1

I'm trying to restart windows server 2003 from inside a web service using System.Diagnostics.Process.

public static string Dorestart()
{
  var si = new Process();

  si.StartInfo.UserName = "administrator"; // Credentials of administrator user

  var sc = new SecureString();
  foreach (char c in "AdminPassword")
  {
    sc.AppendChar(c);
  }
  si.StartInfo.Password = sc;

  si.StartInfo.UseShellExecute = false;

  si.StartInfo.FileName = "cmd.exe";
  si.StartInfo.Arguments = "\"c:\\windows\\system32\\shutdown.exe\" -r -f -t 0 -c \"Restart Reason\" -d p:4:1";
  si.StartInfo.CreateNoWindow = true;

  string res = "";
  try
  {
    si.Start();
    si.WaitForExit();

    res = "Minor Job done... wait 2 minutes to complete action";
  }
  catch (Exception ex)
  {
    res= ex.Message;
  }

  si.Close();
  si.Dispose();

  return res;
}

for file name and argument part I also tested this:

si.StartInfo.FileName = "shutdown.exe";
si.StartInfo.Arguments = "/r /f /t 0 /c \"" + UReason + "\" /d p:4:1";

using filename and argument right from RUN command actually restarts the pc but on web service I get this error:

On server desktop: The application fails to initialize properly (0xC0000142). Click on ok to terminate application.

In event log I have this:

Process information: 
Process ID: 2676 
Process name: w3wp.exe 
Account name: NT AUTHORITY\NETWORK SERVICE 

Exception information: 
Exception type: HttpException 
Exception message: Request timed out. 

Request information: 
Request URL: http://mywebsite.com/webservice.asmx 
Request path: /webservice.asmx 
User host address: <IP Address> 
User:  
Is authenticated: False 
Authentication Type:  
Thread account name: NT AUTHORITY\NETWORK SERVICE 

Thread information: 
Thread ID: 7 
Thread account name: NT AUTHORITY\NETWORK SERVICE 
Is impersonating: False

On Web Application there is no error.

I appreciate if somebody tell me how can I fix this problem and give restart ability to a web service.

Reza Mortazavi
  • 329
  • 3
  • 14
  • 1
    Why on earth would you want to be able to restart a server from within a web service? – Wjdavis5 Dec 01 '13 at 01:07
  • Well, the process under which your w3wp.exe works, i.e. your application pool, should have an account that has admin privileges. – deostroll Dec 01 '13 at 02:36
  • @Wjdavis5 - because I need to provide some services on different internet and extranet websites with privilege to restart server. is it weird? – Reza Mortazavi Dec 01 '13 at 19:20
  • @deostroll Thank you for your response. But what's the best practice? I checked that user which is Network Service. I also have the option to change it to IWAN_. I suppose adding these users to administrators group may cause security problems (please correct me). I tried changing it to IWAN user and in group policy editor I add this user to Can Shutdown group but didn't worked. What you may advise? – Reza Mortazavi Dec 01 '13 at 21:20
  • I would suggest running a test where the App Pool is running as a local admin on the computer just to see if it works then. Then start backing out permissions from there. This almost has to be a permissions issue. – Wjdavis5 Dec 01 '13 at 23:56
  • And to answer your other question, yes I find this very odd - there most certainly has to be a better way to accomplish what you are trying to do. – Wjdavis5 Dec 01 '13 at 23:58
  • dear Wjdavis5, I appreciate if you tell me some better ways. I googled web and did not find anything. Also I changes user of related AppPool to Local System and the above error still persists. – Reza Mortazavi Dec 02 '13 at 19:08
  • let me change the question this way: I have a server on which some services reside and run. I have 2 VPS's (Virtual PC 2007) on that server which serve some related services in specific conditions. what I'm trying to do is writing a soft reboot application by which VPS's shut down first and then mail server restart. VP2007 does not have switch to be shut down VM's (correct me). I chose a software solution and as you see I'm stuck! what do you recommend? what's the best practice? (I'm not sure if I need to open a new question) – Reza Mortazavi Dec 02 '13 at 19:14

1 Answers1

0

at last it worked...

There were a mixture of problems. I document the process here for future reference. Beware of security risks.

Thanks to Wjdavis5, I changed AppPool Identity to Local System.

Thanks to Running a batch file from an ASP .NET page, I removed some lines from code:

public string DoJob()
{
  var si = new Process
  {
    StartInfo =
    {
      FileName = "shutdown.exe",
      Arguments = "-r -f -t 0 -c "Shutdown Reason" -d p:4:1",
      WorkingDirectory = "c:\\windows\\system32\\"
    }
  };

  string res;
  try
  {
    si.Start();
    si.WaitForExit();

    res = "<br />Minor Job done... wait 2 minutes to complete action<br />You can now close this window";
  }
  catch (Exception ex)
  {
    res = ex.Message;
  }

  si.Close();
  si.Dispose();
  return res;
}

To eliminate security risks, alongside with some security approaches in hiding website and web service, such as using subdomain and non-standard port, I made use of impersonation in A small C# Class for impersonating a User by Uwe Keim the above method content wrapped in this code:

try
{
  using (new Impersonator("Admin Username", ".", "Admin Password"))
  {
    // Above method Content
    .
    .
    .
  }
}
catch (Exception ex)
{
    return "Invalid Username or Password";
}

this code checks if provided credential is valid on server. I did not test non-administrative users on this application because this server does not have any.

feel free to comment and correct. Regards

Community
  • 1
  • 1
Reza Mortazavi
  • 329
  • 3
  • 14