0

I wrote a windows service, that works perfectly. It is call (on Command Prompt) via ChatServer.exe {argument} where the {argument} is a key work such as install, uninstall, start and stop.

The program where this service is require administrative privileges (since it install/uninstall itself). So if i start cmd as administrator "D:\folder\chatserver.exe install" for example, it install the service as it should.

Well, my problem is that on my ASP.net site i wrote a function (below) to start the process, but i get an exception "740" ("the software required privilege elevation") as if i mark the "AsAdmin" argument of my function to "true", i get that "UseShellExecute" can't be true as an exception.

public static int RunProcess(string ApplicationPath, string Parameters = "", bool AsAdmin = false)
{
    try
    {
        global::System.Diagnostics.ProcessStartInfo startInfo = new global::System.Diagnostics.ProcessStartInfo();
        startInfo.UseShellExecute = AsAdmin;
        if (AsAdmin) { startInfo.Verb = "runas"; }
        startInfo.WorkingDirectory = global::System.IO.Path.GetDirectoryName(ApplicationPath);
        startInfo.FileName = ApplicationPath;
        if (!string.IsNullOrEmpty(Parameters)) { startInfo.Arguments = Parameters; }
        startInfo.ErrorDialog = false;
        global::System.Diagnostics.Process process = global::System.Diagnostics.Process.Start(startInfo);
        process.WaitForExit();
        return process.ExitCode;
    }
    catch (global::System.ComponentModel.Win32Exception ex) { return ex.NativeErrorCode; }
    catch { return -1; }
}

What do i do?

Aristos
  • 66,005
  • 16
  • 114
  • 150
SammuelMiranda
  • 420
  • 4
  • 29

3 Answers3

1

Have you tried ProcessStartInfo? It allows you to add specific credentials. Check the example below:

ProcessStartInfo myProcess = new ProcessStartInfo(path);
myProcess.UserName = username;
myProcess.Password = MakeSecureString(password);
myProcess.WorkingDirectory = @"C:\Windows\System32";
myProcess.UseShellExecute = false;
// elevate EDIT
myProcess.Verb = "runas";
Process.Start(myProcess);


private static SecureString MakeSecureString(string text)
{
     SecureString secure = new SecureString();
     foreach (char c in text)
     {
         secure.AppendChar(c);
     }
     return secure;
}

Launch a process under another user's credentials

Community
  • 1
  • 1
Ted
  • 3,985
  • 1
  • 20
  • 33
  • thansk ted! incredible thing that I KNEW, but if forgot! how could i? – SammuelMiranda Sep 29 '16 at 12:51
  • tried and it made a lot of sense, but i still get "Win32Exception", "The Requested operation require elevation" – SammuelMiranda Sep 29 '16 at 12:52
  • @SammuelMiranda - see my edit `myProcess.Verb = "runas";` – Ted Sep 29 '16 at 12:54
  • ok, got it! it worked (even without the verb) when i gave, instead of the user account and password, the admin (windows user admin) and password. I'll keep the verb so i can try it with the user (that is also an admin) – SammuelMiranda Sep 29 '16 at 13:01
1

You can't, and shouldn't want to do this. You don't want to store administrative credentials anywhere near your web application, and you definitely don't want to run your web application under administrative privileges.

One solution is to actually have a "watchdog" Windows Service, running with the appropriate privileges to interact with the Service Control Manager (SCM), which accepts commands through for example WCF on localhost, and let your web application talk to that service which in turn starts or stops the the appropriate service.

That would look like this:

[Web Application] -- WCF --> [Watchdog Service] -- SCM --> [Chat Service]

So your Web Application sends through WCF a StartService("ChatService") command, and then the Watchdog Service starts the ChatService service.

Now only the Watchdog Service has to run under administrative privileges, and to secure the WCF communication to make sure only authenticated applications call it, that's discussed in other questions.

If instead you are trying to develop a self-installing web platform including websites and services, then consider using a proper installer instead of doing it all manually.

CodeCaster
  • 147,647
  • 23
  • 218
  • 272
0

Further to Ted's answer, I would add this:

Microsoft does not recommend calling an .exe from a Web application/site as w3wp.exe runs in a sandboxed environment for security reasons and hence any thread/task/process that it launches is not the same as it would be when you launch it yourself and hence may not work as expected.

You may want to re-code the console applications as ASP.NET Web API, possibly hosted in IIS or in a Windows Service.

IrishChieftain
  • 15,108
  • 7
  • 50
  • 91
  • Irish, thanks for the answer but just to clarify, it IS A WINDOWS SERVICE, the hole point is to make my ASP.net page able to call Start/Stop of that service – SammuelMiranda Sep 29 '16 at 12:53
  • I got schooled once by a MS support engineer on this very issue. Bottom line is that we should not be calling a Windows Service from a Web application. It can be done, but it is not "supported by Microsoft". – IrishChieftain Sep 29 '16 at 13:48