1

I need to excecute a PowerShell script from a ListEventReceiver under special User credentials. I found the Runspace which is working very fine to excecute scripts but how to make a secure (no passwords in the code) "run as"?

Pipeline

string cmdArg = "C:\\Users\\Administrator\\Documents\\userExist.ps1 " + mailstring;
Runspace runspace = RunspaceFactory.CreateRunspace();
runspace.Open();
Pipeline pipeline = runspace.CreatePipeline();

pipeline.Commands.AddScript(cmdArg);
pipeline.Commands[0].MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output);
Collection<PSObject> results = pipeline.Invoke();
var error = pipeline.Error.ReadToEnd();
runspace.Close();

I read about secure store service but I think it is only for whole services, pages or lists and can't be used for single functions?

Does any one have an idea how to solve this problem?

Stefan
  • 14,530
  • 4
  • 55
  • 62
HW90
  • 1,953
  • 2
  • 21
  • 45
  • 1
    Do you have a compelling reason to not just perform whatever the powershell script does in C# code? Most of what you can do in powershell you can do directly in C#, and within C# privilege escalation is easy enough. – Servy Jun 11 '12 at 13:50
  • @Servy there are huge powershellscripts that already exist, so I would prefer to use them. – HW90 Jun 11 '12 at 15:29
  • As far as storing secrets, the web.config connectionStrings section offers SharePoint code running in the context of a web application one very convenient option. It's designed for connection strings, but ultimately it's just a key/value store with built in encryption. – Jason Weber Jul 31 '12 at 15:50

1 Answers1

0

Regarding running the script under another identity, have you tried RunWithElevatedPrivileges yet? If this doesn't do the trick it might be worth considering granting the application pool's account sufficent permisisons to complete the desired tasks.

Jason Weber
  • 1,472
  • 9
  • 16
  • Yes I already tried to RunWithElevatedPrivileges but with out success. The applications pool account can't get that permissions in ours environment. – HW90 Jun 21 '12 at 06:38
  • It sounds to me as if this boils down to the more generic "how do I run my code as user X?" This post addresses that question: http://stackoverflow.com/questions/1168571/run-code-as-a-different-user-c – Jason Weber Jul 31 '12 at 15:46