I've been tasked with converting a legacy application to mvc. The app used pgp.exe to pgp sign user input and send it as an email. The application works locally and on a test server but won't run on a live server. I've had to jump though hoops such as running a specified user in the application pool so that we can set the keys in the users profile BUT it worked.
For some reason on the live server which is windows 2003 IIS 6 and identical to the testing server it fails. The problem is pgp.exe just wont seem to sign and create files the message I get from the console out put is. "Signature Error"?? When I put the command into a shell window logged in as the app pool user it runs no problem (after a fight with some permissions) but when running through the mvc application/IIS server it fails. The code used to call the process is below.
var startInfo = new ProcessStartInfo();
startInfo.FileName = _pgpexeLocation;
//startInfo.FileName = "pgp.exe";
startInfo.Arguments = string.Format("-sta \"{0}\" -u keyuser-z keypass +COMPATIBLE +FORCE", _tempFilePath);
startInfo.UseShellExecute = false;
startInfo.RedirectStandardOutput = true;
startInfo.LoadUserProfile = true;
using (Process exeProcess = Process.Start(startInfo))
{
// TODO: set limit to wait for and deal with exit
exeProcess.WaitForExit();
//var stringItem = exeProcess.StandardOutput.ReadToEnd();
//Logger.Info(stringItem);
}
I'm clutching at straws here hoping somebody has done something similar before and can help. I'm guessing it's key location or file location not being picked up somewhere but not sure what else to try?
Turns out that even though the app pool was using a specific user and I'd set the keys up in that users appdata folder when I checked the underlying process call it was actually trying to pick the keys up from the Default User profile. Not sure if this was an IIS config or something similar but moving the keys and pgp folder to this appdata instead worked?
Related
Hey, I am trying to get a service to start my program but it isn't showing the GUI. The process starts but nothing is shown. I have tried enabling 'Allow service to interact with desktop' but that still isn't working.
My program is a computer locking device to stop unauthorised users from accessing the computer. I am running windows 7 with a 64 bit OS.
Here is the code for my service:
protected override void OnStart(string[] args)
{
Process p = new Process();
p.StartInfo.FileName = "notepad.exe";
p.Start();
FileStream fs = new FileStream(#"C:\Users\David\Documents\Visual Studio 2010\Projects\LockPCService\LockPCService\bin\Debug\ServiceLog.dj",
FileMode.OpenOrCreate, FileAccess.Write);
StreamWriter m_streamWriter = new StreamWriter(fs);
m_streamWriter.BaseStream.Seek(0, SeekOrigin.End);
m_streamWriter.WriteLine(" LockPCService: Service Started " + DateTime.Now + "\n" + "\n");
m_streamWriter.Flush();
m_streamWriter.Close();
}
protected override void OnStop()
{
FileStream fs = new FileStream(#"C:\Users\David\Documents\Visual Studio 2010\Projects\LockPCService\LockPCService\bin\Debug\ServiceLog.dj",
FileMode.OpenOrCreate, FileAccess.Write);
StreamWriter m_streamWriter = new StreamWriter(fs);
m_streamWriter.BaseStream.Seek(0, SeekOrigin.End);
m_streamWriter.WriteLine(" LockPCService: Service Stopped " + DateTime.Now + "\n"); m_streamWriter.Flush();
m_streamWriter.Close();
}
To try and get the service working I am using notepad.exe. When I look at the processes notepad is running but there is no GUI. Also the ServiceLog is there and working each time I run it.
Any ideas on why this isn't working?
Thanks.
This article explains Session 0 Isolation which among other things disallows services from creating a UI in Windows Vista/7. In your service starts another process, it starts in Session 0 and also will not show any UI. (By the way, the UI is created, it's just that Session 0 is never displayed). This article on CodeProject can help you create a process from a service on the user's desktop and show its UI.
Also, please consider wrapping you stream objects in a using statement so that they are properly disposed.
Services run under different account so notepad is run by another user and on another desktop so that's why you cannot see it. 'Allow service to interact with desktop' is not supported anymore starting from Vista.
I know this is a late post, but I found that this article was very helpful to me. I am running Windows 7 and the solution provided in this article works great.
If you download the code, there is a class called ApplicationLoader. Include that class in your project and then it's as simple as this:
// the name of the application to launch
String applicationName = "cmd.exe";
// launch the application
ApplicationLoader.PROCESS_INFORMATION procInfo;
ApplicationLoader.StartProcessAndBypassUAC(applicationName, out procInfo);
Services run in a different logon session and have a different window station from the user. That means that all GUI activity is segregated from the user's programs, not that the service can't display a GUI. Actually, this design makes it much easier to temporarily block access to the user's programs.
