从ASP.NET运行PowerShell脚本 [英] Run PowerShell script from ASP.NET
问题描述
我一直在尝试运行从asp.net PowerShell脚本没有成功已经几天。
I have been trying out running a PowerShell script from asp.net with no success for a few days already.
C#的是:
using (var process = new Process())
{
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.FileName = @"powershell.exe";
startInfo.Arguments = "arguments that call the script here";
startInfo.RedirectStandardOutput = false;
startInfo.RedirectStandardError = false;
startInfo.UseShellExecute = true;
startInfo.CreateNoWindow = true;
process.StartInfo = startInfo;
process.Start();
}
它调用PowerShell脚本包含FF:
The PowerShell script it calls contains the ff:
robocopy "\\network-server\location" "C:\localfolder" "testmovefile.txt"
显然,这里的问题是正确的凭据。但我已经尝试做各种模拟的东西,无论是从C#或脚本级别。我试着这样做的PowerShell脚本:
Obviously the problem here would be the proper credentials. But I have tried doing all sorts of impersonation stuff, whether from C# or in the script level. I tried doing this to the PowerShell script:
$username = "domain\user"
$password = ConvertTo-SecureString –String "password" –AsPlainText -Force
$pp = new-object -typename System.Management.Automation.PSCredential -argumentlist $username,$password
start-process powershell -argument "C:\localfolder\CopyFile.ps1" -Credential $pp
使用没有权限的网络帐户,即使,
它的工作原理,当我在本地运行在PowerShell控制台的脚本,从Web应用程序称为然而,当..什么也没发生。
It works when I run the script in the PowerShell console locally, even when using an account that has no permissions to the network, however when called from the web app.. nothing happens.
应用程序池标识是刚刚设置为默认应用程序池标识,但..我发现,如果我改变身份自定义帐户具有适当权限..它的工作原理。
The App Pool Identity is just set to the default App Pool Identity though.. I found out that if I change the identity to a custom account with the proper rights.. it works.
我仍然在试图寻找不同的解决方案。我希望有一个场景,你可以更改脚本任何东西,它仍然会继续运行。任何长达OK,因为它不改变应用程序池标识。
I am still trying to search for a different solution.. I want a scenario that you can just change anything in the script and it will still still run. Any is OK as long as it does not change the app pool identity.
我想这些孩子的:
- 的http://huddledmasses.org/using-alternate-credentials-with-the-filesystem-in-powershell/
- 在C#中,而不是过程中使用运行空间并使用模仿<一个href=\"http://stackoverflow.com/questions/11806/how-do-you-impersonate-an-active-directory-user-in-powershell\">How你冒充在PowerShell中的Active Directory用户?
- http://huddledmasses.org/using-alternate-credentials-with-the-filesystem-in-powershell/
- using runspace in c# instead of process and using an impersonator How do you impersonate an Active Directory user in Powershell?
但它仍然无法正常工作。我一直在得到拒绝访问。问题是,是否有可能使通过模仿里面有人PowerShell的工作?
But it still doesn't work. I keep on getting access denied. Question is, is it possible to make it work by impersonating someone inside PowerShell?
推荐答案
应用程序池标识有(本地计算机外,并没有)到本地文件系统的机会非常有限。您将需要修改文件系统上的ACL给身份所需要的访问权限。
App pool identities have very limited access to the local file system (and none outside the local computer). You will need to modify ACLs on the file system to give the identities the access they need.
在服务器2008(或Vista),这必须使用命令行完成(如 icacls.exe )的权限GUI不支持的应用程序池标识;与更高版本这可以通过GUI来完成。
In Server 2008 (or Vista) this has to be done with the command line (eg. icacls.exe) as the permissions GUI does not support app pool identity; with later versions this can be done with the GUI.
进程监视器是为制定那里获得被屏蔽了一个很好的工具
Process Monitor is a good tool for working out where access is being blocked.
然而的如果您需要访问网络资源,这是不行的。应用程序池身份是纯粹的地方,他们在网络上没有意义。您需要使用它的应用访问(或多个本地帐户具有相同的名称和密码)的域帐户。
However if you need to access network resources this will not work. App pool identities are purely local, they have no meaning on the network. You need to use a domain account with the applicable access (or multiple local accounts with the same name and password).
这篇关于从ASP.NET运行PowerShell脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
