[英]PowerShell script failling on IIS
當前,我們在Win Server 2012 R2的IIS 7.5上部署了具有基本Windows身份驗證的C#MVC Web應用程序。
控制器:
public ActionResult Index([Bind(Include = "ID,cmd,arg1,arg2")] PowerShellCMD PScmd)
{
if (ModelState.IsValid)
{
//String script = @"C:\TEMP\test.ps1";
String script = @"D:\a-espinoza\Scripts\wsa.ps1";
PowerShell ps = PowerShell.Create();
Runspace runspace = RunspaceFactory.CreateRunspace();
ps.Runspace = runspace;
ps.Runspace.Open();
using (var impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate())
{
ps.AddScript(script);
ps.AddParameter(null, PScmd.cmd);
// Execute the script
var results = ps.Invoke();
runspace.Close();
if (results.Count > 0)
{
// We use a string builder ton create our result text
var builder = new StringBuilder();
foreach (var psObject in results)
{
// Convert the Base Object to a string and append it to the string builder.
// Add \r\n for line breaks
builder.Append(psObject + "\r\n");
}
// Encode the string in HTML (prevent security issue with 'dangerous' caracters like < >
PScmd.result = Server.HtmlEncode(builder.ToString());
}
}
//impersonationContext.Undo();
}
return View(PScmd);
}
在部署了我的應用的IIS服務器上沒有登錄權限的用戶遇到以下錯誤:
“ /”應用程序中的服務器錯誤。
安全例外
說明:應用程序嘗試執行安全策略不允許的操作。 要授予此應用程序所需的權限,請聯系系統管理員或在配置文件中更改應用程序的信任級別。
異常詳細信息:System.Security.SecurityException:不允許請求的注冊表訪問。
源錯誤:
當前Web請求的執行期間生成了未處理的異常。 可以使用下面的異常堆棧跟蹤來標識有關異常的來源和位置的信息。
堆棧跟蹤:
[SecurityException:不允許請求的注冊表訪問。]
Microsoft.Win32.RegistryKey.OpenSubKey(字符串名稱,布爾型可寫)+14302727 System.Environment.GetEnvironmentVariable(字符串變量,EnvironmentVariableTarget目標)+278
System.Management.Automation.ModuleIntrinsics.GetExpandedEnvironmentVariable(字符串名稱,EnvironmentVariableTarget目標)+9
System.Management.Automation.ModuleIntrinsics.SetModulePath()+61
System.Management.Automation.ExecutionContext.InitializeCommon(AutomationEngine引擎,PSHost主機接口)+714
System.Management.Automation.AutomationEngine..ctor(PSHost hostInterface,RunspaceConfiguration runspaceConfiguration,InitialSessionState iss)+19187352
System.Management.Automation.Runspaces.LocalRunspace.DoOpenHelper()+19188647 System.Management.Automation.Runspaces.RunspaceBase.CoreOpen(布爾syncCall)+360
PowerShellExecution.Controllers.PWCmdsController.Index(PowerShellCMD PScmd)+254 lambda_method(Closure,ControllerBase,Object [])+127 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext,IDictionary2 parameters) +242
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +242
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +2422參數)+39
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary
System.Web.Mvc.Async.AsyncControllerActionInvoker.b__39(IAsyncResult asyncResult,ActionInvocation innerInvokeState)+12
System.Web.Mvc.Async.WrappedAsyncResult2.CallEndDelegate(IAsyncResult asyncResult) +139
System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +112 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +452 System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +15
System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +37 System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +241
System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +29
System.Web.Mvc.Async.WrappedAsyncVoid2.CallEndDelegate(IAsyncResult asyncResult) +139
System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +112 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +452 System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +15
System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +37 System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +241
System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +29
System.Web.Mvc.Async.WrappedAsyncVoid2.CallEndDelegate(IAsyncResult asyncResult) +1391.CallEndDelegate(IAsyncResult asyncResult)+111
System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +112 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +452 System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +15
System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +37 System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +241
System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +29
System.Web.Mvc.Async.WrappedAsyncVoid
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult)+53 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +19
System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +51
System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +19
System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +51
System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +191.CallEndDelegate(IAsyncResult asyncResult)+111
System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +51
System.Web.Mvc.Async.WrappedAsyncVoid
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()+606 System.Web.HttpApplication.ExecuteStep(IExecutionStep步驟,布爾值且已完成)+288版本信息:Microsoft .NET Framework版本:4.0.30319; ASP.NET版本:4.0.30319.34274
在不讓所有人都可以訪問運行IIS的服務器上的情況下,如何避免該錯誤?
Register密鑰已經授予所有人讀取權限。
您是否可以查看服務器上的安全日志,以查看引起SecurityException的用戶?
我可能對此不太滿意...但是運行空間是在模擬模仿之外創建的,因此它將作為應用程序池標識/用戶運行。 我不希望任何用戶訪問該網站時都能運行。
您要模擬的用戶必須有權訪問腳本所引用的注冊表項。 檢查一下以完成此操作: https : //technet.microsoft.com/zh-cn/library/cc775454(v=ws.10).aspx
嘗試更改:
PowerShell ps = PowerShell.Create();
Runspace runspace = RunspaceFactory.CreateRunspace();
ps.Runspace = runspace;
ps.Runspace.Open();
using (var impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate())
{
//...Code
}
至:
using (var impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate())
{
PowerShell ps = PowerShell.Create();
Runspace runspace = RunspaceFactory.CreateRunspace();
ps.Runspace = runspace;
ps.Runspace.Open();
//...Code
}
ScriptManager.RegisterStartupScript()在IIS上失敗,但在Visual Studio中失敗
[英]ScriptManager.RegisterStartupScript() Failling on IIS but not in Visual Studio
Unable to run powershell script in IIS hosted .net web api project
[英]Unable to run powershell script in IIS hosted .net web api project
C#WCF模擬不適用於從IIS上托管的Web服務調用的Powershell腳本(WIn 2012)
[英]C# WCF impersonation not working for powershell script invoked from webservice hosted on IIS(WIn 2012)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.