IIS上的PowerShell脚本故障

Question

当前，我们在Win Server 2012 R2的IIS 7.5上部署了具有基本Windows身份验证的C＃MVC Web应用程序。

控制器：

 public ActionResult Index([Bind(Include = "ID,cmd,arg1,arg2")] PowerShellCMD PScmd)
    {
        if (ModelState.IsValid)
        {
           //String script = @"C:\TEMP\test.ps1";
            String script = @"D:\a-espinoza\Scripts\wsa.ps1";

            PowerShell ps = PowerShell.Create();
            Runspace runspace = RunspaceFactory.CreateRunspace();
            ps.Runspace = runspace;

            ps.Runspace.Open();

            using (var impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate())
            {

                ps.AddScript(script);
                ps.AddParameter(null, PScmd.cmd);

                // Execute the script
                var results = ps.Invoke();

                runspace.Close();

                if (results.Count > 0)
                {
                    // We use a string builder ton create our result text
                    var builder = new StringBuilder();

                    foreach (var psObject in results)
                    {
                        // Convert the Base Object to a string and append it to the string builder.
                        // Add \r\n for line breaks
                        builder.Append(psObject + "\r\n");
                    }

                    // Encode the string in HTML (prevent security issue with 'dangerous' caracters like < >
                    PScmd.result = Server.HtmlEncode(builder.ToString());
                }
            }
            //impersonationContext.Undo();
        }

        return View(PScmd);
    }

在部署了我的应用的IIS服务器上没有登录权限的用户遇到以下错误：

“ /”应用程序中的服务器错误。

安全例外

说明：应用程序尝试执行安全策略不允许的操作。 要授予此应用程序所需的权限，请联系系统管理员或在配置文件中更改应用程序的信任级别。

异常详细信息：System.Security.SecurityException：不允许请求的注册表访问。

源错误：

当前Web请求的执行期间生成了未处理的异常。 可以使用下面的异常堆栈跟踪来标识有关异常的来源和位置的信息。

堆栈跟踪：

[SecurityException：不允许请求的注册表访问。]
Microsoft.Win32.RegistryKey.OpenSubKey（字符串名称，布尔型可写）+14302727 System.Environment.GetEnvironmentVariable（字符串变量，EnvironmentVariableTarget目标）+278
System.Management.Automation.ModuleIntrinsics.GetExpandedEnvironmentVariable（字符串名称，EnvironmentVariableTarget目标）+9
System.Management.Automation.ModuleIntrinsics.SetModulePath（）+61
System.Management.Automation.ExecutionContext.InitializeCommon（AutomationEngine引擎，PSHost主机接口）+714
System.Management.Automation.AutomationEngine..ctor（PSHost hostInterface，RunspaceConfiguration runspaceConfiguration，InitialSessionState iss）+19187352
System.Management.Automation.Runspaces.LocalRunspace.DoOpenHelper（）+19188647 System.Management.Automation.Runspaces.RunspaceBase.CoreOpen（布尔syncCall）+360
PowerShellExecution.Controllers.PWCmdsController.Index（PowerShellCMD PScmd）+254 lambda_method（Closure，ControllerBase，Object []）+127 System.Web.Mvc.ReflectedActionDescriptor.Execute（ControllerContext controllerContext，IDictionary 2 parameters) +242
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary 2 parameters) +242
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary 2 parameters) +242
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary 2参数）+39
System.Web.Mvc.Async.AsyncControllerActionInvoker.b__39（IAsyncResult asyncResult，ActionInvocation innerInvokeState）+12
System.Web.Mvc.Async.WrappedAsyncResult 2.CallEndDelegate(IAsyncResult asyncResult) +139
System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +112 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +452 System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +15
System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +37 System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +241
System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +29
System.Web.Mvc.Async.WrappedAsyncVoid 2.CallEndDelegate(IAsyncResult asyncResult) +139
System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +112 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +452 System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +15
System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +37 System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +241
System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +29
System.Web.Mvc.Async.WrappedAsyncVoid 2.CallEndDelegate(IAsyncResult asyncResult) +139
System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +112 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +452 System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +15
System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +37 System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +241
System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +29
System.Web.Mvc.Async.WrappedAsyncVoid 1.CallEndDelegate（IAsyncResult asyncResult）+111
System.Web.Mvc.Controller.EndExecuteCore（IAsyncResult asyncResult）+53 System.Web.Mvc.Async.WrappedAsyncVoid 1.CallEndDelegate(IAsyncResult asyncResult) +19
System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +51
System.Web.Mvc.Async.WrappedAsyncVoid 1.CallEndDelegate(IAsyncResult asyncResult) +19
System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +51
System.Web.Mvc.Async.WrappedAsyncVoid 1.CallEndDelegate(IAsyncResult asyncResult) +19
System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +51
System.Web.Mvc.Async.WrappedAsyncVoid 1.CallEndDelegate（IAsyncResult asyncResult）+111
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute（）+606 System.Web.HttpApplication.ExecuteStep（IExecutionStep步骤，布尔值且已完成）+288

版本信息：Microsoft .NET Framework版本：4.0.30319; ASP.NET版本：4.0.30319.34274

在不让所有人都可以访问运行IIS的服务器上的情况下，如何避免该错误？

Register密钥已经授予所有人读取权限。

Answer 1

您是否可以查看服务器上的安全日志，以查看引起SecurityException的用户？

我可能对此不太满意...但是运行空间是在模拟模仿之外创建的，因此它将作为应用程序池标识/用户运行。 我不希望任何用户访问该网站时都能运行。

您要模拟的用户必须有权访问脚本所引用的注册表项。 检查一下以完成此操作： https : //technet.microsoft.com/zh-cn/library/cc775454(v=ws.10).aspx

尝试更改：

PowerShell ps = PowerShell.Create();
Runspace runspace = RunspaceFactory.CreateRunspace();
ps.Runspace = runspace;
ps.Runspace.Open();

using (var impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate())
{
    //...Code
}

至：

using (var impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate())
{
    PowerShell ps = PowerShell.Create();
    Runspace runspace = RunspaceFactory.CreateRunspace();
    ps.Runspace = runspace;
    ps.Runspace.Open();

    //...Code
}