I have to do an IIS module that blocks access to users who don't have a certificate from a certain CA. I did a CTL - certificate trust list. I tested it using netsh http add sslcert ip.... and it works. Now all i have to do is implement the call of netsh i开发者_JAVA技巧n the c# class library. I tryed to use:
Process pnet = new Process();
pnet.StartInfo.FileName = "netsh";
pnet.StartInfo.Arguments = "http delete sslcert ipport=0.0.0.0:443";
pnet.StartInfo.UseShellExecute = false;
pnet.StartInfo.CreateNoWindow = true;
pnet.Start();
pnet.Close();
This works in a C# console application, but in the C# library class, doesn't start.
namespace IISproject
{
public class MyModule : IHttpModule
{
#region IHttpModule Members
public void Dispose()
{
}
public void Init(HttpApplication context)
{
context.PreRequestHandlerExecute += new EventHandler(OnPreRequestHandlerExecute);
}
#endregion
public void OnPreRequestHandlerExecute(Object source, EventArgs e)
{
HttpApplication app = (HttpApplication)source;
HttpRequest request = app.Context.Request;
if (!String.IsNullOrEmpty(request.Headers["Referer"]))
{
throw new HttpException(403,
"Uh-uh!");
}
Process pnet = new Process();
pnet.StartInfo.FileName = "netsh";
pnet.StartInfo.Arguments = "http delete sslcert ipport=0.0.0.0:443";
pnet.StartInfo.UseShellExecute = false;
pnet.StartInfo.CreateNoWindow = true;
pnet.Start();
pnet.Close();
}
}
What am i doing wrong?10x
The first suspect in these kinds of situations in my book, absent details, is some sort of path issue. Try fully qualifying the command path and see if it works any better.
pnet.StartInfo.FileName = Environment.SystemDirectory + @"\netsh.exe"; // or something like that
I would be cautious about the general pattern of invoking an external command this way, though, but since you are providing both the file name and its arguments, it should be a reasonably safe thing to do. If you have the time, and haven't done so already, you might want to look into if there is an API to do what you want. Chances are there is; netsh
probably isn't magic
.
What am i doing wrong?10x
I'd say: you are not caring for security enough. Obviously IIS will not spawn any odd application. You need to run it in an application pool configured to run as a user with permissions to launch that process.
You might get mileage out of windows integrated authentication; that way the user logging into the web-server will implicitely determine the permissions with which the process is launched.
That said, you will be much better of emplying a native API (ADSI, WMI?) to achieve the goal
精彩评论