473,243 Members | 1,562 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,243 software developers and data experts.

Process.Start with Username hangs

The following C# web service works fine until you uncomment the lines
setting UserName and Password. Then the process starts as the
specified user, but hangs in a suspended state. In fact, any
executable will exhibit this problem; it is not specific to whoami.exe.
This is with .NET 2.0, of course (1.1 does not support running a
process as a different user). This appears to be a bug. Can anyone
comment?

<%@ WebService Language="C#" Class="Kirk.ForkIt" %>

using System;
using System.IO;
using System.Collections;
using System.Security;
using System.Web.Services;
using System.Diagnostics;

namespace Kirk
{
public class ForkIt
{

[WebMethod]
public string Main()
{
Process p = new Process();
ProcessStartInfo pInfo = new
ProcessStartInfo(@"c:\windows\system32\whoami.exe" );

SecureString password = new SecureString();
// set value for password here.
password.AppendChar('s');
password.AppendChar('e');
password.AppendChar('c');
password.AppendChar('r');
password.AppendChar('e');
password.AppendChar('t');

pInfo.UserName = "Administrator";
pInfo.Password = password;
pInfo.CreateNoWindow = true;
pInfo.UseShellExecute = false;
pInfo.RedirectStandardOutput = true;

p.StartInfo = pInfo;
p.Start();

String output = p.StandardOutput.ReadToEnd();
p.WaitForExit();

return output;
}
}
}

Feb 8 '06 #1
11 13251
hmmm

maybe try putting the domain/computer name in front of the username:

pInfo.UserName = "MyComputer\Administrator";

not sure, i havent used this feature in 2.0 yet

Feb 8 '06 #2
Thanks, but your suggestion doesn't help. There is a Domain member for
the ProcessStartInfo class, but setting that to the computer name
doesn't help. Anyway, the authentication is not an issue _in itself_
as I can see that the hung process is running as the specified user
(Administrator in this case). I can get any domain account to run the
process, it's just that the process hangs -- any process.

Feb 8 '06 #3
What OS are you running this on and Who's the callers identity, that is the
identity of the asp.net process or the impersonating identity if
impersonation is active?

Willy.

"Kirk" <ki***********@gmail.com> wrote in message
news:11**********************@g14g2000cwa.googlegr oups.com...
| The following C# web service works fine until you uncomment the lines
| setting UserName and Password. Then the process starts as the
| specified user, but hangs in a suspended state. In fact, any
| executable will exhibit this problem; it is not specific to whoami.exe.
| This is with .NET 2.0, of course (1.1 does not support running a
| process as a different user). This appears to be a bug. Can anyone
| comment?
|
| <%@ WebService Language="C#" Class="Kirk.ForkIt" %>
|
| using System;
| using System.IO;
| using System.Collections;
| using System.Security;
| using System.Web.Services;
| using System.Diagnostics;
|
| namespace Kirk
| {
| public class ForkIt
| {
|
| [WebMethod]
| public string Main()
| {
| Process p = new Process();
| ProcessStartInfo pInfo = new
| ProcessStartInfo(@"c:\windows\system32\whoami.exe" );
|
| SecureString password = new SecureString();
| // set value for password here.
| password.AppendChar('s');
| password.AppendChar('e');
| password.AppendChar('c');
| password.AppendChar('r');
| password.AppendChar('e');
| password.AppendChar('t');
|
| pInfo.UserName = "Administrator";
| pInfo.Password = password;
| pInfo.CreateNoWindow = true;
| pInfo.UseShellExecute = false;
| pInfo.RedirectStandardOutput = true;
|
| p.StartInfo = pInfo;
| p.Start();
|
| String output = p.StandardOutput.ReadToEnd();
| p.WaitForExit();
|
| return output;
| }
| }
| }
|
Feb 8 '06 #4
OS is Windows 2003 Server. I run IE6 and invoke the Web Service via
the Invoke button from the default generator for .asmx files. The asmx
file is also local to the web server; everything is on the same
machine.

I have impersonate set to true in my
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONF IG\web.config file,
and I am logged in as a domain user (DOMAIN/SOFTINFO, same DOMAIN that
the server is in) with Administrative priviledges. When I invoke the
service, Environment.DomainName="SW-WEB"
Environment.UserName="IUSR_SWDEVL2" (SW-WEB is the name of the machine,
SWDEVL2 was the previous name of the machine).