You'll need to call SwitchDesktop.
I have a .NET application that interacts with Outlook like this:
Microsoft.Office.Interop.Outlook.Application app = new
Microsoft.Office.Interop.Outlook.Application();
Microsoft.Office.Interop.Outlook.MailItem item = app.CreateItem((Microsoft.Office.Interop.Outlook.OlItemType.olMailItem));
item.PropertyAccessor.SetProperty(PsInternetHeaders + Foobar, 1031);
item.BodyFormat = Microsoft.Office.Interop.Outlook.OlBodyFormat.olFormatHTML;
item.To = "a#test.com;b#test.com;c#test.com";
item.BCC = "cc#test.com";
item.Body = "Hello There!";
item.Display();
Be aware that I need to access the "PropertyAccessor" property.
In a normal environment this runs fine, but in a "secure" enviroment with this registry keys in place it just fails with Operation aborted (Exception from HRESULT: 0x80004004 (E_ABORT)):
[HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\outlook\security]
"PromptOOMAddressBookAccess"=dword:00000000
"AdminSecurityMode"=dword:00000003
"PromptOOMAddressInformationAccess"=dword:00000000
Outlooks security model seems to have a "trustedaddins" list, but I'm not really sure if this applies to "external applications" as well and that exactly I need to register unter TrustedAddins (see here).
My main question would be: Can I just register and foobar.exe unter trustedaddins or is this not possible at all?
I know that I could lower or disable the security stuff, but this is not my choice ;)
Your only options are listed at How to avoid Outlook Security Alert when sending Outlook message from VBScript?
You also might want to set PsInternetHeaders properties to strings only, not ints.
I am running a console application with no UI and generate thumbmail images from pdf files. The compile file for this application works fine. However I have to call this compile file from windows service application that implement the the FileSystemWatcher class to detect when new pdf files are uploaded into the directory.
and I am using the suggestion from this link
How to run console application from Windows Service?
ProcessStartInfo info = new ProcessStartInfo(appName);
info.UseShellExecute = false;
info.RedirectStandardError = true;
info.RedirectStandardInput = true;
info.RedirectStandardOutput = true;
info.CreateNoWindow = true;
info.ErrorDialog = false;
info.WindowStyle = ProcessWindowStyle.Hidden;
Process process = Process.Start(info);
if (!process.HasExited)
{
LogEvent(process.ProcessName + "has started and called Thumbnail application");
}
else
{ LogEvent(process.ProcessName + "has been terminated"); }
I can see the process involking the "pdfThumbnail.exe" but I am getting this error when the application try to execute.
"System.Exception: Cannot create ActiveX component.
at Microsoft.VisualBasic.Interaction.CreateObject(String ProgId, String ServerName)
at PDFThumbnailCsharp.Main(String[] args)
"
As I have said above the pdfThumbnail.exe execute fine when i run the exe file.
Updates
This is the error from the SysInternals' Process Monitor
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {FF76CB60-2E68-101B-B02E-04021C009402} and APPID
Unavailable to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
I have changed the ownership of this CLSID to Administrator with Full control as described on this link
http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/e303c7e1-16de-42fd-a1a4-7512c1261957
However I am still getting the same error.
Any help will be appreciated.
Thanks
This CLSID {FF76CB60-2E68-101B-B02E-04021C009402} is for Acrobat.Excha.PDDoc on my computer registry. Further investigation with Acrobat on this link https://forums.adobe.com/thread/1467460 revealed that Acrobat cannot be run from service.
What I have done for now until I have a better approach is to create a windows Task Scheduler that listen to an event raised by the windows service when new pdf are created and then trigger the console app that create the thumbnails.
I'm trying to register my application that will handle opening of links, e,g, http://stackoverflow.com. I need to do this explicitly for Windows 8, I have itworking in earlier versions of Windows. According to MSDN this has changed in Win8.
I've been through the Default Programs page on MSDN (msdn.microsoft.com/en-us/library/cc144154.aspx) page on MSDN. It provides a great walkthrough on handling file types but is light on details for protocols. Registering an Application to a URL Protocol only goes over the steps involved in setting up a new protocol, but not how to correctly add a new handler to an existing protocol.
I've also tried the registry settings outlined in other SO posts.
One more thing, the application is not a Metro/Windows Store App, so adding an entry in the manifest won't work for me.
