5

I have an API in mvc4 that call to .exe file via 'Process' class.
This .exe using log4net, and run another .exe that export files to directory and subdirectories. In the end of the process, the .exe post to http API.

Process p = new Process();
p.StartInfo.FileName = ConfigurationManager.AppSettings["ExtractToolPath"];
p.StartInfo.Arguments = this.strcommand;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.UseShellExecute = false;
p.StartInfo.Verb = "runas";
p.StartInfo.RedirectStandardInput = true;
p.Start();
string s = p.StandardOutput.ReadToEnd();
p.WaitForExit();

String 's' returns with "" (blank string).

The s paramter get what was printed to the Console window. And I did a print in the begining of the .exe, therefor I know it even not started the process.

Important: When I remove the log4net logger, the 's' parameters gets some output, but it's failes when tring to do any command that requieres write permissions.

I tried to give the IIS executable permission, and immpersonation with admin username and password. I did my directories 'share' to everyone. Nothing helped.

laxonline
  • 2,657
  • 1
  • 20
  • 37
Megi Ben Nun
  • 405
  • 3
  • 6
  • 20
  • Did you try setting the application pool identity to an administrator? Or giving write permissions on the directory to the application pool identity? – Elad Lachmi Jan 13 '13 at 10:14
  • Thank you, that was my problem!! I gave the site administrator permissions and not the applicaton pool. – Megi Ben Nun Jan 13 '13 at 12:46
  • 1
    Running you application pool with admin privileges is *NOT* recommended. Instead, create a user, give that user permission to the directories you need to write to (and nothing else) and set the application pool to run as that user. See also http://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis – Ian Mercer Jan 15 '13 at 08:13

2 Answers2

11

Did you try setting the application pool identity to an administrator? Or giving write permissions on the directory to the application pool identity?

The credentials used to do the writing are the ones in the application pool identity.

Elad Lachmi
  • 10,406
  • 13
  • 71
  • 133
  • I gave the site administrator permissions and not the applicaton pool. – Megi Ben Nun Jan 15 '13 at 11:00
  • When I gave the application pool permissions as administrator user, it worked! – Megi Ben Nun Jan 15 '13 at 11:01
  • 1
    I've set application pool identity as Administrator, but it didn't work. My application throw "Access Denied" exception message. While in developing, it did as I expected (I used run as Administrator for running Visual Studio). – iroel Feb 05 '14 at 00:12
  • Works on me !, im trying to run vbscript to manipulate AD related operations. Thank you – Ryan Aquino Apr 26 '20 at 04:32
0

I had a similar context when an ASP.NET Core application deployed on IIS had to start a process (with some parameters) from Program Files (clearly outside web application folder) which output data in some directory within a user profile (also, outside web application folder).

When run from command prompt, the command required elevation (User Account Control).

In order to make it run from IIS:

  • IIS AppPool\YourPool had to be able to write into output directory
  • I have created a bat file within Web application directory that contained the command to be issued
  • IIS AppPool\YourPool was not included within Administrators user group

This was tested on a Windows 7 x64.

Alexei - check Codidact
  • 22,016
  • 16
  • 145
  • 164