If I remove impersonation from my web.config, the service throws an
exception...Access is Denied. Environment.DomainName="DOMAIN"
Environment.UserName="SYSTEM". Not sure what SYSTEM really means, but
I suppose it doesn't have permission to create processes. Anyway,
that's why I enabled impersonation in the first place (plus it's how my
old ASP stuff works and I like it for our intranet).

I'm no expert, but my understanding is that impersonation will run my
Web Service thread as the client user, however, when my process forks,
it will run as the IIS user. I'm a bit confused, though, becuase I
would expect UserName to be "SOFTINFO" for the case where I have
impersonation turned on. Perhaps you can clarify this.

The Web Service is inline, and running from an Application Pool with
Identity set to Local System. I also set it to Network Service and
witness the same behavior. If I set it to Local Service I get the
following error when I Invoke the Web Service (this is not a problem
for me, but it might be a clue, I don't know):

System.InvalidOperationException: Unable to generate a temporary class
(result=1).
error CS2001: Source file 'C:\WINDOWS\TEMP\qa0vmnpy.0.cs' could not be
found
error CS2008: No inputs specified

at System.Xml.Serialization.Compiler.Compile(Assembly parent, String
ns, CompilerParameters parameters, Evidence evidence)
at
System.Xml.Serialization.TempAssembly.GenerateAsse mbly(XmlMapping[]
xmlMappings, Type[] types, String defaultNamespace, Evidence evidence,
CompilerParameters parameters, Assembly assembly, Hashtable assemblies)
at System.Xml.Serialization.TempAssembly..ctor(XmlMap ping[]
xmlMappings, Type[] types, String defaultNamespace, String location,
Evidence evidence)
at System.Xml.Serialization.XmlSerializer.FromMapping s(XmlMapping[]
mappings, Evidence evidence)
at
System.Web.Services.Protocols.XmlReturn.GetInitial izers(LogicalMethodInfo[]
methodInfos)
at
System.Web.Services.Protocols.XmlReturnWriter.GetI nitializers(LogicalMethodInfo[]
methodInfos)
at System.Web.Services.Protocols.MimeFormatter.GetIni tializers(Type
type, LogicalMethodInfo[] methodInfos)
at System.Web.Services.Protocols.HttpServerType..ctor (Type type)
at System.Web.Services.Protocols.HttpServerProtocol.I nitialize()
at System.Web.Services.Protocols.ServerProtocolFactor y.Create(Type
type, HttpContext context, HttpRequest request, HttpResponse response,
Boolean& abortProcessing)

Thanks,
Kirk

Feb 9 '06 #5

"Kirk" <ki***********@gmail.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
| OS is Windows 2003 Server. I run IE6 and invoke the Web Service via
| the Invoke button from the default generator for .asmx files. The asmx
| file is also local to the web server; everything is on the same
| machine.
|
| I have impersonate set to true in my
| C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONF IG\web.config file,
| and I am logged in as a domain user (DOMAIN/SOFTINFO, same DOMAIN that
| the server is in) with Administrative priviledges. When I invoke the
| service, Environment.DomainName="SW-WEB"
| Environment.UserName="IUSR_SWDEVL2" (SW-WEB is the name of the machine,
| SWDEVL2 was the previous name of the machine).
|
Environment.UserName="IUSR_SWDEVL2"
That's an indication that you are impersonating 'the' "anonymous" user.

| If I remove impersonation from my web.config, the service throws an
| exception...Access is Denied. Environment.DomainName="DOMAIN"
| Environment.UserName="SYSTEM". Not sure what SYSTEM really means, but
| I suppose it doesn't have permission to create processes. Anyway,
| that's why I enabled impersonation in the first place (plus it's how my
| old ASP stuff works and I like it for our intranet).
|

That's an indication that you run your asp.net process as localsystem. Note
that you can't create another process using different user credentials (as
you do in your code) from a process that runs as localsystem (W2K3 and XP
SP2).

| I'm no expert, but my understanding is that impersonation will run my
| Web Service thread as the client user, however, when my process forks,
| it will run as the IIS user. I'm a bit confused, though, becuase I
| would expect UserName to be "SOFTINFO" for the case where I have
| impersonation turned on. Perhaps you can clarify this.
|

Yes, taht's because you haven enabled Windows authentication while
impersonating (see you web.config file), so you are impersonating the
default "anonymous" user which has the form IUSR_XXXXX, where XXXXX is the
machine name.

