Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: IIS5.1 IIS6 IIS7 ASP.NET .NET IIS , +
Hi,
I have created one website with the following code
 
/* Following code will just access - open 100.20.20.20 Ip with specific credential and allow to access file --- START */
using (System.Diagnostics.Process proc = new System.Diagnostics.Process())
{
proc.StartInfo.FileName = "cmd";
proc.StartInfo.Arguments = @"/c net use \\100.20.20.20\d$ /user:testuser testpwd";
proc.StartInfo.UseShellExecute = false;
proc.Start();
}
/* -END */
/* Following code will try to run exe from the given path */
System.Diagnostics.ProcessStartInfo procStartInfo = new System.Diagnostics.ProcessStartInfo();
procStartInfo.RedirectStandardOutput = true;
procStartInfo.UseShellExecute = false;
procStartInfo.FileName = "notepad";
procStartInfo.Arguments = @"\\100.20.20.20\d$\test\test.txt";
procStartInfo.CreateNoWindow = true;
procStartInfo.Verb = "runas";
using (System.Diagnostics.Process proc = new System.Diagnostics.Process())
{
proc.StartInfo = procStartInfo;
proc.Start();
}
 
When I run above code from visual studion 2010 - asp.net , it is running fine , It's opening notepad - test.txt properly from the given IP address.
 
But when Same application i host on IIS 7.0 then no result , no error , do not know what's happening behind the scene..
 
Tried with the following alternate solution But no luck Frown | :(
 
1) Given Network Service All rights to the default app pool on IIS 7
2) Given full rights to the Virtual Directory for network Service.
3) Given full rights to the folder which contain this test folder.
 
Please help me if anyone know
Thanks in Advance...
Posted 3-Jan-13 1:38am
Edited 3-Jan-13 1:46am
v2
Comments
Zoltán Zörgő at 3-Jan-13 9:25am
   
I am pretty sure your approach is wrong. What exactly do you want to achieve - not with this test, but finally?
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Some approaches:
1) use a thread pool user other than the built-in ones: create a dedicated technical user. It is better for security and other reasons too.
(you could set the pool to load user profile too, there are many advantages of it, for example you can print from asp.net on server side)
2) how to access remote resources
a) if you are in a domain, this technical user can be a domain user, thus cross-server trust is there by default
b) if the technical user is local, forget calling cli, try this one to access remote share: UNCAccess[^]
c) you can impersonate a user only for a portion of the execution: A small C# Class for impersonating a User[^]
3) you can even start process in the name of the impersonated user, see: http://support.microsoft.com/kb/889251[^]
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Can you change the Application pool current user to local system or something that have access to all local system command, actually the problem is that network service can access everything, but it is not able to local system commands like "net user" so you have to change the application pool user.
  Permalink  
Comments
Zoltán Zörgő at 3-Jan-13 9:29am
   
True, but still wrong! Neither local system, nor network service can access remote resources!
Vijay Tanwar at 3-Jan-13 9:42am
   
No, I mean, your application is not able to access the local "net" command when running from IIS. If you can change the application pool user then every thing will work as in development environment. As you already told that when you run the code in visual studio 2010, that time it is opening the file. So This mean Visual studio runs under current user context and it has all privileges to call local cmd commends.
Shailesh vora at 4-Jan-13 0:01am
   
Thanks to give me your valuable time.
 
Can you please tell how to create application pool user who has a full rights to access local(client) resources and assign that pool to my hosted application.
 
Actually I have already used impersonate for different reason so i can not use one more impersonate tag in web.config so that solution i can not use.
Vijay Tanwar at 4-Jan-13 7:11am
   
Shailesh,
Here are the steps to change the User in Application pool.
Expend the IIS Web server node, click on Application Pools, and Right Click on the Application pool(which is being used by your web application)
and select Advanced settings.
Go To Process Model Tab.
Change the Identity to local desktop user
Change Load User Profile to true,
Then Restart the IIS .
Member 10921133 at 3-Jul-14 2:32am
   
Many many thanks to this post and especially to Vijay Tanwar. Have been looking for this for a long time. David BG

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web03 | 2.8.141022.2 | Last Updated 3 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100