堆栈内存溢出
  简体   繁体   English

ASP.Net服务器上的进程无法通过IIS正确运行

[英]Process on ASP.Net server not running correctly over IIS

 原文  2015-10-28 12:45:24       c#/ asp.net/ iis/ process/ antivirus

问题描述

I am trying to run an antivirus scan on an uploaded file in an ASP.Net web app. 我试图在ASP.Net Web应用程序中的上传文件上运行防病毒扫描。 We are using Sophos so have access to their command line API sav32cli . 我们正在使用Sophos,因此可以访问他们的命令行API sav32cli In the code I use: 在我使用的代码中: 

Process proc = new Process();
proc.StartInfo.FileName = @"C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sav32cli.exe";
proc.StartInfo.Arguments = @"-remove -nc " + SavedFile;
proc.StartInfo.Verb = "runas";
proc.Start();
proc.WaitForExit();
int exitCode = proc.ExitCode;

When stepping through the code, when attached to the w3wp process on dev server, the code just jumps from one line to the next seemingly doing nothing at all. 当单步执行代码时,当连接到开发服务器上的w3wp进程时,代码只是从一行跳到另一行似乎什么都不做。 When running from code on dev server, it performs as expected scanning file and deleting if it is seen as a virus. 从dev服务器上的代码运行时,它会执行预期的扫描文件并删除它是否被视为病毒。

The server is running IIS 8.0, and the app built in .Net Framework 4. I have changed the machine config to allow the process to run as SYSTEM account, in accordance to these instructions. 服务器正在运行IIS 8.0,以及.Net Framework 4中内置的应用程序。我已根据这些说明更改了机器配置以允许进程作为SYSTEM帐户运行。 https://support.microsoft.com/en-us/kb/317012#%2Fen-us%2Fkb%2F317012 https://support.microsoft.com/en-us/kb/317012#%2Fen-us%2Fkb%2F317012 

<processModel  userName="SYSTEM" password="AutoGenerate" />

Is there something I'm missing? 有什么我想念的吗? What is the best practice for this kind of implementation? 这种实施的最佳实践是什么?

EDIT : When called, the Process returns an ExitCode of 2 (Error stopped execution), rather than the expected 0 (Scan worked, no viruses), or 3 (Scan worked, viruses found). 编辑 :当调用时, Process返回一个ExitCode为2(错误停止执行),而不是预期的0(扫描工作,没有病毒),或3(扫描工作,发现病毒)。

EDIT 2 : As per comment below I changed the code to: 编辑2 :根据下面的评论,我将代码更改为: 

Process proc = new Process();
proc.StartInfo.FileName = @"C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sav32cli.exe";
proc.StartInfo.Arguments = @"-remove -nc " + SavedFile;
proc.StartInfo.RedirectStandardOutput = true;
proc.StartInfo.UseShellExecute = false;
proc.Start();
StringBuilder output = new StringBuilder();

while (!proc.StandardOutput.EndOfStream)
{
    string line = proc.StandardOutput.ReadLine();
    output.AppendLine(line);
}
proc.WaitForExit();

int exitCode = proc.ExitCode;
ASPxMemo2.Text = exitCode.ToString() + Environment.NewLine + output.ToString();

output is always empty when run over IIS, but is populated correctly when running from code. 通过IIS运行时output始终为空,但从代码运行时正确填充。

EDIT 3 : Instead of looking at StandardOutput we looked at StandardError and it revealed this error: 编辑3:与其看着StandardOutput我们看StandardError ,它揭示了这个错误:

Error initialising detection engine [0xa0040200] (Possible insufficient user Admin rights.) 初始化检测引擎时出错[0xa0040200](可能用户管理员权限不足。)

For the time being we are going to move to another method of virus checking, but would still like to know a possible solution if anyone has it. 暂时我们将采用另一种病毒检查方法,但如果有人拥有它,我们仍然想知道一种可能的解决方案。

4 个解决方案

解决方案1
 1  2015-11-03 19:04:27

You will need to make sure that the application pool that is running your .NET application inside IIS has execute permissions to your file 您需要确保在IIS中运行.NET应用程序的应用程序池对您的文件具有执行权限

"C:\\Program Files (x86)\\Sophos\\Sophos Anti-Virus\\sav32cli.exe" “C:\\ Program Files(x86)\\ Sophos \\ Sophos Anti-Virus \\ sav32cli.exe”

You may also need to add this permission to the folder location where the file to be scanned is uploaded (c:\\temp) for example 您可能还需要将此权限添加到要上载文件的文件夹位置(例如c:\\ temp)

You may also need to have administrator privileges to run the anti virus scan since IIS8 does not run as an administrator. 您可能还需要具有管理员权限才能运行防病毒扫描,因为IIS8不以管理员身份运行。 When you are debugging visual studio uses your current logged in windows user(unless you use runas) so this will explain why it would work when debugging. 在调试时,visual studio使用当前登录的windows用户(除非你使用runas),这样就解释了为什么它在调试时会起作用。

解决方案2
 0  2015-10-31 18:21:44

Have you tried running your web process in elevated trust? 您是否尝试过提升信任度来运行Web流程?