| The Web Service is inline, and running from an Application Pool with
| Identity set to Local System. I also set it to Network Service and
| witness the same behavior. If I set it to Local Service I get the
| following error when I Invoke the Web Service (this is not a problem
| for me, but it might be a clue, I don't know):
|

"Local Service" or (better) "local network" must be granted access rights to
the TEMP folder and a couple of other folder too.
Note that all of these question can better be answered when you post to the
asp or aspnet NG's, this NG is for C# only.
Willy.
Feb 9 '06 #6
Thanks. Your reply, some sleep, and a fresh pot of coffe have alerted
me to the fact that my virtual directory under IIS was set to allow
anonymous access -- not what I intended. So...I set it to integrated
Windows auth and now I see the DOMAIN user in Environment.UserName when
I invoke the service (as expected). However, I get an Access is Denied
exception when I try to start the process when I set the
ProcesStartInfo UserName and Password to the local Administrator
account. If I don't set UserName and Password in ProcessStartInfo,
then the service runs fine. In that case, I see UserName is the domain
user I logged in as when challenged from the browser, and whoami.exe
returns "nt authority / system".

I suspect the issue is what you said: "Note that you can't create
another process using different user credentials (as you do in your
code) from a process that runs as localsystem (W2K3 and XP SP2)." I
assume the solution is to use an Application Pool to run the Web
Service in a process owned by a different user. So I set the
Configurable Identity section of the App Pool properties to use Local
Administrator (and added Administrator to the IIS_WPG group, and
granted user rights as specified here:
http://www.microsoft.com/technet/pro.../appisoa.mspx).
Now when I invoke without UserName set, whoami tells me it is the
local Administrator as expected. But if I set UserName, I still get
Access is Denied. What other access do I need to grant local
Administrator to allow it to create this process as a different user?

I will cross-post this to the aspnet NG.

Thanks, again.
Kirk

Feb 9 '06 #7
Willy, I hope you haven't given up on me. I'm getting no responses
from the other newsgroups. Do you have any further suggestions for me?

Thanks,
Kirk

Feb 10 '06 #8

"Kirk" <ki***********@gmail.com> wrote in message
news:11**********************@g43g2000cwa.googlegr oups.com...
| Thanks. Your reply, some sleep, and a fresh pot of coffe have alerted
| me to the fact that my virtual directory under IIS was set to allow
| anonymous access -- not what I intended. So...I set it to integrated
| Windows auth and now I see the DOMAIN user in Environment.UserName when
| I invoke the service (as expected). However, I get an Access is Denied
| exception when I try to start the process when I set the
| ProcesStartInfo UserName and Password to the local Administrator
| account. If I don't set UserName and Password in ProcessStartInfo,
| then the service runs fine. In that case, I see UserName is the domain
| user I logged in as when challenged from the browser, and whoami.exe
| returns "nt authority / system".
|
| I suspect the issue is what you said: "Note that you can't create
| another process using different user credentials (as you do in your
| code) from a process that runs as localsystem (W2K3 and XP SP2)." I
| assume the solution is to use an Application Pool to run the Web
| Service in a process owned by a different user. So I set the
| Configurable Identity section of the App Pool properties to use Local
| Administrator (and added Administrator to the IIS_WPG group, and
| granted user rights as specified here:
|
http://www.microsoft.com/technet/pro.../appisoa.mspx).
| Now when I invoke without UserName set, whoami tells me it is the
| local Administrator as expected. But if I set UserName, I still get
| Access is Denied. What other access do I need to grant local
| Administrator to allow it to create this process as a different user?
|
| I will cross-post this to the aspnet NG.
And who's the user you set, is it a local user?
If it's a local user, can he launch the command from the command line (using
runas)
Willy.
Feb 10 '06 #9
I tried domain users as well as the local (server) administrator
account, which I thought for sure should work since that's what the
pool is running as, but still no luck. I can run "runas
/user:Administrator "c:\windows\system32\whoami.exe" no problem. (I
can see that it is in fact running if I runas a batch file that calls
whoami.exe over and over so the cmd box doesn't disappear right away.)
I can also run it as domain users (I tried using a domain account
instead of Administrator to manage the pool, but that didn't help).

