I need to run one console application from ASP.NET application using Administrator account and with Desktop interaction enabled. I have tried code below, console app runs ok but within NETWORK SERVICE account. Any ideas how to run console under Administrator account?
string enginePath = Server.MapPath(#"~/engine/MyConsole.exe");
System.Diagnostics.ProcessStartInfo info = new System.Diagnostics.ProcessStartInfo(enginePath, "");
System.Diagnostics.Process p = System.Diagnostics.Process.Start(info);
p.WaitForExit();
Regards,
Tomas
you could use impersonation, there is an example here
personally i dont like impersonation in asp.net, you need to deal with passwords either not being changed or changing them in code. Is there no way to run what you want as the asp.net user?
edit:
You could acyually impersonate the network service by using "NETWORK SERVICE" as the user name, that would at least allieviate the password issues a little,
Another user already suggested impersonation. If that's good enough, there you go. Like he said, though, there are some maintenance headaches to deal with and some security implications.
Some options that I've used in the past which may or may not be applicable in your situation are:
If the task is on a predictable schedule, just add it to the Scheduled Tasks in Windows, set the appropriate worker account (Administrator, or whatever), and let 'er go. I believe there are also ways to programmatically trigger a scheduled task, but I've never had to do that. A Google search should get you going.
Implement the console app logic as a service running under the appropriate account. Then have the service listen for a "trigger" from your web app--a file drop or something simpler.
Either way the idea is to avoid storing any credientials in your ASP page, and to not have to grant that process rights it doesn't need.
You can use a manifest file and built it into your console application that will instruct it to always run under an admin account. See this example.
If this doesn't work for you then you could try passing in Admin account credentials in the ProcessStartInfo property e.g.
string enginePath = Server.MapPath(#"~/engine/MyConsole.exe");
System.Diagnostics.ProcessStartInfo info = new System.Diagnostics.ProcessStartInfo(enginePath, "");
info.UserName = "Administrator";
info.Password = "Password";
System.Diagnostics.Process p = System.Diagnostics.Process.Start(info); p.WaitForExit();
Related
I have used the techniques in the RealmTask tutorial (https://realm.io/docs/tutorials/realmtasks/ ) to get a demonstration of synchronisation with the Realm Object Server working. However, as mentioned in realm mobile platform, how to connect while offline? , it is difficult to find design guidelines on realising a robust app in the presence of intermittent network connectivity. For example, the network might not be available when the app is first run, and in the tutorial example I think the login attempt would just time out after say 30 seconds.
From various sources, I have tried to outline an implementation approach on the client and have come up with the following:
=============================================================
At start-up of app
Create login credentials with
SyncCredentials.usernamePassword()
Check whether user credentials already exist using
SyncUser.all
If so, get the correct user using the appropriate key (UserId)
If a user is obtained, get the Realm configuration using
realmConfiguration = Realm.Configuration(SyncConfiguration(user, realmURL))
Attempt a log-in with
SyncUser.logIn with SyncCredentials
On completion, put the following on the main DispatchQueue (async)
realmConfiguration = Realm.Configuration(SyncConfiguration(user, realmURL))
if not logged in, repeat login attempts every N minutes until successful? E.g. to handle the situation when the network is unavailable when the app is started, but then becomes available?
Launch the rest of the app, making realmConfiguration available.
However, only access the Realm if realmConfiguration has been set up. Design the app so that it handles the scenario of realmConfiguration not being set up.
=============================================================
Is the above approach sensible, or is there a better solution?
Katsumi from Realm here. Our RealmTasks demo application may help you.
https://github.com/realm-demos/realm-tasks/tree/master/RealmTasks%20Apple
First, check whether the user has logged in or not at launched the app.
if configureDefaultRealm() {
window?.rootViewController = ContainerViewController()
window?.makeKeyAndVisible()
} else {
window?.rootViewController = UIViewController()
window?.makeKeyAndVisible()
logIn(animated: false)
}
https://github.com/realm-demos/realm-tasks/blob/master/RealmTasks%20Apple/RealmTasks%20iOS/AppDelegate.swift#L35
If the user has been logged in before, you can use user object that was cached before. (SyncUser.current or SyncUser.all)
If there is no cached user object (The user is the first time to use the app, or the user re-installs the app), show login view to signing up/in.
The former case (Use the cached user object) doesn't require network access, so you don't need to care about the offline situation.
