Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problems with ASPNET user

Status
Not open for further replies.

KDavie

Programmer
Feb 10, 2004
441
US
I've created a simple Subversion command-line wrapper which I intended to use in a ASP.NET application. The wrapper uses System.diagnostics.Process to start cmd.exe and process the SVN commands. When I originally created the library I tested it with a console application; everything worked as expected. When I attempted to use the wrapper in my web app, however, I encountered an issue. After troubleshooting the issue I identified the problem to be caused by the fact that our SVN server uses SSL. When the command is run through the web app the process on the machine is created by the ASPNET user. Because there is no certificate associated with ASPNET user, there following errorr is encountered:

Error validating server certificate for '- The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually!"

If I could manually run the command as the ASPNET user I would then be prompted to accept the certificate and could do so permanently; this would resolve the issue. The problem is that I don't know the password. If I could ensure that cmd.exe was started under a specific user account then I could also resolve my issue... However, I don't know how this would be possible. I tried using runas.exe in my System.Diagnostics.Process, but had no success going that route either. Any suggestions on how I can get arount this issue?

The code used to execute the command looks like this:
Code:
		Process p = new Process();
		StreamWriter sw;
		StreamReader sr;
		StreamReader err;
		int ExitCode;

		ProcessStartInfo psI = new ProcessStartInfo("cmd.exe", command);

		psI.UseShellExecute = false;
		psI.RedirectStandardInput = true;
		psI.RedirectStandardOutput = true;
		psI.RedirectStandardError = true;
		psI.CreateNoWindow = true;

		p.StartInfo = psI;
		p.Start();
		
		sw = p.StandardInput;
		sr = p.StandardOutput;
		err = p.StandardError;

		ProcessReader pr = new ProcessReader(sr);
		ProcessReader er = new ProcessReader(err);
		
		pr.Start();
		er.Start();

		p.WaitForExit();
		pr.WaitForExit();
		er.WaitForExit();

		ExitCode = p.ExitCode;

		string[] lines = Regex.Split(pr.Output, @"\r?\n");
The "command" variable is passed in as a parameter. An example value for this parameter is:

/C svn list

Any suggestions would be appreciated.

Thanks,



Kevin Davie
Consultant
Sogeti USA
 
This is a complete shot in the dark, and maybe you have already tried this in that you talked about RunAs..., but have you tired starting the process as another user rather than the ASPNET user?

Like This:
Code:
        Dim pr As New Process
        Dim sPass As String = "MyPassword"
        Dim ssPass As New System.Security.SecureString()
        For i As Integer = 0 To sPass.Length
            ssPass.AppendChar(sPass.Chars(i))
        Next
        pr.StartInfo.UserName = "MyUserName"
        pr.StartInfo.Password = ssPass


Senior Software Developer
 
Thanks for the reponses.

Impersonation, however, is for server resources. Starting a process while using impersonation will still result in the process being owned by the ASPNET user. As far as explicitly setting the username and password, "UserName" and "Password" are not valid members of Process.StartInfo (I am using .NET 1.1)... Am I missing something?

Thanks again for your help.

-Kevin

Kevin Davie
Consultant
Sogeti USA
 
Starting a process while using impersonation will still result in the process being owned by the ASPNET user
Yes, that's true but it will gain the permissions of the impersonated user. Is that not sufficient for what you need? Have you tried changing the account that the application pool runs under to a user that does have the correct priviliges?


-------------------------------------------------------

Mark,
[URL unfurl="true"]http://aspnetlibrary.com[/url]
[URL unfurl="true"]http://mdssolutions.co.uk[/url] - Delivering professional ASP.NET solutions
[URL unfurl="true"]http://weblogs.asp.net/marksmith[/url]
 
Unfortunately impersonation isn't sufficient for my needs. An example of why is outlined below:


Code:
Process p = new Process();
ProcessStartInfo psI = new ProcessStartInfo("cmd.exe");
psI.UseShellExecute = false;
psI.RedirectStandardInput = true;
psI.RedirectStandardOutput = true;
psI.RedirectStandardError = true;
psI.CreateNoWindow = true;
p.StartInfo = psI;
p.Start();

Execute that code while using impersonation (either inline or through web-config). Now look at the processes tab of the task manager and you will see that cmd.exe is owned by the aspnet user instead of the impersonated one.

I need to figure out a way to run cmd.exe as another user or figure out a way to supress the certificate validation.

Kevin Davie
Consultant
Sogeti USA
 
Have you tried using Toroisesvn or some other client and using that to comunicate with the svn-server? I'm pretty sure tortoisesvn can be used for what you want since others do it too.

And why are you using cmd.exe? just use the svn client program directly.

Christiaan Baes
Belgium

My Blog
 
I am using Tortoise for my local client. But that doesn't help with my project requirements. My web app needs to read all the file info from the repository and present the user with a list of the files. The web app will help facilitate our release process and will be used by developers when they are preparing to release code. I chose to use a command-line wrapper because using the SVN API would be overkill for my requirements.



Kevin Davie
Consultant
Sogeti USA
 
I think you are overcomplicating the matter and are looking in the wrong direction.

I see no need for cmd.exe. If you want a list of all the filesthat are in a certain svn you can do it via the svn directly. svn has several parameters (more then you wish to remember. making and returning lists is one of them.

but go right ahead.

Christiaan Baes
Belgium

My Blog
 
I appreciate any advice you can give. I went this direction only for simplicity. If directly communicating with SVN is the favorable approach, I will glady do so. Can you point me in the right direction for accomplishing your suggestion?

Again, thanks for you help.

-Kevin

Kevin Davie
Consultant
Sogeti USA
 
chrissie1...

Can you guide me to some documentation that will help me in implementing your suggestion? I am trying to figure out how to get file lists directly through svn as you recommended.



Kevin Davie
Consultant
Sogeti USA
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top