Pass uploaded file as argument to .bat file in asp.net c#
Question
I need to run a .bat file in my website that scans files and generate the results to the user.
Following is the steps that are required to accomplish the task: 1. The user will upload a .zip file by using the FileUpload tool. 2. The uploaded file will be passed as one of the .bat file arguments in order to scan it. 3. The .bat file will scan the .zip file and then generate the output (new files will be added to the shared folder).
I was able to complete step #1 by uploading the file to a shared location. Then I passed the path of the newly uploaded file to the .bat file but no results are shown.
I checked the permissions on the server and granted the website the required access. Also, I installed the latest java version on the server but with no luck.
The code works perfectly on my local machine but whenever I uploaded to the server it didn't work.
string scanFile = @"\\...path..";
string outputLocation = @"\\...path..";
string args = "--project" +name.Text+ "--scan" +scanFile+ "--out" +outputLocation;
//The method that start the process and run .bat file
protected void startP (string path, string args)
{
Process p = new Process();
p.StartInfo.FileName = path;
p.StartInfo.Arguments= args;
p.StartInfo.UseShellExecute= false;
p.StartInfo.CreateNoWindow= true;
p.StartInfo.EnableRaisingEvents= true;
p.Start();
p.WaiteForExit();
if(p.HasExited)
{
p.Close();
// then calling other methods
}
}
Would you please help me figure out what is the problem? specially that the same exact code run and give the desired output on my local machine but not when I run it through the server !
NOTE: * The .bat file is uploaded on the server
2 answers
solution1
0 2019-07-29 16:29:44
The core issue is that we do not usually give Webservers the kinds of rights needed for this. Webservers are always on, so they are vulnerable to hacking 24/7. As a result they are commonly run under a seperate user that just has read rights to the servers Programm and the webpages content diretory - not a single right bit more.
Execution and write rights? People will scratch their head why you would even ask for that and then propably keep away from your programm. If you give a webserver Write rights you end up with a hacker adding a script that redirects everyone reaching your page via google to a pornographic page (real life example).
The thing is also that this this should be unesssesary in 2019. .NET was given the ZipArchive class back in Version 4.5. And .NET core - comming way after that - had it since 1.0. If you somehow lack it, something is really odd in your scenario. So you do not need commandline tools for the Unzipping part anyway.
The part of providing files for download is usually done by storing them in/with a DB . And then use a HTTP Handler to hand their data out when requested. So again, you can avoid any need for write rights (or at least keep writing contained to the DB Server).
solution2
-2 2019-07-29 16:05:26
为什么不尝试在以管理员身份而不是.bat文件运行的Windows Shell脚本中尝试执行此操作?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.