Using ASP.Net to launch an application on the SERVER on a specific desktop

Question

Hi All,

I've got a number of utilities that run on the same machine as my IIS webserver.

What I'm trying to do is allow a web page to instantiate an executable. If I use Process.Start() the process launches but obviously as the same user as the webserver so it can't interact with the desktop. For 99% of the apps, this isn't a problem. However, I'd like to be able to run them as if a specific user (only ever me) had launched them.

This is more an attempt to see if this is possible than a serious dev project so I'm more interested in the method than the goal.

Ideally, if I'm logged on to the box (almost always) then it should just run as if i'd followed a shortcut. If not, launching the app and having it attached to my desktop when I log on would be perfect. If it's not possible before user login, i can accept that.

I'm aware of the security considerations but am mitigating them by:

• Website needs authentication + SSL
• List of Apps to launch is configured in a file which cannot be modified remotely (or at all by the web user - read only)
• The box is in a DMZ
• Worst-case, the machine is relatively unimportant and can be re-imaged easily.

I've googled but this seems to be a fairly unusual request so there's not a lot of information except for "Don't think you can do that" - So I thought I'd ask here in the hopes of getting either a) a way to do it or b) a decent explanation of why it can't be done.

If it makes it any simpler, put aside the web aspect - How can I launch a process in another users' security context and attached to their desktop (if they have one)

Thanks in advance for any help and pointers you can provide.

Answer 1

I used a similiar idea to manage running services on my web server before. What you need to do is impersonation of the user. Take a look at my blog where I posted how to do this for services. It should be almost the exactly the same for you.

http://dotnetchris.wordpress.com/2008/09/24/scheduled-task-status-start-stop-of-windows-service/

The machine needs to allow full trust code to run since it uses extern calls but I assume that's obviously not an issue since it's your machine.

Answer 2

If you are not worried about the security issues of this, why not just put

<identity impersonate="true"
      userName="domain\user" 
      password="password" />

In the web.config to change the context of the whole web application

Answer 3

Here is a thought:

Create an aso.net application to update a table that holds information about the applications that need running. So application paths and triggers can be set without loggining to the server.

Then create a windows service to watch this table and run the processes as required? This way you just need to run the service under the account you neeed.

This would be a bit like the scheduler, except the schedules would be in a database table?

One could also use this app to start and stop service as required.

Obviously the asp.net application would need ot be secure.