Executing batch file from C# Permission issue

Question

I have a batch file to execute a VB script. While executing the batch file by double clicking will work, But when I have done the same with C# its working on my local environment but not in the staging server (windows server 2008r2), Is there any permission level i need to apply for this execution. From the staging server I can double click and execute the batch file...

I have logged in to the server with Administrator account and browsed the application as localhost.

Is there anything I'm missing on the execution of batch file from C#,

I don't think there is any problem with my C# code as its working fine on my local environment, anyway following is my C# code,

if (File.Exists(FileName*))
            {
                System.Diagnostics.ProcessStartInfo p = new System.Diagnostics.ProcessStartInfo(FileName);
                System.Diagnostics.Process proc = new System.Diagnostics.Process();
                proc.StartInfo.FileName = FileName;
                proc.StartInfo.RedirectStandardError = true;
                proc.StartInfo.RedirectStandardOutput = true;
                proc.StartInfo.UseShellExecute = false;

                proc.Start();

                proc.WaitForExit();

            }
            else
            {
                lblMsg.Text = "Sorry unable to process you request";
            }

*FileName is the path to batch file. Also I have set full permission to the folders that containg both batch file and vbs files.

Answer 1

For this to work your app pool needs to be run as a user who has access to the batch file. Check how to change your app pool identity for IIS 7 or IIS 6.

Answer 2

To expand on what Kartheek said:

• In IIS 7 application pools run as a app pool account, IISAPPPOOL\AppPoolName
• In IIS 6 application pools run as Network Service
• In either case, these accounts don't have any access a user's documents folder and (by default) can only read from common data stores.

Generally you want to keep the app pool account because it helps segregate the data -- so what I would do is just make sure you grant read+execute permissions on the bat file you need for the app pool account. You'll also need proper permissions on any filles/folders the bat needs to read/write from.

You do not need to change anything in your app to correct this problem, unless you want to IIS app to masquerade around as the user who is actually sitting at the website (it only really works if you use some form of authentication.) Generally this a bad idea anyway -- so it's best to just adjust the permissions.

As a general rule of thumb, when working on a web server you want to keep the permissions/execution levels as low/restrictive as possible.