Why can't my ASP.NET web service kick off a process, but my .NET console app can?

Question

This is code from a class library:

proc.StartInfo = new ProcessStartInfo(CmdPath, "+an -b");
proc.StartInfo.RedirectStandardOutput = true;
proc.StartInfo.CreateNoWindow = true;
proc.StartInfo.UseShellExecute = false;
proc.Start();
proc.WaitForExit();

This works perfectly as I would expect when called from a console test app. When I take the same library and call the method from an ASP .NET web service it just hangs.

Is there something I am missing here, perhaps permissions? The ASPNET service has access to the folder where the EXE is, and I see it running in Task Manager, though it isn't doing anything.

If anyone could tell me what I'm doing wrong, I would appreciate it. Thanks.

EDIT: Sorry for the lack of information. CmdPath goes to the command line interface for our scheduling software. I'm passing in commands based on the documentation they provided. I have one method to get a list of jobs, and another method to run a job. ...hmm idea. The client normally uses Active Directory to login, I think impersonation is going to be necessary. Going to test now.

EDIT 2: Ok, now the client is blowing up with AccessViolation issues. This is obviously a permissions thing. If the software uses integrated AD authorization, and I impersonate my AD account, will that be sufficient? I'm doing impersonation using the tag in web.config.

Answer 1

The ASP.Net user account probably doesn't have permissions to execute. Can you give a bit more information as to why you are trying to do this as there may be a better way of doing it.

Answer 2

When you redirect standard output don't you need to use ReadToEnd to read the response from StandardOutput?

Answer 3

I think you will face a lot of problems launching an executable server side using the ASPNET identity, have you tried impersonating an identity with appropriate priveleges (this does work btw), but again launching an executable on the server side is probably not a good idea to begin with.

Answer 4

It could be a permissions issue. The ASPNET service may have permissions to the executable, but does it have permissions for everything the executable does.

For example, if the executable copies files, does the ASPNET account have full rights to the source and destination paths of those files? The same questions need to be asked of everything the executable does.

If you need to get around this, you can use impersonation, or assign the web site to run under a different account in IIS, but those are not recommended practices, and more trouble than they're worth in most cases.

Answer 5

You probably should check what is your executable performs, cos ASP.NET works under user with limited rights (NETWORK SERVICE on IIS 6.0) and you executable also gets this rights and runs under same user. As far as you waiting on until it finishes its work, probably something wrong in the executable you are trying to run. I suggest you to make a simple experiment - switch your WebApplication to build-in in VS web server, called "Casini" and check your code behavior. By means of this you can prove yourself that it's not ASP.NET's fault. If I am right the only thing you will need to do is to investigate problems of you executable and determine what rights it needs.

Answer 6

By default the ASP.NET worker process has less security than most local account (certainly an account that a developer uses or the logged in account on a server.)

There are two main ways to move forward:

1. Give the asp.net process more priviledges. See This Link for a good explanation of how to do that.
2. Have asp.net run under an account with more priviledges. See This Link for a good explanation and how to get that process running under a different account.

Either will work for you.

Answer 7

Instead of Impersonation or giving Asp.net more privileges, how about launching the process under different credentials. In the sample below, UserWithVeryLimitedRights would be a new account that you create with just enought rights to run the app. Doing so may minimize the security risks.

ProcessStartInfo StartInfo = new ProcessStartInfo();
SecureString ss = new SecureString();
string insecurePassword = "SomePassword";

foreach(char passChar in insecurePassword.ToCharArray()) {
ss.AppendChar(passChar);
}

StartInfo.RedirectStandardInput = true;
StartInfo.RedirectStandardError = true;
StartInfo.RedirectStandardOutput = true; 

StartInfo.CreateNoWindow = true;
StartInfo.UseShellExecute = false;
StartInfo.Password = ss;
StartInfo.UserName = @"UserWithVeryLimitedRights";
StartInfo.FileName = @"c:\winnt\notepad.exe";
Process.Start(StartInfo);