以ASP.net页面启动服务

Question

I wrote a windows service, that works perfectly. It is call (on Command Prompt) via ChatServer.exe {argument} where the {argument} is a key work such as install , uninstall , start and stop .

The program where this service is require administrative privileges (since it install/uninstall itself). So if i start cmd as administrator "D:\\folder\\chatserver.exe install" for example, it install the service as it should.

Well, my problem is that on my ASP.net site i wrote a function (below) to start the process, but i get an exception "740" ("the software required privilege elevation") as if i mark the "AsAdmin" argument of my function to "true", i get that "UseShellExecute" can't be true as an exception.

public static int RunProcess(string ApplicationPath, string Parameters = "", bool AsAdmin = false)
{
    try
    {
        global::System.Diagnostics.ProcessStartInfo startInfo = new global::System.Diagnostics.ProcessStartInfo();
        startInfo.UseShellExecute = AsAdmin;
        if (AsAdmin) { startInfo.Verb = "runas"; }
        startInfo.WorkingDirectory = global::System.IO.Path.GetDirectoryName(ApplicationPath);
        startInfo.FileName = ApplicationPath;
        if (!string.IsNullOrEmpty(Parameters)) { startInfo.Arguments = Parameters; }
        startInfo.ErrorDialog = false;
        global::System.Diagnostics.Process process = global::System.Diagnostics.Process.Start(startInfo);
        process.WaitForExit();
        return process.ExitCode;
    }
    catch (global::System.ComponentModel.Win32Exception ex) { return ex.NativeErrorCode; }
    catch { return -1; }
}

What do i do?

Answer 1

Have you tried ProcessStartInfo ? It allows you to add specific credentials . Check the example below:

ProcessStartInfo myProcess = new ProcessStartInfo(path);
myProcess.UserName = username;
myProcess.Password = MakeSecureString(password);
myProcess.WorkingDirectory = @"C:\Windows\System32";
myProcess.UseShellExecute = false;
// elevate EDIT
myProcess.Verb = "runas";
Process.Start(myProcess);


private static SecureString MakeSecureString(string text)
{
     SecureString secure = new SecureString();
     foreach (char c in text)
     {
         secure.AppendChar(c);
     }
     return secure;
}

Launch a process under another user's credentials

Answer 2

You can't, and shouldn't want to do this. You don't want to store administrative credentials anywhere near your web application, and you definitely don't want to run your web application under administrative privileges.

One solution is to actually have a "watchdog" Windows Service, running with the appropriate privileges to interact with the Service Control Manager (SCM), which accepts commands through for example WCF on localhost, and let your web application talk to that service which in turn starts or stops the the appropriate service.

That would look like this:

[Web Application] -- WCF --> [Watchdog Service] -- SCM --> [Chat Service]

So your Web Application sends through WCF a StartService("ChatService") command, and then the Watchdog Service starts the ChatService service.

Now only the Watchdog Service has to run under administrative privileges, and to secure the WCF communication to make sure only authenticated applications call it, that's discussed in other questions.

If instead you are trying to develop a self-installing web platform including websites and services, then consider using a proper installer instead of doing it all manually.

Answer 3

Further to Ted's answer, I would add this:

Microsoft does not recommend calling an .exe from a Web application/site as w3wp.exe runs in a sandboxed environment for security reasons and hence any thread/task/process that it launches is not the same as it would be when you launch it yourself and hence may not work as expected.

You may want to re-code the console applications as ASP.NET Web API, possibly hosted in IIS or in a Windows Service.