Executing a background process

[Kurtis Carlson]

I’m writing a web page that allows users to reset their own Terminal Services
session. The app needs to execute a program in the background (on the web
server) and queries sessions on another server. The program is running on an
Intranet so, please, no comments about executing programs from a web page.

Here’s a code snippet:

Process p = new Process();
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.FileName = "qwinsta.exe";
p.StartInfo.Arguments = " joeuser /server:myremoteserver";
p.Start();
string output = p.StandardOutput.ReadToEnd();
p.WaitForExit();

This code works fine from a command line program running under my domain
account. I’m getting Access Denied errors when running from the web page.
I’ve tried unsuccessfully tweaking some of the impersonation settings in the
web.config file.

What do I need to do to make this run under the right credentials?

Thanks in advance.

 

[Joe Kaplan \(MVP - ADSI\)]

Processes started with the Process class launch under the current process
account, not the impersonated thread account. You need to either use a
different launch mechanism (WMI, p/invoke, COM+) or change the process
account to have the right permissions.

Joe K.

 

[Kurtis Carlson]

By “Process Accountâ€, I assume you are referring to the local ASPNET or
IUSER_ accounts. If so, it will be difficult to allow access to a remote
machine.

So, it looks like I have 4 choices, 3 of which are different launch
mechanisms.

Which is the least difficult to implement and can you point me to some code
samples or reference documents?

Thanks.

 

[Kurtis Carlson]

By “Process Accountâ€, I assume you are referring to the local ASPNET or
IUSER_ accounts. If so, it will be difficult to allow access to a remote
machine.

So, it looks like I have 4 choices, 3 of which are different launch
mechanisms.

Which is the least difficult to implement and can you point me to some code
samples or reference documents?

Thanks.

 

[Joe Kaplan \(MVP - ADSI\)]

The most effective one I've seen is to use the WMI approach. Someone here
or on the dotnet.security group posted a sample a while ago that a Google
search should turn it up. If you find it, please post. Sorry I'm not super
helpful.

The process account would be the account that shows up in Task Manager for
the aspnet_wp.exe or its equivalent in Windows 2003.

Joe K.