如何从IIS托管的WCF服务启动进程？

Question

I would like to run a process from an intranet client on the WCF service side. In my case a client asks a server to create a new process on the server's machine under the provided credentials. WCF service is hosted on IIS 7.5 and I start a process using this code

var processInfo = new ProcessStartInfo("C:\\Windows\\System32\\notepad.exe")
{
    UserName = "some user",
    Password = MakeSecureString("some password"),
    UseShellExecute = false,
    LoadUserProfile = true
};

Process process = Process.Start(processInfo);

This code works if I host WCF service as a self-hosted console application running under admin user and I see the notepad started under another user. It fails on IIS with no exception, but process is immediately terminated

process.HasExited = true;
process.ExitCode = -1073741502;

On IIS WCF application is running under the user with admin rights and has got full trust defined in web.config. I cannot use self hosted application as it doesn't support easy continuous delivery (like WebDeploy with IIS web farms).

Q: How can I start a process on a server side from WCF service hosted on IIS?

EDIT:
I stumbled upon this post , with similar issues and I tried all the methods there, including all possible variations for Process.Start and P/Invoke with CreateProcessWithLogonW and CreateProcessAsUser I also tried granting additional permissions to users. Non of this would work with the error messages identical to the ones the guy had posted.

Answer 1

Oleksii, the point is that if you host the WCF service in a console application, there is a windows session (a user logged in and Windows Explorer loaded) for that user and the notepad is opened and shown for that user, so you see it in the UI.

when you host your WCF service in IIS, being a server, IIS requires and allows no user interaction and works also if no user is logged in; in that context there is no UI to host your notepad or other UI enabled applications, you could execute a process for elaboration or other batch jobs but not render a windows UI application, because Windows Explorer is not loaded for you and there is no place to render your process's UI.

Answer 2

here is what I use to call GnuPGP to do encryption. How does your setup compare?

private int ExecuteCommand(string arguments, string passPhrase, int timeout)
        {
            Process processObject;
            ProcessStartInfo pInfo = new ProcessStartInfo(_executablePath, arguments);


            pInfo.CreateNoWindow = true;
            pInfo.UseShellExecute = false;

            pInfo.RedirectStandardInput = true;
            pInfo.RedirectStandardOutput = true;
            pInfo.RedirectStandardError = true;
            processObject = Process.Start(pInfo);

            if (!string.IsNullOrEmpty(passPhrase))
            {
                processObject.StandardInput.WriteLine(passPhrase);
                processObject.StandardInput.Flush();
            }

            string result = processObject.StandardOutput.ReadToEnd();
            string error = processObject.StandardError.ReadToEnd();

            if (!processObject.WaitForExit(timeout))
            {
                throw new TimeoutException("GnuPG operation timeout. Waited " + timeout + " milliseconds ");
            }

            int exitcode = processObject.ExitCode;

            Error = error;
            Output = result;

            return exitcode;

        }

Answer 3

There's an apppool setting to make sure it loads the user profile.

loadUserProfile Optional Boolean attribute.

Specifies whether IIS loads the user profile for the application pool identity. Setting    
this value to false causes IIS to revert to IIS 6.0 behavior. IIS 6.0 does not load the 
user profile for an application pool identity.

The default value is false.

That along with being a domain user as the identity with enough permissions might work?? I know that at a minimum the user will need a user profile.

That said, it's a little bit of an odd architecture. It seems like a better arch would be to have a persistent process like a windows service that the site communicates with but I'm not sure what your constraints are.

Hope that helps.