起价asp.net使用身份验证的用户凭据的控制台应用程序 [英] Starting a console application from asp.net using authenticated user credentials

问题描述

我，让我开始一个远程服务器上的控制台应用程序下面的异步控制器动作。我的问题是与问候的权限和验证。我曾尝试以下，的这在我的理解让 app.Start（valuationDate）来运行的模拟用户的。这样做的原因是，在控制台应用程序需要访问网络资源，这种Web应用程序的用户将拥有所需的访问权限。 （作为一个方面说明，控制台应用程序运行，因为没有错误的计划任务）

我怀疑的问题是控制台应用程序是根据这会导致网络资源的拒绝访问错误的IIS应用程序池的身份继续运行。控制台应用程序本身启动，但IIS用户帐户的限制访问导致失败。

我曾试图改变程序池身份为授权用户的身份运行的过程中正确执行。我希望对不要求我改变在服务器上的程序池身份的溶液

我能如何使用通过认证的用户的详细信息，启动控制台应用程序？

控制器操作：

  [HttpPost]
公共无效RunAsync（DateTime的valuationDate）
{
    AsyncManager.OutstandingOperations.Increment（）;
    Task.Factory.StartNew（（）=＆GT; RunApp（valuationDate））;
}私人无效RunApp（DateTime的valuationDate）
    {
        ConsoleWrapper应用=新ConsoleWrapper（）;
        的WindowsIdentity winId =（的WindowsIdentity）HttpContext.User.Identity;
        WindowsImpersonationContext CTX = NULL;
        尝试
        {
            CTX = winId.Impersonate（）;
            app.Start（valuationDate）;
        }
        赶上（例外五）
        {
            扔;
        }
        最后
        {            如果（CTX！= NULL）{ctx.Undo（）;}        }
        AsyncManager.Parameters [成功] = app.Success（）;
        AsyncManager.Parameters [消息] = app.Message（）;
        AsyncManager.OutstandingOperations.Decrement（）;
    }
 

ConsoleWrapper：

 公共无效启动（日期时间valuationDate）
    {
        VAR appExe = Config.Default.CONSOLE_APP;
        INPROGRESS =真;
        登录=的String.Empty;
        成功= FALSE;
        消息=的String.Empty;        尝试
        {
            VAR工艺=新工艺（）;
            process.StartInfo.FileName = appExe;
            process.StartInfo.Arguments = valuationDate.ToString（DD-MMM-YYYY）;            process.EnableRaisingEvents = TRUE;            process.StartInfo.UseShellExecute =真;
            process.StartInfo.RedirectStandardOutput =真;            process.Exited + =新的EventHandler（process_Exited）;
            process.OutputDataReceived + =新DataReceivedEventHandler（process_OutputDataReceived）;
            的Process.Start（）;
            process.WaitForExit（）;        }
        赶上（例外五）{/ *剪断* /}    }
 

解决方案

如果您使用的是Windows身份验证并尝试运行位于您需要的代表团而不是模拟：

  

要访问网络资源时，你
  需要委托级别的令牌。要得到
  此令牌类型，您的服务器需要
  作为值得信赖的配置
  代表团在Active Directory中。

您还可以检出以下KB 的。并在MSDN 又一文章。

另一种可能性是有，将始终用于运行控制台应用程序的一些通用的帐户。

I have the following asynchronous controller actions which allows me to start a console application on a remote server. My issue is with regards to the permissions and authentication. I have tried the following, which in my understanding allows the app.Start(valuationDate) to run as the impersonated user. The reason for this is that the console application needs to access network resources and the user of this web app will have the required access rights. (As a side note, the console app runs as a scheduled task without error)

The issue I suspect is that the console app is still run under the IIS app pool identity which causes network resource "Access Denied" errors. The console application itself starts, but the restricted access of the IIS user account causes the failure.

I have tried changing the AppPool identity to run as an authorised user and the process executes correctly. I am hoping for a solution that does not require me to change the AppPool identity on the server.

How can I do to start the console application using the authenticated users details?

Controller Actions:

[HttpPost]
public void RunAsync(DateTime valuationDate)
{
    AsyncManager.OutstandingOperations.Increment();
    Task.Factory.StartNew(() => RunApp(valuationDate));
}

private void RunApp(DateTime valuationDate)
    {
        ConsoleWrapper app = new ConsoleWrapper();
        WindowsIdentity winId = (WindowsIdentity)HttpContext.User.Identity;           
        WindowsImpersonationContext ctx = null;
        try
        {
            ctx = winId.Impersonate();
            app.Start(valuationDate);
        }
        catch (Exception e)
        {
            throw;
        }
        finally
        {

            if (ctx != null) {ctx.Undo();}

        }
        AsyncManager.Parameters["success"] = app.Success();
        AsyncManager.Parameters["message"] = app.Message();
        AsyncManager.OutstandingOperations.Decrement();
    }

ConsoleWrapper:

public void Start(DateTime valuationDate)
    {
        var appExe = Config.Default.CONSOLE_APP;
        InProgress = true;
        log = String.Empty;
        success = false;
        message = String.Empty;

        try
        {
            var process = new Process();
            process.StartInfo.FileName = appExe;
            process.StartInfo.Arguments = valuationDate.ToString("dd-MMM-yyyy");

            process.EnableRaisingEvents = true;

            process.StartInfo.UseShellExecute = true;
            process.StartInfo.RedirectStandardOutput = true;

            process.Exited += new EventHandler(process_Exited);
            process.OutputDataReceived += new DataReceivedEventHandler(process_OutputDataReceived);
            process.Start();
            process.WaitForExit();

        }
        catch (Exception e){/* snip */}

    }

解决方案

If you are using Windows Authentication and the application you are trying to run is located on a remote server you need delegation and not impersonation:

To access a network resource, you need to delegate-level token. To get this token type, your server needs to be configured as trusted for delegation in Active Directory.

You may also checkout the following KB. And yet another article on MSDN.

Another possibility is to have some generic account that will be always used for running the console application.

这篇关于起价asp.net使用身份验证的用户凭据的控制台应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！