By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,247 Members | 1,224 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,247 IT Pros & Developers. It's quick & easy.

Run Application (EXE) from ASP.Net C#

P: n/a
Task: run application from ASP.NET

for example,
you have a button on ASP.NET page, when press this button - one
application is invoked.
the code to run application (for example, notepad) is (on C#)

System.Diagnostics.Process.Start("notepad");

but the problem is that the application doesn't run, i.e. no window is
opened.

Note that ASP.NET code is executed on the SERVER.

Solution:

ASPNET user under which application is run should have appropriate
security settings.

1. change local policies for APSNET user:
in WinXP: run secpol.msc

go to Local Policies->User Rights Assignment
find "Deny log on locally" and remove ASPNET user from it.

then find "Deny logon locally" and remove ASPNET user from it.
2. Security for files.
if your application needs also to work with files (open, save, etc)
you have to change security settings for the folders to allow user
ASPNET modify nedeed files.
To test how it works without starting ASP.NET site you can try run in
Windows command line:

runas /user:ASPNET "notepad.exe"

it asks you for the password of ASPNET user. enter the password.
if everything is done correct you will see opened application (notepad
in our example) in new window.

More read here:

http://mxdev.blogspot.com/2008/09/as...om-aspnet.html
Sep 2 '08 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Of course, the application will run on the server, and will present no user
interface to the user who clicked the button.

--
John Saunders | MVP - Connected System Developer

Sep 2 '08 #2

P: n/a
From a standpoint of doing something, this is cool. From a standpoint of
hardening a server, my mind is about to explode, as you are opening up for
severe security breaches when you opt for this method of opening an
application on a web server.

If you must run a process, you are better to wrap the process call in a
service, as you remove the direct conduit from ASP.NET to the app. This is
not as big a deal if you are running notepad (not sure why someone would do
that through ASP.NET on a server, but it is not too risky), but can be a big
deal with some processes.

Imagine if you left a direct pipe to cmd.exe. Wow!

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
<mx*****@gmail.comwrote in message
news:b6**********************************@25g2000h sx.googlegroups.com...
Task: run application from ASP.NET

for example,
you have a button on ASP.NET page, when press this button - one
application is invoked.
the code to run application (for example, notepad) is (on C#)

System.Diagnostics.Process.Start("notepad");

but the problem is that the application doesn't run, i.e. no window is
opened.

Note that ASP.NET code is executed on the SERVER.

Solution:

ASPNET user under which application is run should have appropriate
security settings.

1. change local policies for APSNET user:
in WinXP: run secpol.msc

go to Local Policies->User Rights Assignment
find "Deny log on locally" and remove ASPNET user from it.

then find "Deny logon locally" and remove ASPNET user from it.
2. Security for files.
if your application needs also to work with files (open, save, etc)
you have to change security settings for the folders to allow user
ASPNET modify nedeed files.
To test how it works without starting ASP.NET site you can try run in
Windows command line:

runas /user:ASPNET "notepad.exe"

it asks you for the password of ASPNET user. enter the password.
if everything is done correct you will see opened application (notepad
in our example) in new window.

More read here:

http://mxdev.blogspot.com/2008/09/as...om-aspnet.html
Sep 2 '08 #3

P: n/a
actually its worse. to get notepad (or any non-console app) to run, you need
to enable Interact with desktop. this then means an exe can popup a modal
dialog box (often an error message), on the console, and hang the server
until someone answers the dialog.

-- bruce (sqlwork.com)
"Cowboy (Gregory A. Beamer)" wrote:
From a standpoint of doing something, this is cool. From a standpoint of
hardening a server, my mind is about to explode, as you are opening up for
severe security breaches when you opt for this method of opening an
application on a web server.

If you must run a process, you are better to wrap the process call in a
service, as you remove the direct conduit from ASP.NET to the app. This is
not as big a deal if you are running notepad (not sure why someone would do
that through ASP.NET on a server, but it is not too risky), but can be a big
deal with some processes.

Imagine if you left a direct pipe to cmd.exe. Wow!

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
<mx*****@gmail.comwrote in message
news:b6**********************************@25g2000h sx.googlegroups.com...
Task: run application from ASP.NET

for example,
you have a button on ASP.NET page, when press this button - one
application is invoked.
the code to run application (for example, notepad) is (on C#)

System.Diagnostics.Process.Start("notepad");

but the problem is that the application doesn't run, i.e. no window is
opened.

