stackoom
  简体   繁体   中英

Run Only signed powershell scripts from c#

 原文  2013-03-25 18:10:12       c#/ powershell/ executionpolicy

Question

I have a windows service that downloads a script and then runs it.

I've been trying to make my windows service more secure, making it accept only signed power-shell scripts.

I have ran the Set-ExecutionPolicy AllSigned command on the server, and this works in the windows power shell command prompt.

However, my code still runs both signed and unsigned scripts, even if the set-executionpolicy is set to restricted.

I have tried two approaches:

RunspaceConfiguration runspaceConfiguration = RunspaceConfiguration.Create(); 

        Runspace runspace = RunspaceFactory.CreateRunspace(runspaceConfiguration);
        runspace.Open();

        RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace);
        Pipeline pipeline = runspace.CreatePipeline();         
        pipeline.Commands.AddScript(@"Set-ExecutionPolicy AllSigned");
        pipeline.Commands.AddScript(@"Get-ExecutionPolicy");
        pipeline.Commands.AddScript(script);
        Collection<PSObject> results = pipeline.Invoke();

And another approach: 

using (PowerShell ps = PowerShell.Create())
                {
                    ps.AddCommand("Set-ExecutionPolicy").AddArgument("Restricted");
                    ps.AddScript("Set-ExecutionPolicy Restricted");
                    ps.AddScript(script);
                    Collection<PSObject> results = ps.Invoke();
                  }

In both situations the code runs unsigned scripts as well.

Have I missed something?

1 answers

solution1
 1 ACCPTED  2013-04-10 23:19:11

I found the solution. The only way to restrict the code from running unsigned scripts was to check the scripts myself with Get-AuthenticodSignature: 

 public bool checkSignature(string path)
    {

        Runspace runspace = RunspaceFactory.CreateRunspace();
        runspace.Open();
        RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace);
        Pipeline pipeline = runspace.CreatePipeline();
        pipeline.Commands.AddScript(String.Format("Get-AuthenticodeSignature \"{0}\"", path));
        Collection<PSObject> results = pipeline.Invoke();
        Signature check = (Signature)results[0].BaseObject;
        runspace.Close();
        if (check.Status == SignatureStatus.Valid)
        {
            return true;
        }
        return false;
    }

Thanks,

Dan

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Run powershell scripts from c# How to run PowerShell scripts from C# Is it possible to run the PowerShell shell from C# and keep it running, while (synchronously) executing multiple PowerShell scripts within it? Run Powershell from C# Run PowerShell script in PowerShell 6 from C# Cannot connect to Exchange PowerShell to run scripts remotely using C# Executing powershell scripts in c# C# PowerShell running non PowerShell scripts Running service fabric powershell scripts from C# Asynchronously running multiple PowerShell scripts from C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM