IIS; print on shared printer with IUSR-user - c#

I’m trying to print to a shared printer from a IIS Windows 10 server with the IUSR user. So far unsuccessful.
The print job works with every other user, so it must be the authorization. Local printers are no problem.
On the IIS-server PHP starts a little C# application for server side printing an image. The printer is a shared printer on another Windows 10 pc in the (privat) network. There is no domain controller or something like that.
I have tried so far:
Add network service permissions to the IUSR-user:
https://serverfault.com/questions/469944/how-to-add-network-service-to-users-permission-group/469961
Set up the shared printer to a local port:
https://superuser.com/questions/899808/add-network-printer-as-a-local-printer
Switch to other users with other permissions in the c#-print-applikation:
C# How to change user context in app running on system
None of it works. Does anyone have a good idea or workaround?

Related

Cannot raw print to RDP redirected printer

So I have to RDP into my dev environment. From there, I've been trying to send a file to a Zebra label printer in RAW print mode. Similar to this post, the printer doesn't seem to receive anything. I'm using the same c# example code as a proof of concept. That leas to this, but this is already disabled in my group policies.
I am guessing I am just out of luck and have to copy to local as development occurs, but I was hoping not to have to do that.
We had the same problem on a Windows 2016 Server.
We solved it by changing the value of "Use Remote Desktop Easy printer driver first" in the Group Policy from "Not configured" to "Disabled".
This key is in the folder "Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Printer Redirection configurations".
I'm not sure if on the Computer or User configuration, or on both.
The redirect driver simply doesn't support it.
You can work around it by sharing the printer from your local an adding it that way. Then you can raw print to it.

Printing from a console that is started by a Windows Service [duplicate]

I'm building an ASP.NET application that requires printing using PrintDocument method:
PrintDocument.Print()
Printing works properly in development env with IIS express. when publishing it to an intranet IIS server, printing fails, which I think is caused by permission issue for aspnet working process.
I tried to do the following with no success:
I created an application pool in integrated pipeline mode for an admin local user with load user profile option set to true
I moved the application to the new created application pool
I added <identity impersonate="true" username="username" password="*****"/> in web.config file
An error appeared stating that: An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode so I added <validation validateIntegratedModeConfiguration="false"/> to <system.webServer> section.
Any help please?
I think you might be misunderstanding some fundamental concepts here. When you use PrintDocument.Print() you are printing on the server. When you deploy your application in IIS this printing will happen on the server computer that is hosting your application. The reason why you thought your code was working in IIS Express is because you were hosting your application on the same computer as the client browser that was testing it. Also you were running your application under your account which had a printer configured.
You cannot print directly to the client computer from a web application. That would be a big security issue. The best you could do is provide some HTML document using a print media CSS type. Then if the user decides, he might print it in his browser.
If on the other hand you want to print on some printer that is attached to your web server, you will need to configure the Application Pool in IIS to run under an identity that has a printer configured in its profile.
Hopefully I am understanding your question correctly, but I just had some confusion myself with this. Our setup at my work is Windows Server 2008 R2 with IIS 7.
We have a print server as well installed on the same box (not sure if it matters as this is not my area of expert).
Basically, viewing the installed printers using, PrinterSettings.InstalledPrinters I was able to see all the printer names installed on the server.
I attach a debugger to the application process to debug and I can just use the debugger to see this, otherwise you will have to run a loop to print through these. If you run this locally, you will see only the printers installed on your machine. If they are network printers, then the full path will be shown. So determine the path/name the server will recognize the printer as and then set that to the printer name explicitly using the,
PrinterSettings.PrinterName property of the PrintDocument class. This worked for me. Also, my application pool identity is set to NetworkService.
I think the original poster has gotten a lot of flack for their question. If you want to generate .PDFs using GhostScript, for example, you install a printer driver and create a printer for it. You can suppress the Saveas() dialog in many languages by providing one ahead of time. This was feasible in earlier versions of IIS (that may have been less secure), but is harder to do in IIS 8.
I think this issue is caused by IIS inhibiting access to the local printer queue. This is either caused by not being in the NT AUTHORITY\INTERACTIVE group at runtime, or because IIS will put the user, (whomever is running the app pool) in two groups: IIS APPPOOL\, and BUILTIN\IIS_IUSRS.
You can validate all this by looking at the thread permissions using a tool like Sys Internal's Process Explorer.
I have faced same issue and I found the following solution and it worked for me.
1 - Go to printer and setting of system
2 - Select Printer
3 - Go to Printer Properties
4 - Security
5 - Click on Add "IIS AppPool\DefaultAppPool" as object name and click on check name (Default Pool will be your Pool Name)
6 - Give permission Manage This Printer and Manage Document permission.
7 - Restart IIS

How can I redirect URLs entered in the browser?

