24

When I run System.Diagnostics.Process.Start from my console application it works but the same code when I run from my web service hosted in IIS doesn't work.

Is it some thing to do with ASP.Net privileges?? if yes how can I configure it from my C# code.

Rahul Tripathi
  • 168,305
  • 31
  • 280
  • 331
BreakHead
  • 10,480
  • 36
  • 112
  • 165
  • This answer was what solved it for me, without needing to mess with IIS: https://stackoverflow.com/a/43610982/6479268 – Thor Jun 30 '18 at 15:02

6 Answers6

21

ASP.NET Web page and server control code executes in the context of the ASP.NET worker process on the Web server. If you use the Start method in an ASP.NET Web page or server control, the new process executes on the Web server with restricted permissions. The process does not start in the same context as the client browser, and does not have access to the user desktop. http://msdn.microsoft.com/en-us/library/0w4h05yb.aspx

- Give permission for ASP.NET worker process account

to interact with desktop or allow ASP.NET worker process to run in SYSTEM account.

- Enable IIS Admin Service to interact with desktop

To configure this, follow this steps.

  • a. Open Control Panel and follow these steps: For Windows NT: click Services. For Windows 2000, Windows XP, and .NET Server: click Administrative Tools, and then click Services.

  • b. Double-click IIS Admin Service.

  • c. On the Log On tab, select the Allow Service to Interact with Desktop check box. Remember to run IIS Admin Service as a local system.
  • d. Stop and restart the IIS Admin Service.
Tim Schmelter
  • 450,073
  • 74
  • 686
  • 939
  • I followed your instruction but I however cannot run exe on Windows server. Is there any way to log error issue since there is no exception for not starting exe. – embarus Jun 25 '12 at 12:17
  • 2
    _the new process executes on the Web server with restricted permissions_ ok. but under which account ? what does the word "restricted" represents ? – Royi Namir Dec 28 '12 at 09:50
  • I did changes prescribed by Tim Schmelter and Ravi Ram. Don't know which one worked. Don't forget to restart IIS. like iisreset /noforce – Pratap Singh Mehra Jun 09 '20 at 12:55
8

Changing the AppPool worked for me.

  1. IIS > Application Pools
  2. Select Advance Setting for the website
  3. Change Identity to LocalSystem
  4. Restart IIS

enter image description here

Ravi Ram
  • 24,078
  • 21
  • 82
  • 113
2

I had a similar problem, and the ability to access the desktop from the service wasn't the problem. It worked fine when not impersonating another user, but when trying to run the process as a different user it failed. The first thing to do when it won't start is find out all the information you can about the problem. The first question is whether Process.Start returned true or false. Secondly, did you get any kind of exception when trying to start the process.

Before you can investigate fully it relevant to know whether Process.Start was run using UseShellExecute or not - this has to be false for impersonation, but otherwise you can choose whether to use it and it calls different Win32 functions depending on this setting.

If you're doing a process that needs to run as another user, don't bother trying to use .NET impersonation - the StartInfo username, password, domain are what you need to set. However, under IIS you've got some additional lockdown, and the only solution I found on Windows Server 2008 actually involved some Win32 calls and implementations of abstract security libraries. Many of the scenarios you can run into are outlined here: http://asprosys.blogspot.co.uk/2009/03/perils-and-pitfalls-of-launching.html

The sample code from that page shows how to call the library and add Windows Station and Desktop access to a user before starting a process as that user. This was what I needed to get Process.Start to work from IIS, having ruled out UAC, DEP and any other three letter acronym I could think of ;)

David Burton
  • 1,130
  • 10
  • 12
2

I had tried upper solutions but didn't work for me. What I need was, a command should run via Windows Command Prompt as Administration. Below the codes that didn't work but need to execute:

Process sysProcess = new Process();
sysProcess.StartInfo.FileName = "cmd.exe";
sysProcess.StartInfo.Verb = "runas";
sysProcess.StartInfo.CreateNoWindow = true;
sysProcess.StartInfo.RedirectStandardInput = true;
sysProcess.StartInfo.RedirectStandardOutput = true;
sysProcess.StartInfo.RedirectStandardError = true;
sysProcess.StartInfo.UseShellExecute = false;
sysProcess.Start();
sysProcess.StandardInput.WriteLine("cal.exe");
sysProcess.StandardInput.Flush();
sysProcess.StandardInput.Close();
//localProcess.WaitForExit();
sysProcess.StandardOutput.ReadToEnd();

Solution: It was an API project and when I Enable SSL from project's properties and debug tab (see, Image 1 and Image 2).

Image 1: Visual Studio 2019 enter image description here

Image 2: Visual Studio 2022 enter image description here

This solution will works on any Web App projects.

Akter
  • 87
  • 7
0

If you are application is running windows 7 then you can't. basically services running session 0 and user desktop running session 1 so you can't communicate from session 0 to session 1. even if you try to communicate from win logon process (which is used to start the user session for every new user) you can't get some local information (browser settings like local storaage information)

hemachandran
  • 23
  • 1
  • 8
-2

For me what is working is something like this:

ProcessStartInfo psi = new ProcessStartInfo();
psi.UseShellExecute = true;
psi.LoadUserProfile = true;
psi.WorkingDirectory = sender.Server.MapPath("../");// This line solved my problem
psi.FileName = sender.Server.MapPath("../myexecutable.exe");
psi.Arguments = "Myargument1 Myargument2";
Process.Start(psi);

`

Petter Friberg
  • 21,252
  • 9
  • 60
  • 109
Francis Pires
  • 15
  • 4