysProcess.StartInfo.FileName = "cmd.exe";
sysProcess.StartInfo.Verb = "runas";
sysProcess.StartInfo.CreateNoWindow = true;
sysProcess.StartInfo.RedirectStandardInput = true;
sysProcess.StartInfo.RedirectStandardOutput = true;
sysProcess.StartInfo.RedirectStandardError = true;
sysProcess.StartInfo.UseShellExecute = false;
sysProcess.Start();
sysProcess.StandardInput.WriteLine("cal.exe");
sysProcess.StandardInput.Flush();
sysProcess.StandardInput.Close();
//localProcess.WaitForExit();
sysProcess.StandardOutput.ReadToEnd();
Solution:
It was an API project and when I Enable SSL from project's properties and debug tab (see, Image 1 and Image 2).
Image 1:
Visual Studio 2019
Image 2:
Visual Studio 2022
This solution will works on any Web App projects.
If you are application is running windows 7 then you can't. basically services running session 0 and user desktop running session 1 so you can't communicate from session 0 to session 1. even if you try to communicate from win logon process (which is used to start the user session for every new user) you can't get some local information (browser settings like local storaage information)
For me what is working is something like this:
ProcessStartInfo psi = new ProcessStartInfo();
psi.UseShellExecute = true;
psi.LoadUserProfile = true;
psi.WorkingDirectory = sender.Server.MapPath("../");// This line solved my problem
psi.FileName = sender.Server.MapPath("../myexecutable.exe");
psi.Arguments = "Myargument1 Myargument2";
Process.Start(psi);
`
I am developing a small ASP.NET website for online shopping, when testing it out in Visual Studio, everything works fine, however that is no longer the case when I deploy it to IIS.
The problem seems to be in a DLL file that I reference, this DLL file contains the Classes I need to initialize and send query requests to another server that has all the product information. This DLL was originally a Jar file which I converted to DLL using IKVM.
When I deploy the app to IIS, any page that attempts to instantiate an object defined in that DLL fails with a null reference, for example:
Fulfiller fulfiller = new Fulfiller();
string result = fulfiller.initialize("host", port, "user", "pass");
returns this error:
System.NullReferenceException: Object reference not set to an instance
of an object. at Fulfiller.toLog(String ) at
Fulfiller.initialize(String str1, Int32 i, String str2, String str3)
at Orders.createDataSource()
Now again, this works perfectly on the VS development server but breaks in IIS and I don't know why. Is it some sort of coding problem where the DLL is not loaded properly when running on IIS? or is it a problem with IIS maybe blocking the DLL from executing or sending out requests, I'm very desperate to solve this problem
thanks
Usually, when something that works on the dev sever doesn't work on IIS, the problem is authorizations (the VS server runs under your credentials, but IIS runs as "Network Service" or another system user).
For example, I see your code breaks on fulfiller.toLog().
Could it be that the toLog() function is trying to open a log file and that the user impersonated by IIS is not authorized to read or write it?
What is fulfiller.Initialize() doing? Can you post that code?
Clearly you have a fulfiller reference, because you can't pass the constructor without error and then have a null-ref.
I second Loris' answer.
The dev server has your permissions. Assuming you are deploying to Windows Server, or any machine running Active Directory, you should be able to right-click on the directory where the log files are stored and select properties. In the dialog box, there will be a tab labeled Security. If the Network Service user (or IUSR_machinename) is not visible, you will have to add them to the list. Select the user and assign them read and write permissions.
Do not give the IIS user full permissions to your entire application directory. It is a huge security vulnerability, hence the default deployment not giving you the permissions that you currently need.
I have not used IKVM, but I am sure that some IKVM runtime must be installed on the server. Have you checked IKVM on the server?
Hope this helps.