8

Inside a .NET 3.5 web app running impersonation I am trying to execute a process via:

var process = new Process 
             { StartInfo = 
                    { CreateNoWindow = true, 
                      FileName = "someFileName", 
                      Domain = "someDomain", 
                      Username = "someUserName", 
                      Password = securePassword, 
                      UseShellExecute = false
                    }
             };

process.Start();

-Changing the trust mode to full in web.config did not fix.

-Note the var securePassword is a secureString set up earlier in the code.

This throws an exception with 'Access is Denied' as its message. If I remove the username and password information, the exception goes away, but the process starts as aspnet_wp instead of the user I need it to.

I've seen this issue in multiple forums and never seen a solution provided. Any ideas?

4

6 回答 6

2

You can use ProcessStartInfo which allows you to specify credentials. The trick is that the password is a secure string, so you have to pass it as a byte array.

The code might look something like:

Dim startInfo As New ProcessStartInfo(programName)
        With startInfo
            .Domain = "test.local"
            .WorkingDirectory = My.Application.Info.DirectoryPath
            .UserName = "testuser"
            Dim pwd As New Security.SecureString
            For Each c As Char In "password"
                pwd.AppendChar(c)
            Next
            .Password = pwd

            'If you provide a value for the Password property, the UseShellExecute property must be false, or an InvalidOperationException will be thrown when the Process..::.Start(ProcessStartInfo) method is called. 
            .UseShellExecute = False

            .WindowStyle = ProcessWindowStyle.Hidden
        End With
于 2008-09-23T15:32:25.187 回答
1

不确定是不是这样,但我遇到了一个相关的问题,答案是该帐户无权在机器上模拟。这可以通过使用机器上的本地策略管理器将帐户添加到策略“在身份验证后模拟客户端”来更改。

于 2008-09-24T05:41:24.977 回答
1

我采取了不同的方式,将整个应用程序放在它自己的应用程序池中,以我们最初模拟的用户身份运行。现在,当 asp.net 生成一个新进程时,它会在用户上下文而不是 aspnet_wp 的上下文中生成。不是我发布的问题的确切解决方案,但它适用于我们的情况。

于 2008-09-29T14:17:51.280 回答
0

根据流程要求检查代码访问安全级别。您的 Web 应用程序可能在部分信任设置中运行。Full Trust

从流程 MSDN 页面:

权限

* LinkDemand
对直接调用者的完全信任。部分受信任的代码不能使用此类。

* InheritanceDemand
对继承者的完全信任。此类不能被部分受信任的代码继承。

于 2008-09-23T15:44:52.600 回答
0

I ran into the same problem that you did on a project. There should be a way to spawn a process out of your web app with given credentials, but in practice, it's a kludge at best. What I wound up finally doing was just having the app push information to an MSMQ and having a windows service that popped items of the Queue an serviced the requests.

Even when you appliation is impersonating, it still wants to run under theaspnet user account.

于 2008-09-23T15:26:11.413 回答
0

I wanted to mention that I have tried the code at this site including the updated code mentioned in the comments. This code runs the process as the impersonated identity (which is really all I need), but the redirecting of the standard error fails -- so this link could be useful to those not concerned with dealing with the stderr.

于 2008-09-23T16:22:29.670 回答