Configuring .NET Trust Levels in IIS 7 在IIS 7中配置.NET信任级别 

<system.web>
  <securityPolicy>
    <trustLevel name="Full" policyFile="internal"/>
  </securityPolicy>
</system.web>

ASP.NET Trust Levels and Policy Files ASP.NET信任级别和策略文件

解决方案3
 0  2015-11-05 21:09:04

Most likely the permissions are not configured correctly on the content being scanned (the uploads folder) or the worker process user doesn't have the full permissions it needs to use Sophos. 很可能在正在扫描的内容( uploads文件夹)上没有正确配置权限,或者工作进程用户没有使用Sophos所需的完整权限。 You know the executable itself is accessible by the worker process because you are getting exit codes and error messages that are specific to Sophos. 您知道可执行文件本身可由工作进程访问,因为您将获得特定于Sophos的退出代码和错误消息。

Because your process will delete files that are perceived as threats you need to grant the user running the process modify or full control permissions on the folders that store the uploaded files. 由于您的进程将删除被视为威胁的文件,因此您需要授予用户对存储上载文件的文件夹运行进程modifyfull control权限。

By default you could use the IIS_IUSRS group for ApplicationPoolIdentity processes, but you can verify (and modify) the user in IIS Manager > App Pools > Advanced. 默认情况下,您可以将IIS_IUSRS组用于ApplicationPoolIdentity进程,但您可以在IIS管理器>应用程序池>高级中验证(和修改)用户。

This answer has more details 这个答案有更多细节

解决方案4
 0  2015-11-06 11:13:22

Here are some ideas: 以下是一些想法:

  1. Create the process using a different user with elevated privileges on the folder, see for reference start-a-net-process-as-a-different-user 使用具有提升的文件夹权限的其他用户创建进程,请参阅start-a-net-process-as-a-different-user
  2. If the previous suggestion fails, login one time on the server using the credentials used in point 1. It will configure registry entries connected to the user profile, some programs requires it. 如果先前的建议失败,请使用第1点中使用的凭据在服务器上登录一次。它将配置连接到用户配置文件的注册表项,某些程序需要它。
  3. Develop a simple .net service running on the server and monitoring the upload folder. 开发在服务器上运行的简单.net服务并监控上传文件夹。 The service has more probability running the Sophos scan succesfully. 该服务更有可能成功运行Sophos扫描。 Here is a reference on service creation using .net . 以下是使用.net创建服务的参考。
  4. The service may also talk to your web page using DB/file system/ etc.. so the operation may seem synchronous. 该服务还可以使用DB /文件系统/等与您的网页通信。因此操作可能看起来是同步的。

These are my 4 cents :-) 这些是我的4美分:-)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过IIS上的ASP.NET/C#在服务器上运行进程 - Running Process on Server via ASP.NET/C# on IIS Asp.net 中 IIS 服务器的路径错误 - Error in the path of an IIS server in Asp.net System.Diagnostics.Process.Start不适用于IIS,但在ASP.NET开发服务器上 - System.Diagnostics.Process.Start not work with IIS, but on ASP.NET Development Server 如何启动通过IIS7与ASP.NET 3.5中的服务器桌面进行交互的过程? - How to Start a process that interacts with the server's desktop in ASP.NET 3.5 through IIS7? 用于IIS的C#ASP.net应用程序的Team Foundation Server构建过程 - Team foundation server build process for a C# ASP.net application to IIS ASP.Net MVC长期运行过程 - ASP.Net MVC Long Running Process ASP.NET 项目在 VS 运行时在本地运行,但不在本地计算机或服务器上的 IIS 上运行 - ASP.NET project works locally on build when VS is running but not on IIS on my local machine or my server 从VS2010调试在远程IIS服务器上运行的ASP.NET应用程序 - Debug ASP.NET application running on remote IIS Server from VS2010 Windows Server 2016 上的 IIS 10 未运行我的 ASP.NET MVC 网站 - IIS 10 on Windows Server 2016 not running my ASP.NET MVC website ASP.NET Development Server模拟IIS6或IIS7? - ASP.NET Development Server simulates IIS6 or IIS7?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM