I have a computer A which hosts different kind of things:
A website (is developped using C# and ASP.Net)
Applications
Our customers have access to the website and sometimes, they will want to reboot the computer A (knowing that it will cut the website during the reboot).
My question is simple : does it exist a way of :
Rebooting a computer by simply clicking a button on an ASP.Net page ? How would I manage to do so ?
The same way, is it possible to execute some batch script (executes on the Computer A) when clicking on a button on an ASP.Net page ?
Thanks for your help!
This is secure enough way to do it (as long as password is stored securely)
ProcessStartInfo startInfo = new ProcessStartInfo("shutdown /r /f /t 5");
startInfo.UserName ="user with enough rights";
startInfo.Password ="password";
Process.Start(startInfo);
// /r - restart
// /f - force
// /t 5 - wait 5 seconds
You can do it using System. Diagnostics.Process namespace, Please look at the following link for full process.
http://www.c-sharpcorner.com/UploadFile/yuanwang200409/RemoteRestartWindows09252006141003PM/RemoteRestartWindows.aspx
It would be pretty easy to implement, but the question is if IIS will allow it. You will also open up for exploits, since if someone managed to exploit this, they could chain restart your server.
If you really want to go ahead and implement this, you could simply set up a Web Service call that triggers the following code.
System.Diagnostics.Process.Start("shutdown.exe", "-r -t 0");
Although, it does sounds more like you are looking for a management tool to handle this. I would recommend that you look at one of many tools available to help manage servers remotely. It is important for security that the management software has the ability to give the user specific privileges, like restricting them with access to only reboot the server.
You can execute "shutdown -r" command from C# in command line, see this SO question how to do it. Mind you that the application has to be very well secured, and the application running under IIS will have to have enough user rights.
Edit:
Fuji's proposed way works well and doesn't even require elevated process (I didn't expect it to work, whoops ;))
Related
I'm on a stand alone Windows 10 laptop and NOT running AD LDS or any other active directory services. I'm running IIS.
I'm trying to deeply understand what this line of code is doing and more importantly, how.
DirectoryEntry e3 = new DirectoryEntry(#"IIS://localhost/W3SVC/1/Root");
Does a windows OS fake in some sort of resolution for this method in absence of active directory?
1) First take care to note if you mean pre/port IIS7. With and after IIS7 many things changed yet, all to much, they still look alike. But there are important differences.
2) MAKE SURE you are at least running in administrative mode
run as administrator
~ or doing something better.
3) Look into .net's DirectoryServices()/DirectoryEntry() but also Microsoft.Web.Administration.ServerManager(). This is probably where you can do 90% of all you are attempting.
4) There is a windows tool cmdline exe (windows/syswow64[system32]/inetsvr/appcmd.exe) that is wonderfully helpful ~ in fact, if it is an option for your needs/environment, you might prefer to create a cmd script for all that you are trying to do. I suggest first learn this tool, then use it to extract out a lot of the IIS/Site metadata to explore what & where you are trying to get to. https://www.iis.net/configreference/system.applicationhost/applicationpools
5) Powershell has a snapin, certainly on server with IIS installed, maybe on workstations. I don't use a lot of powershell so the most i will say about that is the snapin is called WebAdministration and/or iisConsole. You may need to/prefer to manually register the snapin each time you run your script OR you might automatically register the snapin by using the IIS powershell management console.
6) For any above option always remember #2 ~ be certain you are at least running in administrative mode.
7) I know you certainly are playing in the land of IIS's metadata database ~ not the registry so much.
Local workstation: The exact mechanics when you are local to the IIS instance? I'm not sure. You might be accessing the metadata directly, you might be getting to the metadata via the IIS service, or you might be accessing the Server.exe Server service, or something else.
Remote server w/o LDAP: If you are querying a remote server not in an active directory? same as a workstation.
Remote server w/ LDAP: If you are querying a server in an AD you almost certainly are hitting the AD/LDAP service. Of course, how you are doing so might technically be via a segregate such as server.exe service running on that remote.
-- The end game is appcmd.exe, powershell, or c# Microsoft.Web.Administration, DirectoryServer(), all probably come close to doing the same thing in the background. But these are your interfaces to access that background so you don't need to think so much about the deeper implementation.
I hope this helps everyone!
Up vote it is you like this answer.
I am trying to make a web service for my MVC C# app that will allow administrators to perform an iis reset by triggering a batch file with all the commands we use.
The website is hosted on a remote machine so this is not local. Security is in place for the web service to prevent this being triggered maliciously.
How would I go about doing this? I've tried
System.Diagnostics.Process.Start(#"c:\iisresetTest.bat");
This gave no errors, but it did not perform the reset.
