Asp. NET call cmd command prompt to deny access to the solution

Recently made a small project about Windows Server POP3 server, turned over the network, and could not find the interface.

Thankfully, a console interface Winpop.exe was discovered, which is to interact with the POP3 server with a cmd command prompt.

This is a helpless move, with the cmd command efficiency is low, and the acquisition, analysis of the return information is rather troublesome. However, this is not what, the main thing is: b/S mode, the Web program has permission to call cmd?
The call to cmd here, of course, is not to invoke the CMD on the client machine, but the cmd on the server, so the heart is a little bit bottom.

I made a careful experiment on my computer, successfully called CMD in the ASPX page, executed the ping command, and successfully fetched and parsed the return information.

So I confidently put the test program published to the server, but also smooth execution! The core code is as follows:

usingSystem.Diagnostics; usingSystem.IO; /// <summary>  ///cmd Command Execution helper class/// </summary>   Public classCmdhelper {PrivateProcess p =NULL; PrivateStreamReader reader =NULL; /// <summary>      ///ping command via cmd/// </summary>      /// <param name= "cmdstring" >Command Content</param>      /// <returns>Command Execution Results</returns>       Public stringExecutestringcmdstring) {ProcessStartInfo start=NewProcessStartInfo ("Cmd.exe"); Start. FileName="Ping"; Start. Arguments=cmdstring; Start. CreateNoWindow=true; Start. Redirectstandardoutput=true; Start. Redirectstandardinput=true; Start. UseShellExecute=false; Start. WorkingDirectory="C:\\Windows\\System32"; P=Process.Start (Start); Reader=P.standardoutput; stringline =""; stringLinetemp =""; //read the returned data by line and do some processing to facilitate the analysis         while(!Reader. Endofstream) {linetemp= Reader. ReadLine ();//read a line//indicate a blank line with an * number            if(Linetemp = ="") { line+="*"; }              Else{ Line+=linetemp; }          }            returnLine ; }  }  

But it was too early to be happy when I put start. Filename= "ping"; change to start. FileName = "Winpop", that is, the execution of the winpop command, this time ruthlessly returned "Access denied."

Analysis, what is the denial of access? A ping has just been successfully executed, stating that access to CMD is available, and that the ping command that is being executed is actually using Cmd.exe to invoke Ping.exe, which means that access to Ping.exe has been granted. Now instead of the winpop command, there was a denial of access, stating that we did not have access to winpop.exe!

What should I do now? The first thing to think about is to modify the access rights of Winpop.exe, right-click Winpop.exe (under the Windows/system32 folder), click on the "Properties"---"Security" tab, add the current user to the user, or Reject , join the ASP, or reject it, and finally, plus the Everyone user, still refuse! It seems that this method has no effect.

After a calm analysis, this must be caused by a permission problem. So where does this privilege limit?

Do not forget that our program is running in IIS, all the power to kill, are controlled by IIS, permissions are not here?

With Google, IIS really has permissions, or more specifically, "Application Pools" in IIS to set permissions. Now let's talk about how to set it up.

Find your site from IIS first, and in the right--properties, see which application pool you are using, and then locate it in the application pool directory, right----the properties

Find the "Identification" tab, then find "pre-defined account" and select "Local System" in the drop-down menu.

In this way, your website can execute the cmd command at will, in fact not only executes the cmd command, simply is the supreme authority!

As a reminder, this changes the application pool permissions, so all sites that use this application pool have very high permissions, which is quite dangerous and must be used with caution !!

As a complete solution, a little more needs to be mentioned.

When you call cmd to execute a command, you can specify the user (user refers to the system user, that is, the account password used to log on to the computer), so you can also get certain permissions. The code is as follows:

usingSystem.Diagnostics; usingSystem.IO; /// <summary>  ///cmd Command Execution helper class/// </summary>   Public classCmdhelper {PrivateProcess p =NULL; PrivateStreamReader reader =NULL; /// <summary>      ///ping command via cmd/// </summary>      /// <param name= "cmdstring" >Command Content</param>      /// <returns>Command Execution Results</returns>       Public stringExecutestringcmdstring) {ProcessStartInfo start=NewProcessStartInfo ("Cmd.exe"); Start. FileName="Ping"; Start. Arguments=cmdstring; Start. CreateNoWindow=true; Start. Redirectstandardoutput=true; Start. Redirectstandardinput=true; Start. UseShellExecute=false; Start. WorkingDirectory="C:\\Windows\\System32"; Start. UserName="Administrator";//Specify user//constructs a user password, assuming that the password is 123 and must be added one character at a characterSystem.Security.SecureString Password =NewSystem.Security.SecureString (); Password. Appendchar ('1'); Password. Appendchar ('2'); Password. Appendchar ('3'); Start. Password=password; P=Process.Start (Start); Reader=P.standardoutput; stringline =""; stringLinetemp =""; //read the returned data by line and do some processing to facilitate the analysis         while(!Reader. Endofstream) {linetemp= Reader. ReadLine ();//read a line//indicate a blank line with an * number            if(Linetemp = ="") { line+="*"; }              Else{ Line+=linetemp; }          }            returnLine ; }  }  

However, I failed the test under Windows Server2003, as long as the user is specified, the Web program hangs until the response times out, the reason is unknown.

Asp. NET call cmd command prompt to deny access to the solution