Note that ASP.NET code is executed on the SERVER.

Solution:

ASPNET user under which application is run should have appropriate
security settings.

1. change local policies for APSNET user:
in WinXP: run secpol.msc

go to Local Policies->User Rights Assignment
find "Deny log on locally" and remove ASPNET user from it.

then find "Deny logon locally" and remove ASPNET user from it.
2. Security for files.
if your application needs also to work with files (open, save, etc)
you have to change security settings for the folders to allow user
ASPNET modify nedeed files.
To test how it works without starting ASP.NET site you can try run in
Windows command line:

runas /user:ASPNET "notepad.exe"

it asks you for the password of ASPNET user. enter the password.
if everything is done correct you will see opened application (notepad
in our example) in new window.

More read here:

http://mxdev.blogspot.com/2008/09/as...om-aspnet.html

Sep 2 '08 #4

P: n/a
I also should have had MUST in capital letters, as I am certainly not
condoning kludging your way around a problem and service wrapping an app
just so you can pop up notepad. :-)

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
"bruce barker" <br*********@discussions.microsoft.comwrote in message
news:2F**********************************@microsof t.com...
actually its worse. to get notepad (or any non-console app) to run, you
need
to enable Interact with desktop. this then means an exe can popup a modal
dialog box (often an error message), on the console, and hang the server
until someone answers the dialog.

-- bruce (sqlwork.com)
"Cowboy (Gregory A. Beamer)" wrote:
>From a standpoint of doing something, this is cool. From a standpoint of
hardening a server, my mind is about to explode, as you are opening up
for
severe security breaches when you opt for this method of opening an
application on a web server.

If you must run a process, you are better to wrap the process call in a
service, as you remove the direct conduit from ASP.NET to the app. This
is
not as big a deal if you are running notepad (not sure why someone would
do
that through ASP.NET on a server, but it is not too risky), but can be a
big
deal with some processes.

Imagine if you left a direct pipe to cmd.exe. Wow!

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
<mx*****@gmail.comwrote in message
news:b6**********************************@25g2000 hsx.googlegroups.com...
Task: run application from ASP.NET

for example,
you have a button on ASP.NET page, when press this button - one
application is invoked.
the code to run application (for example, notepad) is (on C#)

System.Diagnostics.Process.Start("notepad");

but the problem is that the application doesn't run, i.e. no window is
opened.

Note that ASP.NET code is executed on the SERVER.

Solution:

ASPNET user under which application is run should have appropriate
security settings.

1. change local policies for APSNET user:
in WinXP: run secpol.msc

go to Local Policies->User Rights Assignment
find "Deny log on locally" and remove ASPNET user from it.

then find "Deny logon locally" and remove ASPNET user from it.
2. Security for files.
if your application needs also to work with files (open, save, etc)
you have to change security settings for the folders to allow user
ASPNET modify nedeed files.
To test how it works without starting ASP.NET site you can try run in
Windows command line:

runas /user:ASPNET "notepad.exe"

it asks you for the password of ASPNET user. enter the password.
if everything is done correct you will see opened application (notepad
in our example) in new window.

More read here:

http://mxdev.blogspot.com/2008/09/as...om-aspnet.html

Sep 3 '08 #5

P: n/a
as i see - it is not anought to allow Interaction with Desktop

the only solution i found - change Locally Policies to allow ASPNET user or
NetworkService (depending on IIS5 or IIS6) to logon locally

try to run
runas /user:ASPNET "notepad"

it will not open notepad in window..


"bruce barker" wrote:
actually its worse. to get notepad (or any non-console app) to run, you need
to enable Interact with desktop. this then means an exe can popup a modal
dialog box (often an error message), on the console, and hang the server
until someone answers the dialog.

-- bruce (sqlwork.com)
Sep 3 '08 #6

P: n/a
sometimes you need to run application on server side.

i had this task:
when you click button on ASP.NET page - Photoshop application should be
opened and process some image files..

when Photoshop runs hidden (no window, just process in process list) - it
does nothing.

until i changed security settings for ASPNET user.

