C# - Application Running Under A Less Privileged Account Start A Process Executing Another Application Under An Administrative Account?
Mar 9, 2011
I am logged in as the administrator when I installed an application named pdflatex.exe on my server. This application works as a converter from LaTeX input file to Pdf file. I host an Asp.net MVC 3 application running under an Application Pool Identity with Load User Profile = True. The Asp.net MVC 3 code contains a code that executes pdflatex.exe using System.Diagnostic.Process instance as follows:
Process p = new Process();
p.EnableRaisingEvents = true;
p.Exited += new EventHandler(p_Exited);
p.StartInfo.Arguments = "-interaction=nonstopmode " + inputpath;
p.StartInfo.WorkingDirectory = @"c:mydomain.comworking";
p.StartInfo.UseShellExecute = false;
p.StartInfo.FileName = "pdflatex.exe";
p.Start();
p.WaitForExit();
From the scenario above, the web application runs under a restricted acount but it executes an external application under a default account that I don't know. Can an application running under a less privileged account start a process executing another application under an administrative account?
View 2 Replies
Similar Messages:
Oct 28, 2010
What is the right approach when users (authenticated domain admins) should be able to start batch jobs (usually exe files) from an IIS (7.x) aspx (c#) page? This is an intranet site. The batch jobs have to run on the web server as Domain Admins. The website pool is executed by network service or some similar restricted account in AD.
Approaches I can think of (and their disadvantages):
1. Start exe file with System.Diagnostics.Process.Start with another account. This feature is disabled in IIS 7.x, how do I allow it?
2. Create a sheduled task and call scheduled task-api. This unmanaged dll is giving VS compiler warnings because it's unsafe to call from managed code.
3. I suppose there's a better approach, because the previous suggestions doesn't appear safe or robust.
View 2 Replies
Jan 24, 2011
my client is more concern about data security. so they want to follow all sql server security policies. As part of sql server security policies we should not give full permission for sql server login, we should give only execute permission for all stored procedures, and functions. To follow the above condtions we created a sql server user with readonly permission and this works fine only when stored procedures dont not have temporary table (#temp tables). if any stored procedure contains temporary table creations, we get an error saying "access denied for so on so tamporary table name'. so is there any way to fix this issue without giving select permission for temporary tables.
View 1 Replies
Jul 16, 2010
If you create a new ASP.NET MVC 2 Web Application and run it, you can register new users and logon. But I can not find where does those account data are put. Database? Local files? Or session?
View 1 Replies
Feb 22, 2011
I am building an MVC app where I want users to login via their existing gmail accounts. how to proceed?
View 1 Replies
Apr 18, 2010
How can i get the gmail contact of my account in asp.net any reference or any code to import the contact of gmail?
View 2 Replies
Mar 16, 2010
I have a website that has a login (Like most websites xD) This then obviosly fetches information from a database and loads it on the page. (EG. Welcome "Display Name")
I have designed and coded a application for my site you can use the features from my web on your desktop, I have added a login (required to use the application) and a register. Both login and register work (Fetching information from the database and writing to the database).
Now I have those out of the way I'm now onto the main part of my program which is to display infomation onto the application about the user account. This could include editing the user account, uploading content to the website or viewing content from the website.. (Sorry but I'd like to explain how I have certain things to get the point across clearly )
Anyway how would I create a sort of session? Like PHP, once you login you can grab information from the database based on the information submitted from the login which was fetched from the database.. When the user presses login on my application it brings them to the main part of the application but I'm now unsure how to load variables and/or session data.
(Side note, I have also sha encryption on my website in the register/login, at the moment VB reads the information from the textbox as normal text is there anyway I can get it to read the sha encryption? and also insert data into the database with this encryption?) - This question is optional.
View 7 Replies
Jan 14, 2011
I have a web application. This application needs to perform a search on folders located on 2 different machines. I can use impersonation for this. But -
a. I don't want to use network service account
b. I want to impersonate just the search part of the code.
c. Specifying encrypted user name / password in web.config is one option. But this would be the last option.
Can I use a custom service account for the application pool for this? If yes, then how to impersonate a specific part of code using this?
View 3 Replies
Feb 22, 2011
I am building a MVC app where I want users to login using their Windows Live email account. Any ideas how to proceed? Show code...
View 1 Replies
Oct 12, 2010
In my application i have two textboxes txt1 and txt2, and a push button btn1, when the user enters his USERNAME and PASSWORD and press the push button, the application should directly connect to gmail and has to login into his gmail Account....
[code]....
and also for gmail with same code.
but i dont khonw how can i distribute this for my web mail account because i dont khow urls and id and name that must give in the code
View 1 Replies
Sep 18, 2010
i want asp.net script to create new email account. i mean there should b registration form like gmail or yahoomail and my user can create their own account under my domain name.
View 1 Replies
Aug 30, 2012
I am trying hard from the past 2 days to Send mail to my gmail account. But I am not able to do so
Only Exception i am getting is "Failure sending mail."
If i am giving wrong username and password then it is giving the exception
" The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required. Learn more at"
0
2
View 1 Replies
Mar 14, 2010
the following is wat i get when i access to my GA account.
may i know how do i retrieve data from ga account to my web application?
i need to know pageviews, avg time on page and etc and populate to my gridview control.
* meanwhile, may i know wat's bounce rate and exit rate in GA report?
i try to get code from net but failed..