The latter case (The user should signing up/in) requires network access, in that case, the best practice depends on the specification of the app. It is enough to show a just alert view that indicates requiring network for some apps, or use standalone Realm and then migrate synced realm after the app will be online.
I have a Web API application that needs to run a Python script which in turn runs a Perl script:) does some otehr stuff and get the output results from it.
The way I do this is with starting a Process:
var start = new ProcessStartInfo()
{
FileName = _pythonPath, //#"C:\Python27\python.exe",
Arguments = arguments, //#"D:\apps\scripts\Process.py
UseShellExecute = false,
RedirectStandardOutput = true,
RedirectStandardError = true
};
using (Process process = Process.Start(start))
{
using (StreamReader reader = process.StandardOutput)
{
var result = reader.ReadToEnd();
var err = process.StandardError.ReadToEnd();
process.WaitForExit();
return result;
}
}
The script inside tries to connect to Perforce server using P4 Python API and then Perl script call a P4 command as well. When running this code from Console application, everything goes fine. The program automatically gets the Perforce settings (I've got a P4V client with all the settings specified). But when running from ASP.NET Web API, it doesn't get the settigns and says that it cannot conenct to perforce:1666 server (I guess this is the standard value when no settign specified).
I do understand that not so many people use Perforce, especially in such way and can help here, but would like to know what is the difference between running this script from Console app and Web API app that mich cause this different behaviour.
One of the most obvious differences between running code from a console application and running code in IIS* is that, usually, the two pieces of code will be running under different user accounts.
Frequently, if you're experiencing issues where code works in one of those situations and not the other, it's a permissions or a per-user-settings issue. You can verify whether this is the case by either running the console application under the same user account that is configured for the appropriate IIS application pool, or vice verse, configure the application pool to use your own user account, and then see whether the problem persists.
If you've confirmed that it's a permissions issue and/or per-user-settings, then you need to decide how you want to fix it. I'd usually recommend not running IIS application pools under your own user account - if you cannot seem to get the correct settings configured for the existing application pool user, I'd usually recommend creating a separate user account (either locally on the machine or as part of your domain, depending on what's required) and giving it just the permissions/settings that it requires to do the job.
*IIS Express being the exception here because it doesn't do application pools and the code does end up running under your own user account.
I want to use SDelete after some code is run on an asp.net page. SDelete is a command line tool. My specific question is has anyone been able to run this SDelete from an asp.net page? More generic question would be, how do you run a command line utility from an asp.net page?
thanks
You can run a command line utility using the Process Class
Process myProcess = new Process();
myProcess.StartInfo.UseShellExecute = false;
// You can start any process, HelloWorld is a do-nothing example.
myProcess.StartInfo.FileName = "C:\\HelloWorld.exe";
myProcess.StartInfo.CreateNoWindow = true;
myProcess.Start();
One more example closer to asp.net, that I wait to end, and read the output.
Process compiler = new Process();
compiler.StartInfo.FileName = "c:\\hello.exe";
compiler.StartInfo.StandardOutputEncoding = System.Text.Encoding.UTF8;
compiler.StartInfo.UseShellExecute = false;
compiler.StartInfo.CreateNoWindow = false;
compiler.StartInfo.RedirectStandardError = true;
compiler.StartInfo.RedirectStandardOutput = true;
compiler.StartInfo.RedirectStandardInput = true;
// here I run it
compiler.Start();
compiler.StandardInput.Flush();
compiler.StandardInput.Close();
// here I get the output
string cReadOutput = compiler.StandardOutput.ReadToEnd();
compiler.WaitForExit();
compiler.Close();
Aristos' answer will work in cases where user privs are in order and the SysInternals EULA is acknowledged. By that, I mean the sdelete.exe utility from SysInternals will be run under the Asp.Net account assigned in IIS. If that account doesn't have the proper permissions and hasn't accepted the popup EULA, the file isn't deleted. I'm facing that very issue right now.
You can specify the domain/user/password used to run the process. That is outlined here:
http://social.msdn.microsoft.com/Forums/hu-HU/netfxbcl/thread/70b2419e-cb1a-4678-b2ae-cedcfe08d06f
The author of that thread had similar problems, which he cleared up by changing the ownership of the sdelete.exe file.
