Calling a batch file in a Web Service using Process object, uses wrong user context.

[Bucky Pollard]

I have a web service that needs to create a batch file and call it (since
there are no APIs for the functionality I am looking for). I am using the
Process and ProcessStartInfo objects. When I try to call the batch file, it
just returns with a return code of 1. When I call cmd.exe, and pass the
batch file as a parameter it hangs. After much frustration and aggrevation,
I found that CMD IS in fact running, but it is running under the context of
ASPNET user. My web service is running under a domain account, dicatated in
the web.config file.

<authentication mode="Windows" />
<!-- Impersonate: Run as the Build ID -->
<identity impersonate="true" userName="domain\myuser" password="mypassword"
/>

All the code in the web service is using this id, except when I create the
process using the Process.Start() function. Even something as simple as
calling Notepad runs the program as the ASPNET user and I cannot see it on
my screen. The program will hang until I kill it in task manager. (I am
calling WaitForExit() ).

Why won't this run under the context I've defined in the web.config? Is
there a way to run this under that ID without using Windows APIs such as
CreateProcessWithLogonW? I've tried many different options, this is what I
currently am trying.

// Now Execute the script
ProcessStartInfo startInfo = new ProcessStartInfo(strBatchFile);
startInfo.WorkingDirectory = m_strWorkFolder;
startInfo.UseShellExecute = true;
startInfo.CreateNoWindow = false;

Process procIa = Process.Start(startInfo);
if ( null == procIa )
{
strError = "Failed to start process: " + strBatFile;
return false;
}

procIa.WaitForExit();
if ( procIa.ExitCode != 0 )
{
return false;
}

TIA.
Bucky Pollard.

 

[Willy Denoyette [MVP]]

Inline

Willy.

I have a web service that needs to create a batch file and call it (since
there are no APIs for the functionality I am looking for). I am using the
Process and ProcessStartInfo objects. When I try to call the batch file,
it
just returns with a return code of 1. When I call cmd.exe, and pass the
batch file as a parameter it hangs. After much frustration and
aggrevation,
I found that CMD IS in fact running, but it is running under the context
of
ASPNET user. My web service is running under a domain account, dicatated
in
the web.config file.

Not sure why it returns an error, all I can say is that the behavior is by
design.
The threads executing the request is impersonating the domain account, but
the process is still running as aspnet, a spawned windows process always
inherits the calling process identity not the callers thread identity, so
your cmd.exe runs as aspnet. If your batch program relies on an interactive
user's context, it's certainly the cause of your problem.

<authentication mode="Windows" />
<!-- Impersonate: Run as the Build ID -->
<identity impersonate="true" userName="domain\myuser"
password="mypassword"
/>

All the code in the web service is using this id, except when I create the
process using the Process.Start() function. Even something as simple as
calling Notepad runs the program as the ASPNET user and I cannot see it on
my screen. The program will hang until I kill it in task manager. (I am
calling WaitForExit() ).

The callers process doesn't run in the "interactive logon" session, that
means it has no access to the interactive desktop (it runs in the context of
asp/IIS). That means that web applications should not start interactive
applications and should not consider the presence of an interactive
user/logon context (that is, no profile is loaded the environment is not a
interactive users environment etc...). When starting batch like non
interactive processes from web applications, you need to make sure that no
(error!?) messages are displayed or that no user action is ever required and
that you don't rely on the presence of a specific user's context
(profile/environment).

Why won't this run under the context I've defined in the web.config? Is
there a way to run this under that ID without using Windows APIs such as
CreateProcessWithLogonW? I've tried many different options, this is what
I
currently am trying.

If your application needs a specific users context, you will have to call
CreateProcessWithLogonW and maybe you will have to load/unload the users
profile.