0

I need to execute powershell script using C#.net, so my concern is security in a production environment, is it secured or not to execute a powershell script using C#.net. If not what are the ways to ensure security, also i need to pass parameters dynamically from C#.net code. Any help/suggestion would be great in concern to security about executing powershell script using c#.net.

Thanx in advance

Dev
  • 410
  • 5
  • 23
  • 1
    It depends on the context, a powershell script might be as simple as printing "Hello World" which isn't going to cause any security concerns. What are you trying to secure and what are you worried might be vulnerable? – Ben Robinson Oct 13 '14 at 09:42
  • If you are concerned about PowerShell security you can enforce scripts to be signed with a certificate you trust. This however will not ensure that the script contains the exact commands you expect and consider "secure" - only that the source of the script in general is trustworthy. – Filburt Oct 13 '14 at 09:48
  • Well i'll be using exchange powershell scripts to perform various operations like create a room and stuffs like that. – Dev Oct 13 '14 at 09:58

2 Answers2

1

Apart from Filburt's reply, you can find help on below thread for passing parameters dynamically to your script:

Using C# to execute PowerShell script with command line args using V2 methods

Community
  • 1
  • 1
Nikhil Gaur
  • 1,280
  • 3
  • 19
  • 40
1

on the topic of security:

Whatever you do, DO NOT BLINDLY PARSE USER DATA! If you spent any time on the internet since August, you'll likely have heard about the ShellShock Bash bug which has sysadmins around the world scrambling to update their Bash client because there was a huge potential for unwanted code execution otherwise. User data should never be trusted, EVER!

Before you send any commands involving user data to PowerShell, validate the command. verify it against a whitelist of allowed commands, paths and flags. If it doesn't verify properly, don't execute it. Also check for user privileges so user A cannot affect data from user B. Keep a log of every command that's executed (which you probably need to do through the application), with the exact command that is executed by PS. If possible, run the commands using a user that only has access rights for the correct folder, and only has execute rights for those commands.

Nzall
  • 3,439
  • 5
  • 29
  • 59