This thread also has some information about logging in as the user used to execute the process and accepting the SysInternals EULA:
sdelete.exe is not working with cfexecute
However that isn't feasible if you plan on using the built-in Asp.Net system accounts since those user accounts don't allow typ login. I may be forced to create a separate user that I can login with and accept the EULA, then specify those credentials to run the process. Unfort in my case, though, I may not have the option of creating users on my production server.
There are ways to force the EULA accept with a command line param, or a simple registry entry. But I think that only works for "regular" users--not the built in system users.
I am currently working on an ASP.NET application in VB.NET and one of its functions is to use the Windows Task Scheduler. The application will need pretty much full control over this as it needs to Create, Modify, Delete and Run tasks.
I found this library to help with the whole thing and it works well but only locally on my Windows XP machine. As soon as I deploy the application to IIS6 on Windows Server 2003 and access pages that use my Scheduler object I get the following error.
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
I have looked for various solutions on the net that include giving specific users (and even Everyone) permissions to %windir%\Tasks using CACLS which didn't work and also using impersonation and adding the IUSER to the Backup Operations User Group which won't work as the Application MUST use Windows Integrated Authentication.
One thing that is confusing me about the whole situation is that the User I am logged in as when testing the application can quite happily remote desktop and login to the server and muck about with the Task Scheduler. Also, if I run the application locally in Visual Studio (still under the same User) and point the application at the Task Scheduler of the server it works fine. Further to this, If I run the application from the server and point it at my local Task Scheduler I get the same "Access Denied" error. All of that makes me think it is not a Task Scheduler permissions thingy but something to do with permissions on some components that the Task Scheduler Library is trying to use.
Does any one know what I could do to resolve this or even just a pointer in the right direction as this has been driving me crazy for over a day now. I must say I am a bit of a newbie when it comes to IIS Issues, Impersonation and Windows Server Security.
Thank you very much
Hey there i kno i may be late what you can do is either set the task to run under the NT AUTHORITY\SYSTEM for that use this
(C#)
string NULL = null ;
task.SetAccountInformation("", NULL);
and to set it for the current user give the username
string username = "your xp username";
or
string username = System.Security.Principal.WindowsIdentity.GetCurrent().Name ;
string NULL = null ;
task.SetAccountInformation(username, NULL);
that will work for you i hope !!!! and let me know how it was !!!
I have an admin account for my website where I add new clients. When a new client is added, they get an account and their own database.
The problem is I can't create new databases on my server from my admin account. When running it locally, I can add a database locally. But, when I try adding to the server running my website off the server, I get
CREATE DATABASE permission denied in database 'master'.
I've been able to add the database (locally) a few ways. This is one of the simpler working versions:
tmpConn.ConnectionString = "Data Source=.\\SQLEXPRESS; DATABASE = master;Integrated Security=True;";
sqlCreateDBQuery = " CREATE DATABASE " + dbname;
SqlCommand myCommand = new SqlCommand(sqlCreateDBQuery, tmpConn);
try
{
tmpConn.Open();
myCommand.ExecuteNonQuery();
}
catch (System.Exception ex)
{}
I suspect that whatever account you're using to connect to Sql Server doesn't have permissions to CREATE DATABASE. You're probably using Integrated Security, which would use Network Service/ASP.NET to connect to MSSQL. You need to create a new connection string that uses Sql Authentication with sa (or another sysadmin) credentials.
Oh - and this would work locally because you're running it under Visual Studio's WebDev.exe which is run with your local user account - which is probably set up as a sysadmin in MSSQL.
You should contact your service provider. (Or the maintainer of the server).
You need create database and create database user permissions. Your service provider should be able to facilitate this.
Something else no one has suggested is what kind of validation you are doing on the dbname value. Are you sure there are no spaces in it? That it's not a reserved word? That it doesn't contain malicious code? At very least you should encase it in brackets:
sqlCreateDBQuery = String.Format(" CREATE DATABASE [{0}]", dbname);
I really hope you aren't allowing the user to type this name directly into a textbox somewhere. Even if you use property security on the initial input and this is pulled back from a common "clients" db of some kind, you might be setting yourself up for a 2nd order Sql Injection vulnerability.
After you've addressed that, we can look at the error message here. In this case, the problem is that your web user does not have appropriate CREATE permissions. You need to correct that and it should allow you to proceed. You probably want to reserve a special account for this that you switch to just at this time, so your application doesn't normally run in a context that would allow this kind of action.
Check the permissions for MySQL: Does your admin account have different settings for a local connection versus any host?