0

My IIS AppPool runs as a specific domain user, so that my site can access SQL server via Windows authentication. That works well.

But I'm also creating Windows Scheduled tasks dynamically. I can't create these tasks as the IIS App Pool user, as the user is not logged in on the web server and thus the tasks do not run.

With help from this link, I can now create my Scheduled Tasks as the NetworkService user. But when running my app from IIS, it does now quite work so well.

It still creates the tasks, but the task is also trying to log into SQL with Windows Authentication but seems to be using the local System user which does no have Win Auth permissions to SQL.

Are there a way that my Scheduled Task will be able to login to SQL with win auth? (running the task as domain user will not work as the task can only execute if either the user is logged in, or I type in the password which will not be possible).

Or am I completely on the wrong path and I should try something completely different?

My code for creating the task:

using (TaskService ts = new TaskService())
            {
                TaskDefinition td = ts.NewTask();
                td.RegistrationInfo.Description = "My Test";
                td.Principal.Id = "NT AUTHORITY\\NETWORKSERVICE";
                td.Principal.LogonType = TaskLogonType.ServiceAccount;

                td.Triggers.Add(new DailyTrigger {DaysInterval = 1});

                td.Actions.Add(new ExecAction("c:\\mydir\\myjob.exe"));
                td.Settings.AllowDemandStart = task.AllowDemandStart;
                td.Settings.Hidden = task.Hidden;

                ts.RootFolder.RegisterTaskDefinition("My Test", td, 
                      TaskCreation.CreateOrUpdate, "NT AUTHORITY\\NETWORKSERVICE", null, 
                      TaskLogonType.ServiceAccount);
            }
Cameron Castillo
  • 2,712
  • 10
  • 47
  • 77
  • 1
    "c:\mydir\myjob.exe" need escaping or @'ing. SQL Server Agent may be an alternative worth looking at for scheduling jobs. – Alex K. Feb 21 '19 at 12:16
  • You are correct. Question edited. – Cameron Castillo Feb 21 '19 at 12:22
  • SQL Server is indeed another option. Problem is just that it is not available on SQL Express (ito a generic solution). – Cameron Castillo Feb 21 '19 at 12:25
  • Use : Trusted_Connection=True in the connection string which will use the users cedentials. If it is a server then run service as Admin. Make sure all users are put in the windows user group that is used for reading/writing to database. – jdweng Feb 21 '19 at 12:44
  • @jdweng, not sure I understand = which user's credentials will it use? And what "service" should run as admin? – Cameron Castillo Feb 21 '19 at 12:49
  • Scheduled task as set with the credentials of the user who create the Scheduled Task unless an admin sets it to run as Admin. When you open SQL Server Management Studio it will indicate if you are using Windows Credentials and the User Account. Then in the explorer Security/Login will be a list of User Logins that are used by the Service. With Trusted_Connection=True the user that starts the application is the credentials that is used. When the App is set to run as admin the admin credentials are used. – jdweng Feb 21 '19 at 13:06
  • OK, but the Scheduled Task is not set as the user who created the task. It is NetworkService. We can't make that a domain user due to the user nog being logged in. – Cameron Castillo Feb 22 '19 at 07:52

0 Answers0