Is it a good idea to run an EXE from IIS from the code behind?
Question
I have an ASP.NET Web API in which I am trying to download a ZIP file through a controller - say, DownloadZipController .
For generating this ZIP file, my controller method calls a factory method createandGetZip which launches an exe and waits for the EXE to finish its execution. When the EXE produces the ZIP it is passed to the factory method createandGetZip . This ZIP generation takes some time - around 2 minutes.
I have hosted this web api on IIS server with the AppPool identity as LOCALSYSTEM.
My question is: is this the best way to launch an EXE from my code hosted on IIS server? Or is there any other way to launch the EXE from the code without giving AppPool identity as LOCALSYSTEM as I have read that this may lead to a security breach.
Please advise me on the best possible way or just a way better than what I am currently using.
1 answers
solution1
0 2016-10-18 15:41:28
I believe this is fine in practice (I do this often with DoScan.exe, the Symantec virus scanner). Try to guard against the external process spinning forever, and limit the app pool security rights on the EXE, if that matters to you.
Also, of course, make sure you know what the EXE is doing.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.