问题
I have an asp.net application which uses process.start to call an executable (Graphviz). All works well in my development environment, but when I move to production I'm not able to get the process to run. Here's the details.
I created this simple sub to show the issue.
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
Dim ProcessInfo As ProcessStartInfo
ProcessInfo = New ProcessStartInfo
'ProcessInfo.Domain = "xxxxxxx"
ProcessInfo.UserName = "xxxxxx"
Dim PwdString As String = "xxxxxxx"
Dim newPass As System.Security.SecureString
newPass = New System.Security.SecureString
For Each c As Char In PwdString
newPass.AppendChar(c)
Next c
ProcessInfo.Password = newPass
'ProcessInfo.FileName = """C:\Windows\System32\Notepad.exe"""
'ProcessInfo.FileName = """C:\Test.bat"""
ProcessInfo.FileName = """C:\Program Files (x86)\Graphviz2.30\bin\dot.exe"""
ProcessInfo.Arguments = " -Kdot -Tsvg C:\Test.dot -pC:\Test.svg"
ProcessInfo.RedirectStandardOutput = True
ProcessInfo.UseShellExecute = False
ProcessInfo.CreateNoWindow = True
Dim Process As Process
Process = New Process
Process.StartInfo = ProcessInfo
Process.Start()
'Wait until the process passes back an exit code
Process.WaitForExit()
Try
Dim ProcessResults As String = Process.StandardOutput.ReadToEnd
Output.Text = ProcessResults
Catch ex As Exception
Output.Text = ex.ToString
End Try
End Sub
There are three scenarios here. First, I am testing simply starting notepad. - Development works - Production works (This is the only case that I could get to work in production)
Second I created a simple batch file that opens a doc in notepad. (notepad c:\test.dot)
- Development works
- Production does not work
Third, I have am calling Graphviz's dot.exe. This is what I am trying to get to work in another page.
- Development works
- Production does not work
In all of the cases where production does not work I can reproduce this behavior - If I add an impersonate = true to my web.config, then I do not get any errors back. The page runs as if it was successful.
If I don't add an impersonate config, but do add the credentials to the ProcessInfo object, then the page will again run without error. The process is not started in production, though.
If I do not add the impersonate or ProcessInfo credentials, then I will get an error. This is the error output.
Access is denied
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ComponentModel.Win32Exception: Access is
denied
Source Error:
Line 36: Process = New Process
Line 37: Process.StartInfo = ProcessInfo
Line 38: Process.Start()
Line 39:
Line 40: 'Wait until the process passes back an exit code
Source File: C:\Inetpub\vhosts\leapfrogbi.com\httpdocs\test\ProcessStart.aspx.vb Line: 38
Stack Trace:
[Win32Exception (0x80004005): Access is denied]
System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo) +2161
System.Diagnostics.Process.Start() +150
Test_ProcessStart.Page_Load(Object sender, EventArgs e) in C:\Inetpub\vhosts\leapfrogbi.com\httpdocs\test\ProcessStart.aspx.vb:38
System.Web.UI.Control.OnLoad(EventArgs e) +91
System.Web.UI.Control.LoadRecursive() +74
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2207
I have tried a variety of security related settings. Currently my app pool is running with an identity that is a local administrator. I have also tried adding everyone to the administrators group in an attempt to see if security was the root problem.
Also, I am using Plesk to manage my domain. I have searched extensively for any options that might be affecting this situation, and have found not yet. Again, process start does work in production when making a simple call to start notepad. It is very hard to narrow this down without more verbose logs.
Thank you in advance for any help you can offer. This is driving me nuts.
回答1:
Locate your pool under which your site is run, and see under which user is running.
If you can't do that you can run this code to see the user that your pool is running:
var user = System.Security.Principal.WindowsIdentity.GetCurrent().User;
var userName = user.Translate(typeof(System.Security.Principal.NTAccount));
And then give permission to that user to be able to run these files.
reference: How to find out which account my ASP.NET code is running under?
回答2:
I am not use process, use shell and it is running successful.
Create a batch file that include your command. Don't save the batch in system folder.
In IIS, open setting dialog of the application pool that your web site running on. Set the ID of process pool as "localsystem".
Use shell("path\batchfile") to execute the batch file.
来源:https://stackoverflow.com/questions/15000265/which-permissions-are-required-to-enable-process-start-via-asp-net-application