Click here to Skip to main content
15,868,000 members
Please Sign up or sign in to vote.
5.00/5 (1 vote)
Hi,
I have created one website with the following code

/* Following code will just access - open 100.20.20.20 Ip with specific credential and allow to access file --- START */
using (System.Diagnostics.Process proc = new System.Diagnostics.Process())
{
proc.StartInfo.FileName = "cmd";
proc.StartInfo.Arguments = @"/c net use \\100.20.20.20\d$ /user:testuser testpwd";
proc.StartInfo.UseShellExecute = false;
proc.Start();
}
/* -END */
/* Following code will try to run exe from the given path */
System.Diagnostics.ProcessStartInfo procStartInfo = new System.Diagnostics.ProcessStartInfo();
procStartInfo.RedirectStandardOutput = true;
procStartInfo.UseShellExecute = false;
procStartInfo.FileName = "notepad";
procStartInfo.Arguments = @"\\100.20.20.20\d$\test\test.txt";
procStartInfo.CreateNoWindow = true;
procStartInfo.Verb = "runas";
using (System.Diagnostics.Process proc = new System.Diagnostics.Process())
{
proc.StartInfo = procStartInfo;
proc.Start();
}

When I run above code from visual studion 2010 - asp.net , it is running fine , It's opening notepad - test.txt properly from the given IP address.

But when Same application i host on IIS 7.0 then no result , no error , do not know what's happening behind the scene..

Tried with the following alternate solution But no luck :(.

1) Given Network Service All rights to the default app pool on IIS 7
2) Given full rights to the Virtual Directory for network Service.
3) Given full rights to the folder which contain this test folder.

Please help me if anyone know
Thanks in Advance...
Posted
Updated 3-Jan-13 1:46am
v2
Comments
Zoltán Zörgő 3-Jan-13 9:25am    
I am pretty sure your approach is wrong. What exactly do you want to achieve - not with this test, but finally?

Some approaches:
1) use a thread pool user other than the built-in ones: create a dedicated technical user. It is better for security and other reasons too.
(you could set the pool to load user profile too, there are many advantages of it, for example you can print from asp.net on server side)
2) how to access remote resources
a) if you are in a domain, this technical user can be a domain user, thus cross-server trust is there by default
b) if the technical user is local, forget calling cli, try this one to access remote share: UNCAccess[^]
c) you can impersonate a user only for a portion of the execution: A small C# Class for impersonating a User[^]
3) you can even start process in the name of the impersonated user, see: http://support.microsoft.com/kb/889251[^]
 
Share this answer
 
Can you change the Application pool current user to local system or something that have access to all local system command, actually the problem is that network service can access everything, but it is not able to local system commands like "net user" so you have to change the application pool user.
 
Share this answer
 
Comments
Zoltán Zörgő 3-Jan-13 9:29am    
True, but still wrong! Neither local system, nor network service can access remote resources!
Vijay Tanwar 3-Jan-13 9:42am    
No, I mean, your application is not able to access the local "net" command when running from IIS. If you can change the application pool user then every thing will work as in development environment. As you already told that when you run the code in visual studio 2010, that time it is opening the file. So This mean Visual studio runs under current user context and it has all privileges to call local cmd commends.
Shailesh vora 4-Jan-13 0:01am    
Thanks to give me your valuable time.

Can you please tell how to create application pool user who has a full rights to access local(client) resources and assign that pool to my hosted application.

Actually I have already used impersonate for different reason so i can not use one more impersonate tag in web.config so that solution i can not use.
Vijay Tanwar 4-Jan-13 7:11am    
Shailesh,
Here are the steps to change the User in Application pool.
Expend the IIS Web server node, click on Application Pools, and Right Click on the Application pool(which is being used by your web application)
and select Advanced settings.
Go To Process Model Tab.
Change the Identity to local desktop user
Change Load User Profile to true,
Then Restart the IIS .
Member 10921133 3-Jul-14 2:32am    
Many many thanks to this post and especially to Vijay Tanwar. Have been looking for this for a long time. David BG

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS


CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900