Windows Server 2003 ASP.NET Web Service getting Access Denied when running System.Diagnostics.Process

I have a ASP 2.0 .NET C# Web Service. This web service's goal is to run a command line .EXE application. To do this, I create a Process, assign it some variables, and let it rip. It works great on my local machine, but when I put it on my 2003 Web Server, it fails. I highly suspect it is a permissions issue, however I dont know a lot about IIS. Here is a code snippet:

System.Diagnostics.Process myProcess = new System.Diagnostics.Process();
myProcess.StartInfo.FileName = "cmd.exe";
myProcess.StartInfo.UseShellExecute = false;
myProcess.StartInfo.CreateNoWindow = true;
myProcess.StartInfo.RedirectStandardError = true;
myProcess.StartInfo.RedirectStandardInput = true;
myProcess.StartInfo.RedirectStandardOutput = true;
myProcess.StartInfo.Password = mySecure;
myProcess.StandardInput.AutoFlush = true;
myProcess.StandardInput.Write(myPath + System.Environment.NewLine);
myProcess.StandardInput.Write(myCommand + System.Environment.NewLine);
myProcess.StandardInput.Write("exit" + System.Environment.NewLine);
myreturn = myProcess.StandardOutput.ReadToEnd();

Now at this point it doesnt matter what I am doing with this app. I changed it to CMD.EXE, and it dies at the same point: When I execute the Start() method.

Error Message:
System.ComponentModel.Win32Exception: Access is denied at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start()

What should I do to make this work?
LVL 11
Who is Participating?
Da1KingConnect With a Mentor Commented:
The problem is when your web server attempts to execute this code it does so as IUsr_<computername> account.  More then likely this account doesn't have the necessary permissions to perform the operation.  This leaves you two choices...

Add the permissions to the IUsr account.  However this is a huge security risk.

Change your IIS server to not allow anonymous access and implement 'Integrated Windows Authentication'.  However once implemented you will always be prompted with a username and password box asking you for your credentials.  This allows the web page processes to work as if they were you using your account.

So you have security on one hand and convenience on the other.
strickddConnect With a Mentor Commented:
There is another slightly more secure alternative. You can create a new user (on the computer or on the domain) and apply it as the IIS webuser (Control Panel > Administrative Tools > Internet Information Services | right click on the website > Properties | Directory Security > Anonymous Access and authentication control > Edit | Change Anonumous user to this new user).

Once you have the user applied to the site, you can restrict the rights of System.Diagnostics to just this user instead of the generic user used for every site.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.