问题
I am building an asp.net mvc application which will operate as a wrapper for a number of powershell scripts we've written to manage day to day tasks (with the end goal of making it easy for a non technical person to use the scripts).
I've managed to get the scripts executing nicely:
var ctx = System.Web.HttpContext.Current;
var file = ctx.Server.MapPath("~/Content/Powershell/psStoreLive.ps1"); #activate a store
var shell = PowerShell.Create();
shell.AddCommand(file);
shell.AddArgument(o.DBName); # which store should we activate
var results = shell.Invoke(); # and then process the results....display output of script
The problem is that the scripts are being executed as IIS_USR (or similar).
I need to find a way to get the IIS server to execute the scripts as the current logged in user ( using Windows Authentication ( <authentication mode="Windows" /> ) ).
I've seen http://stackoverflow.com/questions/10837377/loginview-and-passing-credentials-to-powershell and, while that looks like it will maybe work, I am not satisfied with the idea.
It seems to me that I should be able to do this with some C# code, as in the code-block above, but I've been unable to turn up anything with my searches that will do it.
How can I create a powershell environment in C# that will execute as a logged-in user (I'd settle for even re-asking for credentials, if necessary)
Thanks
Edit 1
I have looked at the PSCredential object, and that seems to be the right kind of thing, but I still can't figure out how I might plug it into a session overall (lots of info about using it as a parameter to a cmdlet that requires a credential)
回答1:
I have an ASP.NET site that needs rights to a share to run EXEs and .BAT Files.
This example is using application pool and a local account, you can use a domain account as well.
- Create a local account on the server (make it an admin on the server)
- Give that account full rights to the folder where the powershell script it.
- Create a new IIS Pool and set the account to run under this new local account
- Change your site in IIS to use this new pool
回答2:
Although you might be able to do this, the security implications are not very nice.
For a similar requirement we have created a service layer that handles incoming requests to run a script or command and stores them for a client to pull them of the queue and execute them.
The client could be either a windows service or just a script running on the machine.
There is a very good reason that a web application does not have access to local resources on the computer or network where it is running.
If you want to do it anyway, just configure the application pool to use a different identity as suggested above.
来源:https://stackoverflow.com/questions/26661170/asp-net-application-executing-powershell-scripts-as-iis-usr