"Cowboy (Gregory A. Beamer)" wrote:
From a standpoint of doing something, this is cool. From a standpoint of
hardening a server, my mind is about to explode, as you are opening up for
severe security breaches when you opt for this method of opening an
application on a web server.

If you must run a process, you are better to wrap the process call in a
service, as you remove the direct conduit from ASP.NET to the app. This is
not as big a deal if you are running notepad (not sure why someone would do
that through ASP.NET on a server, but it is not too risky), but can be a big
deal with some processes.

Imagine if you left a direct pipe to cmd.exe. Wow!

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
<mx*****@gmail.comwrote in message
news:b6**********************************@25g2000h sx.googlegroups.com...
Task: run application from ASP.NET

for example,
you have a button on ASP.NET page, when press this button - one
application is invoked.
the code to run application (for example, notepad) is (on C#)

System.Diagnostics.Process.Start("notepad");

but the problem is that the application doesn't run, i.e. no window is
opened.

Note that ASP.NET code is executed on the SERVER.

Solution:

ASPNET user under which application is run should have appropriate
security settings.

1. change local policies for APSNET user:
in WinXP: run secpol.msc

go to Local Policies->User Rights Assignment
find "Deny log on locally" and remove ASPNET user from it.

then find "Deny logon locally" and remove ASPNET user from it.
2. Security for files.
if your application needs also to work with files (open, save, etc)
you have to change security settings for the folders to allow user
ASPNET modify nedeed files.
To test how it works without starting ASP.NET site you can try run in
Windows command line:

runas /user:ASPNET "notepad.exe"

it asks you for the password of ASPNET user. enter the password.
if everything is done correct you will see opened application (notepad
in our example) in new window.

More read here:

http://mxdev.blogspot.com/2008/09/as...om-aspnet.html

Sep 3 '08 #7

P: n/a
re:
!change Local Policies to allow ASPNET user to logon locally
!until i changed security settings for ASPNET user.

....which is not recommended.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"mxdev, MCDBA, MCPD, MCITP, MCP" <mx********************@discussions.microsoft.comw rote in message
news:F6**********************************@microsof t.com...
sometimes you need to run application on server side.

i had this task:
when you click button on ASP.NET page - Photoshop application should be
opened and process some image files..

when Photoshop runs hidden (no window, just process in process list) - it
does nothing.

until i changed security settings for ASPNET user.

"Cowboy (Gregory A. Beamer)" wrote:
>From a standpoint of doing something, this is cool. From a standpoint of
hardening a server, my mind is about to explode, as you are opening up for
severe security breaches when you opt for this method of opening an
application on a web server.

If you must run a process, you are better to wrap the process call in a
service, as you remove the direct conduit from ASP.NET to the app. This is
not as big a deal if you are running notepad (not sure why someone would do
that through ASP.NET on a server, but it is not too risky), but can be a big
deal with some processes.

Imagine if you left a direct pipe to cmd.exe. Wow!

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
<mx*****@gmail.comwrote in message
news:b6**********************************@25g2000 hsx.googlegroups.com...
Task: run application from ASP.NET

for example,
you have a button on ASP.NET page, when press this button - one
application is invoked.
the code to run application (for example, notepad) is (on C#)

System.Diagnostics.Process.Start("notepad");

but the problem is that the application doesn't run, i.e. no window is
opened.

Note that ASP.NET code is executed on the SERVER.

Solution:

ASPNET user under which application is run should have appropriate
security settings.

1. change local policies for APSNET user:
in WinXP: run secpol.msc

go to Local Policies->User Rights Assignment
find "Deny log on locally" and remove ASPNET user from it.

then find "Deny logon locally" and remove ASPNET user from it.
2. Security for files.
if your application needs also to work with files (open, save, etc)
you have to change security settings for the folders to allow user
ASPNET modify nedeed files.
To test how it works without starting ASP.NET site you can try run in
Windows command line:

runas /user:ASPNET "notepad.exe"

it asks you for the password of ASPNET user. enter the password.
if everything is done correct you will see opened application (notepad
in our example) in new window.

More read here:

http://mxdev.blogspot.com/2008/09/as...om-aspnet.html


Sep 3 '08 #8

This discussion thread is closed

Replies have been disabled for this discussion.