Problems with ASPNET user

[KDavie]

I've created a simple Subversion command-line wrapper which I intended to use in a ASP.NET application. The wrapper uses System.diagnostics.Process to start cmd.exe and process the SVN commands. When I originally created the library I tested it with a console application; everything worked as expected. When I attempted to use the wrapper in my web app, however, I encountered an issue. After troubleshooting the issue I identified the problem to be caused by the fact that our SVN server uses SSL. When the command is run through the web app the process on the machine is created by the ASPNET user. Because there is no certificate associated with ASPNET user, there following errorr is encountered:

Error validating server certificate for '

https://our.svn.server.com:port:

- The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually!"

If I could manually run the command as the ASPNET user I would then be prompted to accept the certificate and could do so permanently; this would resolve the issue. The problem is that I don't know the password. If I could ensure that cmd.exe was started under a specific user account then I could also resolve my issue... However, I don't know how this would be possible. I tried using runas.exe in my System.Diagnostics.Process, but had no success going that route either. Any suggestions on how I can get arount this issue?

The code used to execute the command looks like this:

		Process p = new Process();
		StreamWriter sw;
		StreamReader sr;
		StreamReader err;
		int ExitCode;

		ProcessStartInfo psI = new ProcessStartInfo("cmd.exe", command);

		psI.UseShellExecute = false;
		psI.RedirectStandardInput = true;
		psI.RedirectStandardOutput = true;
		psI.RedirectStandardError = true;
		psI.CreateNoWindow = true;

		p.StartInfo = psI;
		p.Start();
		
		sw = p.StandardInput;
		sr = p.StandardOutput;
		err = p.StandardError;

		ProcessReader pr = new ProcessReader(sr);
		ProcessReader er = new ProcessReader(err);
		
		pr.Start();
		er.Start();

		p.WaitForExit();
		pr.WaitForExit();
		er.WaitForExit();

		ExitCode = p.ExitCode;

		string[] lines = Regex.Split(pr.Output, @"\r?\n");

The "command" variable is passed in as a parameter. An example value for this parameter is:

/C svn list

https://our.svn.server.com/trunk/project

Any suggestions would be appreciated.

Thanks,



Kevin Davie
Consultant
Sogeti USA

http://www.us.sogeti.com

 

[SiriusBlackOp]

This is a complete shot in the dark, and maybe you have already tried this in that you talked about RunAs..., but have you tired starting the process as another user rather than the ASPNET user?

Like This:

        Dim pr As New Process
        Dim sPass As String = "MyPassword"
        Dim ssPass As New System.Security.SecureString()
        For i As Integer = 0 To sPass.Length
            ssPass.AppendChar(sPass.Chars(i))
        Next
        pr.StartInfo.UserName = "MyUserName"
        pr.StartInfo.Password = ssPass

Senior Software Developer

http://www.scoutsft.com

 

[ca8msm]

You should also take a look at impersonation.


-------------------------------------------------------

Mark,
[URL unfurl="true"]http://aspnetlibrary.com[/url]
[URL unfurl="true"]http://mdssolutions.co.uk[/url] - Delivering professional ASP.NET solutions
[URL unfurl="true"]http://weblogs.asp.net/marksmith[/url]

 

[KDavie]

Thanks for the reponses.

Impersonation, however, is for server resources. Starting a process while using impersonation will still result in the process being owned by the ASPNET user. As far as explicitly setting the username and password, "UserName" and "Password" are not valid members of Process.StartInfo (I am using .NET 1.1)... Am I missing something?

Thanks again for your help.

-Kevin

Kevin Davie
Consultant
Sogeti USA

http://www.us.sogeti.com

 

[ca8msm]

Starting a process while using impersonation will still result in the process being owned by the ASPNET user

Yes, that's true but it will gain the permissions of the impersonated user. Is that not sufficient for what you need? Have you tried changing the account that the application pool runs under to a user that does have the correct priviliges?


-------------------------------------------------------

Mark,
[URL unfurl="true"]http://aspnetlibrary.com[/url]
[URL unfurl="true"]http://mdssolutions.co.uk[/url] - Delivering professional ASP.NET solutions
[URL unfurl="true"]http://weblogs.asp.net/marksmith[/url]

 

[KDavie]

Unfortunately impersonation isn't sufficient for my needs. An example of why is outlined below:

Process p = new Process();
ProcessStartInfo psI = new ProcessStartInfo("cmd.exe");
psI.UseShellExecute = false;
psI.RedirectStandardInput = true;
psI.RedirectStandardOutput = true;
psI.RedirectStandardError = true;
psI.CreateNoWindow = true;
p.StartInfo = psI;
p.Start();

Execute that code while using impersonation (either inline or through web-config). Now look at the processes tab of the task manager and you will see that cmd.exe is owned by the aspnet user instead of the impersonated one.

I need to figure out a way to run cmd.exe as another user or figure out a way to supress the certificate validation.

Kevin Davie
Consultant
Sogeti USA

http://www.us.sogeti.com

 

[SiriusBlackOp]

Yeah... I think you would need 2.0 to use the username and password.

You could also try the PsExec tool in the PsTool Set from Microsoft.

http://www.microsoft.com/technet/sysinternals/Utilities/PsTools.mspx

Check it out and see if it is worth trying.

Senior Software Developer

http://www.scoutsft.com

 

[chrissie1]

Have you tried using Toroisesvn or some other client and using that to comunicate with the svn-server? I'm pretty sure tortoisesvn can be used for what you want since others do it too.

And why are you using cmd.exe? just use the svn client program directly.

Christiaan Baes
Belgium

My Blog

 

[KDavie]

I am using Tortoise for my local client. But that doesn't help with my project requirements. My web app needs to read all the file info from the repository and present the user with a list of the files. The web app will help facilitate our release process and will be used by developers when they are preparing to release code. I chose to use a command-line wrapper because using the SVN API would be overkill for my requirements.



Kevin Davie
Consultant
Sogeti USA

http://www.us.sogeti.com

 

[ca8msm]

So did you try my suggestion about changing the user for the application pool?


-------------------------------------------------------

Mark,
[URL unfurl="true"]http://aspnetlibrary.com[/url]
[URL unfurl="true"]http://mdssolutions.co.uk[/url] - Delivering professional ASP.NET solutions
[URL unfurl="true"]http://weblogs.asp.net/marksmith[/url]

 

[chrissie1]

I think you are overcomplicating the matter and are looking in the wrong direction.

I see no need for cmd.exe. If you want a list of all the filesthat are in a certain svn you can do it via the svn directly. svn has several parameters (more then you wish to remember. making and returning lists is one of them.

but go right ahead.

Christiaan Baes
Belgium

My Blog

 

[KDavie]

I appreciate any advice you can give. I went this direction only for simplicity. If directly communicating with SVN is the favorable approach, I will glady do so. Can you point me in the right direction for accomplishing your suggestion?

Again, thanks for you help.

-Kevin

Kevin Davie
Consultant
Sogeti USA

http://www.us.sogeti.com

 

[KDavie]

chrissie1...

Can you guide me to some documentation that will help me in implementing your suggestion? I am trying to figure out how to get file lists directly through svn as you recommended.



Kevin Davie
Consultant
Sogeti USA

http://www.us.sogeti.com