开发者

Executing an EXE from ASP.NET

开发者 https://www.devze.com 2023-03-03 00:09 出处:网络
I\'d like to execute an exe from an ASP.NET MVC application. Yes I understand that inherent risks of doing this, but unfortunately I really need to do it.

I'd like to execute an exe from an ASP.NET MVC application. Yes I understand that inherent risks of doing this, but unfortunately I really need to do it.

The EXE is a GUI application, but the arguments I pass it force it to run "silently" where it generates some data into a zip file and then quits.

The code to execute the EXE is as follows -- it runs fine in VS2008 on my develop开发者_JS百科ment box -- but when I test against the actual server (Server 2003 - IIS6), it fails:

        ProcessStartInfo psi = new ProcessStartInfo();
        psi.FileName = "C:\.....";
        psi.Arguments = "-silent -file outFile.zip";

        Process proc = new Process();
        proc.StartInfo = psi;
        proc.Start();

        proc.WaitForExit();
        log.Debug("Process exited: " + proc.ExitCode);

The exit code is: -532459699, so something obviously went wrong.

I am running the application on the server over an authenticated HTTPS connection (basic authentication), so I thought I'd be able to get around the problem by setting <identity impersonate="true" /> in the Web.config file under the <system.web> tag. But -- that hasn't worked.

Thanks -- all help is appreciated.


Your web site runs under a restricted user account. Your EXE will run under the same restricted account unless you use impersonation.

Edit: support from Microsoft: http://support.microsoft.com/kb/306158


Better to find out what are the real needs of your exe and give the NetworkService appropriate rights (on file system, registry ...)

It needs some reverse engineering (use sysinternals processmonitor) but still you have a high secure system.


Use the Impersonate functionality of the WindowsIdentity class in your code only for that operation. You don't want to impersonate a user that has rights to execute arbitrary .exe for the entire application. Make sure you (the caller being impersonated) have rights to run it on the production server.


So the impersonation suggestions were interesting, but ultimately my problem was with my console app itself. It was trying to write some log files to the user's application data directory (even with the -silent option...), which I wasn't expecting.

Removing those pieces (thus making it adhere to the -silent command) made everything work perfectly

0

精彩评论

暂无评论...
验证码 换一张
取 消