Impersonation & CScript problem.
-
Hello, I've been trying to execute CSCRIPT.EXE through my asp.net application to execute some IIS admin scripts. To do this, CSCRIPT.EXE has to be ran by an administrator.
// Put user code to initialize the page here WindowsImpersonationContext x = NetworkSecurity.ImpersonateUser("MACHINE_NAME_WOULD", "Administrator", "ADMINISTRATOR_PASSWORD_WOULD_GO_HERE", LogonType.LOGON32_LOGON_INTERACTIVE, LogonProvider.LOGON32_PROVIDER_DEFAULT); System.Diagnostics.Process proc = new System.Diagnostics.Process(); proc.StartInfo.FileName = "cscript.exe"; proc.StartInfo.Arguments = "c:\windows\system32\iisweb.vbs /query"; proc.StartInfo.RedirectStandardOutput = true; proc.StartInfo.UseShellExecute = false; proc.Start(); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine());Additional code if you want to try it out for yourself:public enum LogonType : int { LOGON32_LOGON_INTERACTIVE = 2, LOGON32_LOGON_NETWORK = 3, LOGON32_LOGON_BATCH = 4, LOGON32_LOGON_SERVICE = 5, LOGON32_LOGON_UNLOCK = 7, LOGON32_LOGON_NETWORK_CLEARTEXT = 8, // Only for Win2K or higher LOGON32_LOGON_NEW_CREDENTIALS = 9 // Only for Win2K or higher }; public enum LogonProvider : int { LOGON32_PROVIDER_DEFAULT = 0, LOGON32_PROVIDER_WINNT35 = 1, LOGON32_PROVIDER_WINNT40 = 2, LOGON32_PROVIDER_WINNT50 = 3 }; class SecuUtil32 { [DllImport("advapi32.dll", SetLastError=true)] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr TokenHandle); [DllImport("kernel32.dll", CharSet=CharSet.Auto)] public extern static bool CloseHandle(IntPtr handle); [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)] public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle); } /// /// Summary description for NetworkSecurity. /// public class NetworkSecurity { public NetworkSecurity() { // // TODO: Add constructor logic here // } public static WindowsImpersonationContext -
Hello, I've been trying to execute CSCRIPT.EXE through my asp.net application to execute some IIS admin scripts. To do this, CSCRIPT.EXE has to be ran by an administrator.
// Put user code to initialize the page here WindowsImpersonationContext x = NetworkSecurity.ImpersonateUser("MACHINE_NAME_WOULD", "Administrator", "ADMINISTRATOR_PASSWORD_WOULD_GO_HERE", LogonType.LOGON32_LOGON_INTERACTIVE, LogonProvider.LOGON32_PROVIDER_DEFAULT); System.Diagnostics.Process proc = new System.Diagnostics.Process(); proc.StartInfo.FileName = "cscript.exe"; proc.StartInfo.Arguments = "c:\windows\system32\iisweb.vbs /query"; proc.StartInfo.RedirectStandardOutput = true; proc.StartInfo.UseShellExecute = false; proc.Start(); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine()); Response.Write(proc.StandardOutput.ReadLine());Additional code if you want to try it out for yourself:public enum LogonType : int { LOGON32_LOGON_INTERACTIVE = 2, LOGON32_LOGON_NETWORK = 3, LOGON32_LOGON_BATCH = 4, LOGON32_LOGON_SERVICE = 5, LOGON32_LOGON_UNLOCK = 7, LOGON32_LOGON_NETWORK_CLEARTEXT = 8, // Only for Win2K or higher LOGON32_LOGON_NEW_CREDENTIALS = 9 // Only for Win2K or higher }; public enum LogonProvider : int { LOGON32_PROVIDER_DEFAULT = 0, LOGON32_PROVIDER_WINNT35 = 1, LOGON32_PROVIDER_WINNT40 = 2, LOGON32_PROVIDER_WINNT50 = 3 }; class SecuUtil32 { [DllImport("advapi32.dll", SetLastError=true)] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr TokenHandle); [DllImport("kernel32.dll", CharSet=CharSet.Auto)] public extern static bool CloseHandle(IntPtr handle); [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)] public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle); } /// /// Summary description for NetworkSecurity. /// public class NetworkSecurity { public NetworkSecurity() { // // TODO: Add constructor logic here // } public static WindowsImpersonationContexthi, did you check this article located at http://support.microsoft.com/default.aspx?scid=kb;EN-US;q306158#4 You need to give Grant the "Act as part of the operating system" privilege to the ASPNET account. HTH, Manish