Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.Net application executing powershell scripts as IIS_USR

I am building an asp.net mvc application which will operate as a wrapper for a number of powershell scripts we've written to manage day to day tasks (with the end goal of making it easy for a non technical person to use the scripts).

I've managed to get the scripts executing nicely:

var ctx = System.Web.HttpContext.Current;
var file = ctx.Server.MapPath("~/Content/Powershell/psStoreLive.ps1"); #activate a store
var shell = PowerShell.Create();
shell.AddCommand(file);  
shell.AddArgument(o.DBName);   # which store should we activate
var results = shell.Invoke();  # and then process the results....display output of script

The problem is that the scripts are being executed as IIS_USR (or similar).

I need to find a way to get the IIS server to execute the scripts as the current logged in user ( using Windows Authentication ( <authentication mode="Windows" /> ) ).

I've seen http://stackoverflow.com/questions/10837377/loginview-and-passing-credentials-to-powershell and, while that looks like it will maybe work, I am not satisfied with the idea.

It seems to me that I should be able to do this with some C# code, as in the code-block above, but I've been unable to turn up anything with my searches that will do it.

How can I create a powershell environment in C# that will execute as a logged-in user (I'd settle for even re-asking for credentials, if necessary)

Thanks

Edit 1

I have looked at the PSCredential object, and that seems to be the right kind of thing, but I still can't figure out how I might plug it into a session overall (lots of info about using it as a parameter to a cmdlet that requires a credential)

like image 454
reidLinden Avatar asked Oct 30 '14 18:10

reidLinden


People also ask

How do I debug web application hosted in IIS?

To start debugging, select IIS Express (<Browser name>) or Local IIS (<Browser name>) in the toolbar, select Start Debugging from the Debug menu, or press F5. The debugger pauses at the breakpoints. If the debugger can't hit the breakpoints, see Troubleshoot debugging.


1 Answers

I have an ASP.NET site that needs rights to a share to run EXEs and .BAT Files.

This example is using application pool and a local account, you can use a domain account as well.

  1. Create a local account on the server (make it an admin on the server)
  2. Give that account full rights to the folder where the powershell script it.
  3. Create a new IIS Pool and set the account to run under this new local account
  4. Change your site in IIS to use this new pool
like image 70
ElimGarak Avatar answered Sep 27 '22 23:09

ElimGarak