问题
Inside a .NET 3.5 web app running impersonation I am trying to execute a process via:
var process = new Process
{ StartInfo =
{ CreateNoWindow = true,
FileName = "someFileName",
Domain = "someDomain",
Username = "someUserName",
Password = securePassword,
UseShellExecute = false
}
};
process.Start();
-Changing the trust mode to full in web.config did not fix.
-Note the var securePassword is a secureString set up earlier in the code.
This throws an exception with 'Access is Denied' as its message. If I remove the username and password information, the exception goes away, but the process starts as aspnet_wp instead of the user I need it to.
I've seen this issue in multiple forums and never seen a solution provided. Any ideas?
回答1:
You can use ProcessStartInfo which allows you to specify credentials. The trick is that the password is a secure string, so you have to pass it as a byte array.
The code might look something like:
Dim startInfo As New ProcessStartInfo(programName)
With startInfo
.Domain = "test.local"
.WorkingDirectory = My.Application.Info.DirectoryPath
.UserName = "testuser"
Dim pwd As New Security.SecureString
For Each c As Char In "password"
pwd.AppendChar(c)
Next
.Password = pwd
'If you provide a value for the Password property, the UseShellExecute property must be false, or an InvalidOperationException will be thrown when the Process..::.Start(ProcessStartInfo) method is called.
.UseShellExecute = False
.WindowStyle = ProcessWindowStyle.Hidden
End With
回答2:
Not sure if this is it, but I had a related problem and the answer was that the account didn't have permission to impersonate on the machine. This can be changed by adding the account to the Policy "Impersonate a client after authentication" using the local policy manager on the machine.
回答3:
I went a different way and put the whole application in its own app-pool running as the user we were originally impersonating. Now, when asp.net spawns a new process, it spawns under the context of the user instead of aspnet_wp. Not the exact solution to the problem I posted, but it worked for our situation.
回答4:
I ran into the same problem that you did on a project. There should be a way to spawn a process out of your web app with given credentials, but in practice, it's a kludge at best. What I wound up finally doing was just having the app push information to an MSMQ and having a windows service that popped items of the Queue an serviced the requests.
Even when you appliation is impersonating, it still wants to run under theaspnet user account.
回答5:
Check the Code Access Security level as Process requires Full Trust. Your web application may be running in a partial trust setting.
From the Process MSDN page:
Permissions
* LinkDemand
for full trust for the immediate caller. This class cannot be used by partially trusted code.
* InheritanceDemand
for full trust for inheritors. This class cannot be inherited by partially trusted code.
回答6:
I wanted to mention that I have tried the code at this site including the updated code mentioned in the comments. This code runs the process as the impersonated identity (which is really all I need), but the redirecting of the standard error fails -- so this link could be useful to those not concerned with dealing with the stderr.
来源:https://stackoverflow.com/questions/121676/starting-a-process-in-c-sharp-with-username-password-throws-access-is-denied