I've also tried the directions here: http://labs.ratchet.com/566/running-command-line-bat-files-from-web-page-asp-net-c/
But that gave an error that I need to be an admin to run the command. I'm assuming the first line of code worked, but since it wasn't an admin it probably just closed down command prompt.
You can run a bat file as administrator using the scheduled task work around http://www.sevenforums.com/general-discussion/307201-how-run-batch-bat-flle-administrator.html I couldnt find the better page for that but you might find it googling. You can also go in the registry and turn UAC off but that could be dangerous.
What code do I need for a C# application to restart the user's IIS while the user does not have Admin rights?
I don't think it's possible through code alone (and if it was, it'd be an exploit.)
You'd need to write a daemon that ran as a privileged user that accepted restart commands from unprivileged sources, say by checking for the existence of a lockfile or similar, or accepting commands over a socket, and then restarted the server accordingly.
Which would be a serious security risk, still, but whatever floats your boat.
It still might be better to think hard about why you want to do this. I think you'll find that whatever criteria prevent you from making the relevant user an IIS admin are excellent arguments for why the user shouldn't be rebooting IIS either.
Is it possible for code to work perfectly on the Administrator profile and not work at all while logged in as another user?
I am building certain applications at work, and while developing, coded and tested while logged on as Administrator. Every application working normally.
Now before deployment, when I execute the same application, but now logged in with a specific user account, I just get the error "Console Application stopped working" etc etc. I have handled all possible exceptions with my own Message Box, but this error is something I did not expect?!
In the exe's, I tried changing setting to "Run as Administrator", no use!
Any help would be much appreciated. Thanks!
PS - There are certain FTP methods I reuse from another class. And by handling all possible exceptions, I mean, I would have a try-catch block for the FTP method, so in case of error encountered after deployment, affected user may call helpdesk and notify the exact error.
Well, its not the right way to go, but right click and run as Admin, works butter smooth. Should I go ahead and modify all executables to - Run as Administrator under Properties->Compatibility??
You should firstly investigate if your application does need Admin rights indeed. A few scenarios that I can think of where an App needs admin rights are writing to protected locations of the system, writing to registry (excluding the areas that the user has rights on). If you think that admin access is not needed, you could always seek other ways to make it work. For example, instead of writing to a protected location, create a directory for you application in the user's application data folder and write to that location.
When you launch the application, if you're running on I believe Windows Vista or higher(7 works this way for sure)
You can Right click on the application and click on Run as Administrator
And yes, Sometimes the application won't work if you're not running as an administrator. For instance, If it's trying to change files in a protected location.
There are other variances that can cause your program to not work, For me, "Console Application stopped working" normally means that you don't have the right version of the .net framework installed, but it can mean any number of things.
I found this nice snippet of code online:
rkApp = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
Which runs great but alas on windows 7 and vista I suspect, it crashes cause it doesn't have permission to write there.
So then I research (on stackoverflow of course) how to avoid this, quickest method:
rkApp = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
Simple enough! Though there is two issues remaining. One is with both methods (on a XP Box that is), the program thinks its relative path is somewhere in the C:\windows folder now...so I.e. it won't find my path relative help files etc. The second issue is, on windows 7, my program won't startup until I log in. I want it to start up in the background if possible before anyone logs in.
Its a simple .exe that hangs out in the systray when its running. I didn't want to create this monstrosity of an installer to get around these admin and pathing issues.
I Think I would have to create it as a service (no clue how to do that) to get it to start up when the machine reboots before anyone logs in. Secondly to do that I am sure I have to figure out the admin privileges, and since I don't want to have to approve the program to run every time it starts up it sounds like I would have to figure out its admin privileges during install time, but alas no installer.
So just curious what routes I might take to get this to work. I can even suffer it coming up only after when the user logs in, but my current methods that work this way really screw up the pathing of my program since it tries to write stuff out to a new directory (not the one I originally started the EXE from). Etc...and I have no clue how to go about fixing that pathing issue.
It sounds like you need two programs here.
You can't have an application run in the system tray and run prior to login. The system tray doesn't "exist" until the user logs in and has a valid desktop.
The normal way to handle this is to make two programs. First, create a windows service that does the bulk of your work. This will run on startup, and be independent of any user logins.
Then, make a user mode application which uses IPC to communicate with the service. This can run on login, and "talk" to the service remotely, thereby providing your system tray requirements.
If you want your program to start as a service before anyone logs on, then it's going to need to be installed and run as an admin user. There's not getting round this fact.
There's a Microsoft Knowledge Base article on creating a service which should get you started.
There's a project template for a Windows Service installed by default in Visual Studio 2008:
"File > New > Project > Visual C# > Windows > Windows Service"