Executing an EXE from ASP.NET
I'd like to execute an exe from an ASP.NET MVC application. Yes I understand that inherent risks of doing this, but unfortunately I really need to do it.
The EXE is a GUI application, but the arguments I pass it force it to run "silently" where it generates some data into a zip file and then quits.
The code to execute the EXE is as follows -- it runs fine in VS2008 on my develop开发者_JS百科ment box -- but when I test against the actual server (Server 2003 - IIS6), it fails:
ProcessStartInfo psi = new ProcessStartInfo();
psi.FileName = "C:\.....";
psi.Arguments = "-silent -file outFile.zip";
Process proc = new Process();
proc.StartInfo = psi;
proc.Start();
proc.WaitForExit();
log.Debug("Process exited: " + proc.ExitCode);
The exit code is: -532459699, so something obviously went wrong.
I am running the application on the server over an authenticated HTTPS connection (basic authentication), so I thought I'd be able to get around the problem by setting <identity impersonate="true" />
in the Web.config file under the <system.web>
tag. But -- that hasn't worked.
Thanks -- all help is appreciated.
Your web site runs under a restricted user account. Your EXE will run under the same restricted account unless you use impersonation.
Edit: support from Microsoft: http://support.microsoft.com/kb/306158
Better to find out what are the real needs of your exe and give the NetworkService
appropriate rights (on file system, registry ...)
It needs some reverse engineering (use sysinternals processmonitor
) but still you have a high secure system.
Use the Impersonate
functionality of the WindowsIdentity
class in your code only for that operation. You don't want to impersonate a user that has rights to execute arbitrary .exe for the entire application. Make sure you (the caller being impersonated) have rights to run it on the production server.
So the impersonation suggestions were interesting, but ultimately my problem was with my console app itself. It was trying to write some log files to the user's application data directory (even with the -silent
option...), which I wasn't expecting.
Removing those pieces (thus making it adhere to the -silent
command) made everything work perfectly
精彩评论