从ASP.NET运行PowerShell脚本
[英]Run PowerShell script from ASP.NET
问题描述
I have been trying out running a PowerShell script from asp.net with no success for a few days already. 
我一直在尝试从asp.net运行PowerShell脚本,但几天没有成功。
The C# is: C#是:
using (var process = new Process())
{
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.FileName = @"powershell.exe";
startInfo.Arguments = "arguments that call the script here";
startInfo.RedirectStandardOutput = false;
startInfo.RedirectStandardError = false;
startInfo.UseShellExecute = true;
startInfo.CreateNoWindow = true;
process.StartInfo = startInfo;
process.Start();
}
The PowerShell script it calls contains the ff: 它调用的PowerShell脚本包含ff:
robocopy "\\network-server\location" "C:\localfolder" "testmovefile.txt"
Obviously the problem here would be the proper credentials. 显然,这里的问题是正确的凭据。 But I have tried doing all sorts of impersonation stuff, whether from C# or in the script level. 但是我尝试过进行各种模拟工作,无论是从C#还是在脚本级别。 I tried doing this to the PowerShell script: 我尝试对PowerShell脚本执行此操作:
$username = "domain\user"
$password = ConvertTo-SecureString –String "password" –AsPlainText -Force
$pp = new-object -typename System.Management.Automation.PSCredential -argumentlist $username,$password
start-process powershell -argument "C:\localfolder\CopyFile.ps1" -Credential $pp
It works when I run the script in the PowerShell console locally, even when using an account that has no permissions to the network, however when called from the web app.. nothing happens. 当我在PowerShell控制台中本地运行脚本时,即使使用了对网络没有权限的帐户,也可以使用它,但是当从Web应用程序中调用该脚本时,它不会起作用。
The App Pool Identity is just set to the default App Pool Identity though.. I found out that if I change the identity to a custom account with the proper rights.. it works. 不过,“应用程序池标识”只是设置为默认的“应用程序池标识”。.我发现,如果我将标识更改为具有适当权限的自定义帐户,则可以使用。
I am still trying to search for a different solution.. I want a scenario that you can just change anything in the script and it will still still run. 我仍在尝试寻找其他解决方案。我想要一种情况,您只需更改脚本中的任何内容,它仍将运行。 Any is OK as long as it does not change the app pool identity. 只要不更改应用程序池标识,任何都可以。
I tried these as well: 我也尝试过这些:
- http://huddledmasses.org/using-alternate-credentials-with-the-filesystem-in-powershell/ http://huddledmasses.org/using-alternate-credentials-with-the-filesystem-in-powershell/
- using runspace in c# instead of process and using an impersonator How do you impersonate an Active Directory user in Powershell? 在c#中使用运行空间而不是进程并使用模拟程序如何在Powershell中模拟Active Directory用户?
But it still doesn't work. 但这仍然行不通。 I keep on getting access denied. 我一直在拒绝访问。 Question is, is it possible to make it work by impersonating someone inside PowerShell? 问题是,是否可以通过在PowerShell中模拟某个人来使其工作?
1 个解决方案
解决方案1
0 2012-07-17 08:04:04
App pool identities have very limited access to the local file system (and none outside the local computer). 应用程序池标识对本地文件系统的访问非常有限(本地计算机之外没有访问权限)。 You will need to modify ACLs on the file system to give the identities the access they need. 您将需要修改文件系统上的ACL,以为身份提供所需的访问权限。
In Server 2008 (or Vista) this has to be done with the command line (eg. icacls.exe ) as the permissions GUI does not support app pool identity; 在Server 2008(或Vista)中,必须使用命令行(例如icacls.exe )完成此操作,因为权限GUI不支持应用程序池标识。 with later versions this can be done with the GUI. 对于更高版本,可以使用GUI来完成。
Process Monitor is a good tool for working out where access is being blocked. Process Monitor是解决阻塞访问的好工具。
However if you need to access network resources this will not work. 但是,如果您需要访问网络资源,则将无法使用。 App pool identities are purely local, they have no meaning on the network. 应用程序池标识纯粹是本地的,在网络上没有任何意义。 You need to use a domain account with the applicable access (or multiple local accounts with the same name and password). 您需要使用具有相应访问权限的域帐户(或具有相同名称和密码的多个本地帐户)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.