I want to redirect URLs entered in the browser. For example, when I enter http://microsoft.com, it would redirect to http://127.0.0.1:5000/webpage.html and show this page. I want to do this for all websites entered in the browser.
I don't want to do it by ASP.NET.
I have 10 computers in a workgroup network. I want to manage them by a system that it is server.
My program has 2 client and server versions. Client versions install on PC Clients.
I want to be able to get the client bandwidth systems, And if the bandwidth is over, I redirect browser to a page or port (127.0.0.1:32500) and I stop communicating with internet for all programs on PC Clients. I know that I use proxy, but how?
If I set proxy for browser, other programs can connect to Internet without cross through the proxies.
I want to make a program like net support schools that I can control internet on client (Web access in net support).
I would do this by creating entries in the Windows HOSTS file (C:\Windows\System32\Drivers\etc\hosts).
This is a permanent redirect until the hosts files is changed again.
Also, please be aware that Windows maintains a DNS cache, so if you use something like this, you may have to tell windows to flush it's DNS cache. That can be done by using the command:
C:> ipconfig /flushdns
if you have 10 computer,
1-it's better you put a server like one of them and on the server start dns server like 192.168.1.1 and manage all site and ip you want and for clients set dns on you dns server.
2-it's easier, but if your network bigger you can't administer that. You must open every client hosts file (C:\Windows\System32\Drivers\etc) and add row like
127.0.0.1:32500 microsoft.com
if you want change this file you must run as administrator.

Accessing an NFS share from a Windows service

I have a Windows service that can't access an NFS share on a UNIX box. I can't access the share with the UNC path, so I have to have it mounted.
I have a console application that can see the drive and runs fine, but when I deploy my Windows service, it can't see the drive.
I have the drive mounted as my local user as well as the administrator.
I've tried mounting a drive from my application by using "Process.Start(mBatchFilePath);", but that didn't work either.
I'm running as the local user (set as administrator).
Tried using a symbolic link
Going to try to set up an FTP to transfer the files
Does anyone have any suggestions on how I can make this work?
SOLVED: I used SSH.Net and transfer files with an SFTP server
I don't think that mapping the drive to a symbolic link is a real solution. The Problem is, that the service runs under a certain user account and thus it accesses all resources with the privileges of this account. Of course your IT admin is right, it's not a good idea to let the service run under the local administrator account.
You should create a new user account that is allowed to access the shared folder. Then set up the service that it runs under this account and the service should be able to access the network share. But remember, a network share that is mapped to a drive letter is only mapped for the current user. So the service (that runs under a different user account) simply doesn't have any drive with this letter, it is not mapped under its account.
So in your service you should always access the share with its full UNC path and not with a mapped drive letter.
Since we were connecting to a Solaris server from a windows box I needed to use SFTP to send files to the server.
I contemplated some sort of a folder sync, but it wasn't a route I wanted to go down.
I used the SSH.Net libraries.

Print from Windows Service, no dialog, no user interaction

I would like to print from a Windows Service in C# using Visual Studio 2010. So far, I have only been partially successful by using the code found here:
Print html document from Windows Service without print dialog
The current problem I am experiencing is two fold, which I have only discovered by allowing the service to interact with the desktop:
1) When the URL is entered in as the HTML location, it will request credentials for that location (a network shared IIS web server that I DO NOT have the ability to alter in any way, which requests a username and password to access the information).
2) After I enter credentials, the default printer is ALWAYS the XPS printer, no matter what I do to SetDefaultPrinter (two different ways I have found to do this). I have discovered this is because the printer I want to print to is also a network printer, which the Local System account cannot access (apparently). I have not found a way around this problem.
I would like to get around both of these problems by entering the credentials needed programmatically (this is a network share credential set) and then print to a network printer. In other desktop applications I have successfully printed to each of these network printers even though I do not have each one installed.
Attempting to log in using my credentials instead of the Local System account does not solve either problem. I am using Windows XP.
Assuming I get this to work, I will also need to install the service on another server, so if it is necessary to preinstall each printer I will need to know what steps to take to ensure the Local System account has access to them. The server I will install on will likely be a Windows Server 2003 or 2008, but will have the same network access as the development machine.
EDIT: I attempted a solution of having it Log on as other accounts, all of which should have credentials (and, in fact, if those credentials are entered when it is running as Local System with desktop interaction, those credentials are accepted). Each user that this has been attempted with has had the default printer set to the printer I am trying to test print to, but no print occurs. The only time I know for sure it is trying to use the XPS printer is when it is logged on as Local System with desktop interaction.
Don't run the service as Local System. It doesn't have the rights you need to access network resources. Create a user and run the service under that, if you're in a domain, make sure it's a domain user and not a local one. You will need to log on as that user and install the printers you want to use on the computer where your service runs. Also, if the IIS application is using Windows Authentication, see if the account you're running the service under can be granted permission to access the web application.
I had this issue, this trick solved it
Go to services ---> Double click the required service ---> proceed to logon tab
Supply the Log-in credentials from which printer was installed.
See screen shot below.

Categories