View 6 Replies
Oct 29, 2010
2 server web farm windows 2008 r2 nlb. In IIS I enable windows authentication all other authentication is disabled. Code behind
[Code]....
web.config
[Code]....
The code returns the application pool custom account e.g. DOMAINWebApp_user. What I want is the logged in user's username. How do I get this?
View 2 Replies
Sep 12, 2010
I have an application which is installed on local pc and is using SQL db. It is a client management system where I want to add capability to register new clients and give them access to my web site which is sharing the same SQL database with local application.
At the moment clients can register on the web site and I have ASP.NET authorisation system set up with aspnetdb_user, aspnetdb_membership and etc tables. But sometimes it happens that I need to register clients on my local application on PC and ideally would like that registration to create online account for the client as well. Then I want to be able to send him user id and password by email and let him know that he has been registered in my database and online account is ready for him as well.
Basically I want to have full synchronization between asp.net membership service and local application through SQL db. As I said both online and local apps are shareing the same SQL database. what would be the best practice to implement it.
View 1 Replies
Nov 1, 2010
"My application (ASP.NET) writes certain files in folders on my servers. In IIS 6.0 I used to give write access to IUSR account so that IIS can write to the folder. Now what I see is my application pool runs under App Pool Identity account. That is good but users are able to create files in the folders without App Pool Identity user being given specific permission to do so.
View 2 Replies
Jan 23, 2011
I created an application that basically takes the values from a bunch of fields on the page and adds the data to a SQL database table when I click the 'submit' button. However, I created the file directly under the website path, and I created it while it was like that and I tested it without any user authentication going on.
Now, I'd moved it into the ~/Account/etc/... path, because I only want it to be used by authenticated users, and it loads just fine, but when I click the 'submit' button as I used too, it doesn't seem to be loading the info in the database anymore. Why would that happen? do I need to enable SQL to work with the authentication as well?
View 5 Replies
Jul 28, 2014
I have a web app Which Uses Forms Authentication.
One thing that we want to be able to do on Support is login to a specific users account Via our admin account.
We are using the standard asp.net membership authentication.
The idea would be for the support technition to be able to login using credentials like admin(<Troubled User>) using the Admin Account password
We are using a a Standard ASP.Login Control
The real Issue is that the Me.Page.User.Identity.Name is set to the value on the CtlLogin.Username Property. I need it to be the the Support Login?
Login Control
Code:
<asp:Login ID="ctlLogin" runat="server" DisplayRememberMe="False" Font-Names="Arial Rounded MT Bold" Font-Size="12pt" ForeColor="Black"
MembershipProvider="MembershipProvider" Width="100%" TitleText="" UserNameLabelText="User" VisibleWhenLoggedIn="False" RememberMeSet="True"
PasswordLabelText="Password" EnableTheming="False" Height="35px" >
[Code] ....
Validate User Script
Code:
Dim objstrSupUser As String = ""
'Load the user from the membership provider
Dim strUserName As String = ctlLogin.UserName
If ctlLogin.UserName.IndexOf("(") > 0 Then
objstrSupUser = Regex.Match(strUserName, "(([^)]*))").Groups(1).Value
[Code] ....
View 5 Replies
Dec 16, 2010
I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.
View 2 Replies
Feb 2, 2011
Do I just need to make a field for account type in my user account table? In a technical way, if(account type = admin) then the account would log as admin; otherwise, a user with less privileges.
View 7 Replies
Oct 15, 2010
I have an ASP.NET page where at the top of the page is a search box. There are 2 text boxes - one is an autocomplete extender for the Name on a database, and one is just inputting the ID.The page features DetailsViews and GridViews primarily, and even when no account has been searched for, these display blank data which is not ideal. I sort of fixed this by using if (IsPostBack), encasing the elements in a placeholder and setting it to visible only if the page ispostback. But this doesn't cover if the user types in an incorrect ID.
Also, some accounts have huge amounts of data inside the GridView's. I had an issue where because I have no way of detecting when a data source's rows has changed, I end up binding whenever the page loads (Page_Load method). I've come to realise this is simply very bad - there are lots of times when the user can click various things in the page and have the page postback, and it takes an eternity to load each time I click something for accounts with lots of data.Anyway, my question is essentially two-fold but I have a feeling the solution will be similar:1: How can I detect when there are no accounts returned when searching, and disable the Grids/Detailsviews and show an error message?2: How can I figure out when the user searches for another account and only rebind the grids after that has happened?
View 1 Replies
Nov 12, 2010
I have use the mvc 2 web site template and I would like to attach
A user db that I have already created
In my web config file I have change the connection string to this"
[Code]....
When I'm tring to register I'm getting this error :
Login failed for user ''. Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Login failed for user ''.Source Error:
[Code]....
I have set a break point in line 127 and I can clearly see that is getting the data (username ,password ,email) What is wrong( with the contion string)?
View 2 Replies
Mar 16, 2011
If I enable Anonymous in IIS under windows 2003, the ASP.NET will execute code under IUSR_XXX or account of application pool?
View 3 Replies
Mar 9, 2011
Which process running on an IIS web server is responsible for the creation of w3wp.exe worker processes for each asp.net application?
View 2 Replies
Apr 19, 2010
My web application is a product which has to deploy to a variety of web servers. Is there a way to determine the account name that the .Net worker process account is using at runtime?
View 1 Replies
