0

I have a powershell script file called Script1.ps1 And I execute it from a web application in ASP.NET with the following code:

 process.StartInfo.FileName = @"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe";
 process.StartInfo.Arguments = $"-File \"{ScriptNameOne}\" \"{param1}\"  \"{param2}\" \"{param3}\"";
 process.StartInfo.UseShellExecute = true;
 process.Start();

The problem is when I deploy my web app in IIS the process doesn't start.
I don't get any error, just my powershell doens't run.

the code works fine in my IIS express from visual Studio, because my user in the computer is executing all the process, so I have permissions to every source in the machine.

Important: I need to execute this powershell script LOCALLY IN THE SERVER WHERE THE SITE IS.

I know that is user/permissions Issue, so... In IIS, which permissions do I need? What of all IIS users should I use? Do I need give permissions in the folder where the powershell.exe is?

Liz Bundy
  • 13
  • 3
  • 1) Whatever you did in PowerShell can be rewritten in pure C# in most cases, so that you can better debug the logic. 2) If you plan to stick to PowerShell, keep in mind the code is executed differently on IIS, https://blog.lextudio.com/web-application-differences-in-visual-studio-and-iis-60fec7e311b3 so your experience with IIS Express won't apply. – Lex Li Jun 25 '21 at 06:30

2 Answers2

0

ASP.NET Web page and server control code executes in the context of the ASP.NET worker process on the Web server. If you use the Start method in an ASP.NET Web page or server control, the new process executes on the Web server with restricted permissions. The process does not start in the same context as the client browser, and does not have access to the user desktop.

  • Give permission for ASP.NET worker process account to interact with desktop or allow ASP.NET worker process to run in SYSTEM account.

To know how to allow worker process to run in SYSTEM account and to know the default permissions of ASPNET account, check this article INFO: Process and Request Identity in ASP.NET: http://support.microsoft.com/default.aspx?scid=kb;en-us;317012

  • Enable IIS Admin Service to interact with desktop To configure this, follow this steps.

a. Open Control Panel and follow these steps: For Windows NT: click Services. For Windows 2000, Windows XP, and .NET Server: click Administrative Tools, and then click Services.

b. Double-click IIS Admin Service.

c. On the Log On tab, select the Allow Service to Interact with Desktop check box. Remember to run IIS Admin Service as a local system. d. Stop and restart the IIS Admin Service.

More infor about this question you can refer to this link: https://stackoverflow.com/a/4679686/13336642.

samwu
  • 3,857
  • 3
  • 11
  • 25
0

WHAT WORKED FOR ME:

  1. Right click the directory where the .EXE file is and select Properties
  2. Select the Security tab
  3. Click the Edit button and then Add button
  4. Click the Locations button and make sure that you select your computer
  5. Enter IIS AppPool<appoolname> (eg: IIS AppPool\DefaultAppPool)

https://support.pkware.com/home/smar/latest/sem-knowledge-base/kb-granting-folder-permissions-to-iis-application-pools

Liz Bundy
  • 13
  • 3