C# - Application Running Under A Less Privileged Account Start A Process Executing Another Application Under An Administrative Account?
Mar 9, 2011
I am logged in as the administrator when I installed an application named pdflatex.exe on my server. This application works as a converter from LaTeX input file to Pdf file. I host an Asp.net MVC 3 application running under an Application Pool Identity with Load User Profile = True. The Asp.net MVC 3 code contains a code that executes pdflatex.exe using System.Diagnostic.Process instance as follows:
Process p = new Process();
p.EnableRaisingEvents = true;
p.Exited += new EventHandler(p_Exited);
p.StartInfo.Arguments = "-interaction=nonstopmode " + inputpath;
p.StartInfo.WorkingDirectory = @"c:mydomain.comworking";
p.StartInfo.UseShellExecute = false;
p.StartInfo.FileName = "pdflatex.exe";
From the scenario above, the web application runs under a restricted acount but it executes an external application under a default account that I don't know. Can an application running under a less privileged account start a process executing another application under an administrative account?
What is the right approach when users (authenticated domain admins) should be able to start batch jobs (usually exe files) from an IIS (7.x) aspx (c#) page? This is an intranet site. The batch jobs have to run on the web server as Domain Admins. The website pool is executed by network service or some similar restricted account in AD.
Approaches I can think of (and their disadvantages): 1. Start exe file with System.Diagnostics.Process.Start with another account. This feature is disabled in IIS 7.x, how do I allow it?
2. Create a sheduled task and call scheduled task-api. This unmanaged dll is giving VS compiler warnings because it's unsafe to call from managed code.
3. I suppose there's a better approach, because the previous suggestions doesn't appear safe or robust.
my client is more concern about data security. so they want to follow all sql server security policies. As part of sql server security policies we should not give full permission for sql server login, we should give only execute permission for all stored procedures, and functions. To follow the above condtions we created a sql server user with readonly permission and this works fine only when stored procedures dont not have temporary table (#temp tables). if any stored procedure contains temporary table creations, we get an error saying "access denied for so on so tamporary table name'. so is there any way to fix this issue without giving select permission for temporary tables.
I have a website that has a login (Like most websites xD) This then obviosly fetches information from a database and loads it on the page. (EG. Welcome "Display Name")
I have designed and coded a application for my site you can use the features from my web on your desktop, I have added a login (required to use the application) and a register. Both login and register work (Fetching information from the database and writing to the database).
Now I have those out of the way I'm now onto the main part of my program which is to display infomation onto the application about the user account. This could include editing the user account, uploading content to the website or viewing content from the website.. (Sorry but I'd like to explain how I have certain things to get the point across clearly )
Anyway how would I create a sort of session? Like PHP, once you login you can grab information from the database based on the information submitted from the login which was fetched from the database.. When the user presses login on my application it brings them to the main part of the application but I'm now unsure how to load variables and/or session data.
(Side note, I have also sha encryption on my website in the register/login, at the moment VB reads the information from the textbox as normal text is there anyway I can get it to read the sha encryption? and also insert data into the database with this encryption?) - This question is optional.
I have a web application. This application needs to perform a search on folders located on 2 different machines. I can use impersonation for this. But -
a. I don't want to use network service account b. I want to impersonate just the search part of the code. c. Specifying encrypted user name / password in web.config is one option. But this would be the last option.
Can I use a custom service account for the application pool for this? If yes, then how to impersonate a specific part of code using this?
In my application i have two textboxes txt1 and txt2, and a push button btn1, when the user enters his USERNAME and PASSWORD and press the push button, the application should directly connect to gmail and has to login into his gmail Account....
and also for gmail with same code.
but i dont khonw how can i distribute this for my web mail account because i dont khow urls and id and name that must give in the code
I have an application which is installed on local pc and is using SQL db. It is a client management system where I want to add capability to register new clients and give them access to my web site which is sharing the same SQL database with local application.
At the moment clients can register on the web site and I have ASP.NET authorisation system set up with aspnetdb_user, aspnetdb_membership and etc tables. But sometimes it happens that I need to register clients on my local application on PC and ideally would like that registration to create online account for the client as well. Then I want to be able to send him user id and password by email and let him know that he has been registered in my database and online account is ready for him as well.
Basically I want to have full synchronization between asp.net membership service and local application through SQL db. As I said both online and local apps are shareing the same SQL database. what would be the best practice to implement it.
"My application (ASP.NET) writes certain files in folders on my servers. In IIS 6.0 I used to give write access to IUSR account so that IIS can write to the folder. Now what I see is my application pool runs under App Pool Identity account. That is good but users are able to create files in the folders without App Pool Identity user being given specific permission to do so.
I created an application that basically takes the values from a bunch of fields on the page and adds the data to a SQL database table when I click the 'submit' button. However, I created the file directly under the website path, and I created it while it was like that and I tested it without any user authentication going on.
Now, I'd moved it into the ~/Account/etc/... path, because I only want it to be used by authenticated users, and it loads just fine, but when I click the 'submit' button as I used too, it doesn't seem to be loading the info in the database anymore. Why would that happen? do I need to enable SQL to work with the authentication as well?
Code: Dim objstrSupUser As String = "" 'Load the user from the membership provider Dim strUserName As String = ctlLogin.UserName If ctlLogin.UserName.IndexOf("(") > 0 Then objstrSupUser = Regex.Match(strUserName, "(([^)]*))").Groups(1).Value
I am looking at how best to prevent a single user account logging on multiple times in a webforms application. I know that MembershipUser.IsOnline exists, but I've read a few forum and blog entries suggesting that this can be unreliable, particularly in scenarios where a user closes a browser (without logging out) and attempts to logon with a different machine or browser.I looked at implementing a last past the post type system; when a user logs on older users are simply kicked off. It seems that FormsAuthentication.Signout() only works for the current user.
I have an ASP.NET page where at the top of the page is a search box. There are 2 text boxes - one is an autocomplete extender for the Name on a database, and one is just inputting the ID.The page features DetailsViews and GridViews primarily, and even when no account has been searched for, these display blank data which is not ideal. I sort of fixed this by using if (IsPostBack), encasing the elements in a placeholder and setting it to visible only if the page ispostback. But this doesn't cover if the user types in an incorrect ID.
Also, some accounts have huge amounts of data inside the GridView's. I had an issue where because I have no way of detecting when a data source's rows has changed, I end up binding whenever the page loads (Page_Load method). I've come to realise this is simply very bad - there are lots of times when the user can click various things in the page and have the page postback, and it takes an eternity to load each time I click something for accounts with lots of data.Anyway, my question is essentially two-fold but I have a feeling the solution will be similar:1: How can I detect when there are no accounts returned when searching, and disable the Grids/Detailsviews and show an error message?2: How can I figure out when the user searches for another account and only rebind the grids after that has happened?
I have use the mvc 2 web site template and I would like to attach
A user db that I have already created
In my web config file I have change the connection string to this"
When I'm tring to register I'm getting this error :
Login failed for user ''. Description: An unhandled exception occurred during the execution of the current web request. review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Login failed for user ''.Source Error:
I have set a break point in line 127 and I can clearly see that is getting the data (username ,password ,email) What is wrong( with the contion string)?