的Process.Start（）在asp.net？ [英] Process.Start() under asp.net?

问题描述

根据 MSDN ：

ASP.NET网页和服务器控件code执行的背景下
  在Web服务器上的ASP.NET工作进程。如果您使用开始
  方法ASP.NET网页或服务器控制，新工艺
  执行与受限权限在Web服务器上。该
  过程中不会在相同的上下文客户端浏览器启动，并且
  没有访问用户桌面。

ASP.NET Web page and server control code executes in the context of the ASP.NET worker process on the Web server. If you use the Start method in an ASP.NET Web page or server control, the new process executes on the Web server with restricted permissions. The process does not start in the same context as the client browser, and does not have access to the user desktop.

哪些 帐户的precisely是的受限制的权限的？

Which account precisely is the "restricted permissions" ?

例如：

• 我记录到的win7为 RoyiN


• 的Windows身份验证的启用的


• 是假冒的启用的如 BobK 在的web.config（各地网站）


• 的 W3WP 用户用户A （不是网络，也不ApplicationPoolIdentity）。

• I'm logged to win7 as RoyiN
• windows authentication is enabled
• Impersonation is enabled as BobK at web.config ( all over the site)
• The W3WP user is UserA (not network nor ApplicationPoolIdentity).

在C＃我的Process.Start（...... CMD.EXE ...）（与 的StartInfo 凭据：马丁，密码，域）

In C# I do Process.start("....cmd.exe...") ( with Startinfo credentials as : "Martin","Password","Domain")

• 谁是有效的帐户这最后运行的cmd.exe ？

要为之限制权限实际上是对？

To whom "restricted permissions" is actually regarding ?

推荐答案

模拟不会来这里发挥作用，因为在引擎盖下，的Process.Start 是依靠两个本机的Win32调用之一：

Impersonation won't come into play here, since under the hood, Process.Start is relying on one of two native Win32 calls:

如果设置ProcessStartInfo.UserName：

If ProcessStartInfo.UserName is provided:

CreateProcessWithLogonW(startInfo.UserName, startInfo.Domain, ...)

<一个href=\"http://msdn.microsoft.com/en-us/library/windows/desktop/ms682431%28v=vs.85%29.aspx\">CreateProcessWithLogonW

如果不是：

CreateProcess(null, cmdLine, null, null, true, ...)

<一个href=\"http://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx\">CreateProcess

的空已经过去了成CreateProcess的是什么可能是你咬;从MSDN：

The nulls passed into CreateProcess are what's probably biting you; from MSDN:

该结构的lpSecurityDescriptor部件指定主线程一个安全描述符。如果lpThreadAttributes为NULL
  或lpSecurityDescriptor是NULL，线程获取默认的安全
  描述符。一个线程在默认的安全描述符的ACL
  来自进程令牌。

The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the default security descriptor for a thread come from the process token.

请注意从进程令牌说，不是调用线程 - 因为它绑定到线程模拟的标识没有得到一个机会入党

Note it says from process token, not calling thread - the impersonated identity doesn't get a chance to join the party since it's bound to the thread.

这篇关于的Process.Start（）在asp.net？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！