ASP.Net应用程序执行PowerShell脚本作为IIS_USR [英] ASP.Net application executing powershell scripts as IIS_USR
问题描述
我建立一个asp.net MVC应用程序,这将成为许多PowerShell脚本,我们已经写来管理日常任务的包装操作(带很容易使非技术人员使用的最终目标脚本)。
I am building an asp.net mvc application which will operate as a wrapper for a number of powershell scripts we've written to manage day to day tasks (with the end goal of making it easy for a non technical person to use the scripts).
我已经成功地得到很好的执行脚本:
I've managed to get the scripts executing nicely:
var ctx = System.Web.HttpContext.Current;
var file = ctx.Server.MapPath("~/Content/Powershell/psStoreLive.ps1"); #activate a store
var shell = PowerShell.Create();
shell.AddCommand(file);
shell.AddArgument(o.DBName); # which store should we activate
var results = shell.Invoke(); # and then process the results....display output of script
的问题是,脚本被作为IIS_USR(或类似的)来执行。
The problem is that the scripts are being executed as IIS_USR (or similar).
我需要找到一种方式来获得的IIS服务器执行登录的用户脚本作为当前(使用Windows身份验证(<身份验证模式=窗口/> ))。
I need to find a way to get the IIS server to execute the scripts as the current logged in user ( using Windows Authentication ( <authentication mode="Windows" /> ) ).
<$c$c>http://stackoverflow.com/questions/10837377/loginview-and-passing-credentials-to-powershell并且,虽然看起来像它也许会工作,我不满意的想法。
I've seen http://stackoverflow.com/questions/10837377/loginview-and-passing-credentials-to-powershell and, while that looks like it will maybe work, I am not satisfied with the idea.
在我看来,我应该能够与一些C#code要做到这一点,因为在code以上块,但我已经无力回天了任何与我的搜索,会做吧。
It seems to me that I should be able to do this with some C# code, as in the code-block above, but I've been unable to turn up anything with my searches that will do it.
如何创建在C#的PowerShell环境,将执行作为登录的用户(我会满足于甚至重新询问凭据,如果需要的话)
How can I create a powershell environment in C# that will execute as a logged-in user (I'd settle for even re-asking for credentials, if necessary)
感谢
我已经看了看PSCredential对象,这似乎是正确的事情,但我仍然无法弄清楚如何我可能把它插入到一个会话的整体(大量的信息如何使用它作为一个参数需要凭证cmdlet的)
I have looked at the PSCredential object, and that seems to be the right kind of thing, but I still can't figure out how I might plug it into a session overall (lots of info about using it as a parameter to a cmdlet that requires a credential)
推荐答案
虽然你可能能够做到这一点,安全问题是不是很漂亮。
Although you might be able to do this, the security implications are not very nice.
有关我们已经创建了处理传入的请求运行一个脚本或命令并保存到客户端拉他们的队列,并执行他们的服务层的类似要求。
For a similar requirement we have created a service layer that handles incoming requests to run a script or command and stores them for a client to pull them of the queue and execute them.
客户端可以是在计算机上运行的Windows服务或只是一个脚本。
The client could be either a windows service or just a script running on the machine.
有一个很好的理由,一个Web应用程序不能访问本地资源,它运行的计算机或网络上。
There is a very good reason that a web application does not have access to local resources on the computer or network where it is running.
如果您无论如何要做到这一点,只需配置应用程序池使用不同的身份,以上建议。
If you want to do it anyway, just configure the application pool to use a different identity as suggested above.
这篇关于ASP.Net应用程序执行PowerShell脚本作为IIS_USR的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