You were on the right track with the Default Programs web page - in fact, it's my reference for this post.
The following adapts their example:
First, you need a ProgID in HKLM\SOFTWARE\Classes that dictates how to handle any input given to it (yours may already exist):
HKLM\SOFTWARE\Classes
MyApp.ProtocolHandler //this is the ProgID, subkeys are its properties
(Default) = My Protocol //name of any type passed to this
DefaultIcon
(Default) = %ProgramFiles%\MyApp\MyApp.exe, 0 //for example
shell
open
command
(Default) = %ProgramFiles%\MyApp\MyApp.exe %1 //for example
Then fill the registry with DefaultProgram info inside a Capabilities key:
HKLM\SOFTWARE\MyApp
Capabilities
ApplicationDescription
URLAssociations
myprotocol = MyApp.ProtocolHandler //Associated with your ProgID
Finally, register your application's capabilities with DefaultPrograms:
HKLM\SOFTWARE
RegisteredApplications
MyApplication = HKLM\SOFTWARE\MyApp\Capabilities
Now all "myprotocol:" links should trigger %ProgramFiles%\MyApp\MyApp.exe %1.
Side note since this is a top answer found when googling this kind of an issue:
Make sure the path in the shell command open is a proper path to your application.
I spent an entire day debugging issue that seemed only to affect Chrome and Edge on Windows 10. They never triggered the protocol handler while Firefox did.
What was the issue? The path to the .bat file used mixed
\ and / slashes.
Using only proper \ slashes in the path made Edge & Chrome suddenly able to pick up the request.
LaunchUriAsync(Uri)
Starts the default app associated with the URI scheme name for the specified URI.
You can allow the user to specify, in this case.
http://msdn.microsoft.com/library/windows/apps/Hh701476
// Create the URI to launch from a string.
var uri = new Uri(uriToLaunch);
// Calulcate the position for the Open With dialog.
// An alternative to using the point is to set the rect of the UI element that triggered the launch.
Point openWithPosition = GetOpenWithPosition(LaunchUriOpenWithButton);
// Next, configure the Open With dialog.
// Here is where you choose the program.
var options = new Windows.System.LauncherOptions();
options.DisplayApplicationPicker = true;
options.UI.InvocationPoint = openWithPosition;
options.UI.PreferredPlacement = Windows.UI.Popups.Placement.Below;
// Launch the URI.
bool success = await Windows.System.Launcher.LaunchUriAsync(uri, options);
if (success)
{
// URI launched: uri.AbsoluteUri
}
else
{
// URI launch failed. uri.AbsoluteUri
}
I have an application that would check for updates upon start and, if updates are found, it would copy some files over the network to the program files folder. Obviously such task can't be performed by Standard Users under normal scenarios.
I tried creating a service to do the update process but I had some security issues and I asked this question about it in superusers.
Now, considering the fact that most applications require elevated privileges to perform such task I think that might be the right approach. But how do I request elevation for the updater under all Windows version as of XP, included. I've found many topics about a manifest file, but since I need this to work with XP I can't create a solution specifically for UAC.
Privileges can only be elevated at startup for a process; a running process' privileges cannot be elevated. In order to elevate an existing application, a new instance of the application process must be created, with the verb “runas”:
private static string ElevatedExecute(NameValueCollection parameters)
{
string tempFile = Path.GetTempFileName();
File.WriteAllText(tempFile, ConstructQueryString(parameters));
try
{
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.UseShellExecute = true;
startInfo.WorkingDirectory = Environment.CurrentDirectory;
Uri uri = new Uri(Assembly.GetExecutingAssembly().GetName().CodeBase);
startInfo.FileName = uri.LocalPath;
startInfo.Arguments = "\"" + tempFile + "\"";
startInfo.Verb = "runas";
Process p = Process.Start(startInfo);
p.WaitForExit();
return File.ReadAllText(tempFile);
}
catch (Win32Exception exception)
{
return exception.Message;
}
finally
{
File.Delete(tempFile);
}
}
After the user confirms the execution of the program as administrator, another instance of the same application is executed without a UI; one can display a UI running without elevated privileges, and another one running in the background with elevated privileges. The first process waits until the second finishes its execution. For more information and a working example you can check out the MSDN archive.
To prevent all this dialog shenanigans in the middle of some lengthy process, you'll need to run your entire host process with elevated permissions by embedding the appropriate manifest in your application to require the 'highestAvailable' execution level: this will cause the UAC prompt to appear as soon as your app is started, and cause all child processes to run with elevated permissions without additional prompting.