Using Windows Authentication with WMI and ASP.NET

[Brian Nicholson]

I'm building a test web application that, when run, will launch calc.exe on
my computer. It seems to work as it appears in Windows Task Manager;
however, the process doesn't actually pop up because it runs as ASPNET rather
than the user I want. When having to run ASP.NET as another user (e.g. when
doing AD queries), I was able to use IIS Windows Authentication and
impersonation. These are still enabled, but they don't seem to be helping.
Here is the method I'm using:

Sub test()

Dim objWMIService, objProcess
Dim strShell, objProgram, strComputer, strExe

strExe = "calc.exe"
' Input Box to get name of machine to run the process
strComputer = "RIC0001994"

' Connect to WMI
objWMIService = GetObject("winmgmts://" _
& strComputer & "/root/cimv2")
' Obtain the Win32_Process class of object.
objProcess = objWMIService.Get("Win32_Process")
objProgram = objProcess.Methods_( _
"Create").InParameters.SpawnInstance_
objProgram.CommandLine = strExe

'Execute the program now at the command line.
strShell = objWMIService.ExecMethod( _
"Win32_Process", "Create", objProgram)

End Sub

Thanks.

 

[John Rivers]

just guessing ...

- did you forget to turn off anonymous access for this page ?

- running as ASPNET in itself would not inhibit user interface
- sounds like it is inheriting the unattended process attribute from
asp.net

- i have successfully used win32/pinvoke to temporarily impersonate
another user - that might help you

 

[bruce barker]

this will never work. iis and asp.net are services and do not have
access to the desktop. thus any application they start will also not
have access to desktop and can not create any windows. asp.net should
only spawn console apps.

-- bruce (sqlwork.com)

 

[Brian Nicholson]

All right -- well thanks for the help. I don't actually need to do that in
my application; I was just assuming that launching it under my account rather
than ASPNET would then open the window as a result; that wasn't my actual
goal. What I am really trying to do is figure out a way to start a process
using WMI under different user credentials. ASP.NET impersonation doesn't
seem to affect launching separate processes, so what's the best way to go
about doing this?

In the end, my final goal is something like this: an admin user will go to
the page and click a button that will connect to WMI and launch a batch file
(located in a shared folder) on a specified computer. This batch file will
then perform a task on the computer it runs on. You can see the problem --
as of now, the batch file is launched with the ASP.NET user which does not
have necessary permissions to perform the intended tasks. Ideally, the same
Windows Authentication used for ASP.NET apps could be used to launch this
batch file so it would have the permissions to perform the necessary
functions.

Thank you.