A quick recap of my config and stuff just to check sanity:

* Windows Server 2003 with .NET 2.0 SDK installed
* IIS virtual directory for web_services set to integrated Windows
authentication
* web_services use app pool WebServices
* WebServices app pool sets Identity Configurable: local server
Administrator account
* (I also ran aspnet_regiis.exe -ga on Administrator just in case)
* Impersonate set to true in web.config; authentication Windows
* Browser connects to aspx page as a separate domain user with access
to aspx file

My basic web service to invoke whoami.exe works fine with this config
unless you set UserName and Password on ProcessStartInfo. All
UserNames will fail, but most striking is the local server
Administrator also fails (even though that's what the pool uses). The
result is an Access is Denied exception from Process.Start.

Thanks,
Kirk

Feb 10 '06 #10

"Kirk" <ki***********@gmail.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com...
|I tried domain users as well as the local (server) administrator
| account, which I thought for sure should work since that's what the
| pool is running as, but still no luck. I can run "runas
| /user:Administrator "c:\windows\system32\whoami.exe" no problem. (I
| can see that it is in fact running if I runas a batch file that calls
| whoami.exe over and over so the cmd box doesn't disappear right away.)
| I can also run it as domain users (I tried using a domain account
| instead of Administrator to manage the pool, but that didn't help).
|
| A quick recap of my config and stuff just to check sanity:
|
| * Windows Server 2003 with .NET 2.0 SDK installed
| * IIS virtual directory for web_services set to integrated Windows
| authentication
| * web_services use app pool WebServices
| * WebServices app pool sets Identity Configurable: local server
| Administrator account
| * (I also ran aspnet_regiis.exe -ga on Administrator just in case)
| * Impersonate set to true in web.config; authentication Windows
| * Browser connects to aspx page as a separate domain user with access
| to aspx file
|
| My basic web service to invoke whoami.exe works fine with this config
| unless you set UserName and Password on ProcessStartInfo. All
| UserNames will fail, but most striking is the local server
| Administrator also fails (even though that's what the pool uses). The
| result is an Access is Denied exception from Process.Start.
|
| Thanks,
| Kirk
|

Ok, may I suggest you to:
1. turn-on logon auditing using the "local security policy" editor (local
polcies/audit policy account and event logon)
2. try several scenario's, and ...
3. watch the security log in eventviewer.
Willy.

Feb 11 '06 #11
All audits pass. With impersonation off, the process starts as the
C#-specified user, but hangs. I can see it running as the C#-specified
user in Task Manager. There is another poster in framework.aspnet, so
hopefully he has some other ideas. Thanks, Willy, for your help.

Feb 14 '06 #12

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: toby | last post by:
Can any one help? I'm trying to use System.Diagnostics.Process.Start to open legacy MS access aplications (ade and mdb files) and vb 6 .exe's using asp.net. There is something confusing going on?!?...
6
by: kk | last post by:
hello to all, I want to call an exe file on other system(on the same LAN)though a webservice(by placing the dll).For that i use the following code in C#...... Process ps = new Process();...
0
by: Paul | last post by:
Hi, I'm trying to kick off the iiscnfg.vbs from a webservice to export a website's config to an xml file (And eventually populate other servers with the config). I initially tried this using the...
11
by: Kirk | last post by:
The following C# web service works fine until you uncomment the lines setting UserName and Password. Then the process starts as the specified user, but hangs in a suspended state. In fact, any...
0
by: Kirk | last post by:
The following C# web service works fine until you uncomment the lines setting UserName and Password. Then, Process.Start throws an Access is Denied Exception. This is with .NET 2.0, of course...
6
by: Alexander Widera | last post by:
hello, if i start a program (an exe-file) with Process.Start(...) I don't have the required permissions that the programm needs (i could start the programm but the program needs special rights)....
10
by: Stephany Young | last post by:
When one uses the System.Diagnostics.Process.Start method to launch a common or garden Console application, one can set the WindowStyle property of the StartInfo object to ProcessWindowStyle.Hidden...
7
by: christian13467 | last post by:
Hi, I'm using ASP.Net 2.0 with IIS 6.0 on windows server 2003 sp1. Calling a commandline program or a cmd file using Process.Start inside a webservice method. The call to Process.Start returns...
4
by: =?Utf-8?B?VkIgSm9ubmll?= | last post by:
I am at my witless end here, please help! I have an ASP.Net aspx web page, hosted on Windows Server 2003, that receives a query string with the path to an autocad drawing file selected from a...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.