I have an ASP.NET website (in C#) that takes in user data and then attempts to create a windows scheduled task. Of course, this works great on the DEV machine, but fails to run on the server. I'm trying to figure out what permission(s) are required on the ASPNET user (or anonymous web user) to create tasks.
The error is:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Stacktrace:
at MyScheduler.NewWorkItem(String TaskName, Guid& rclsid, Guid& riid, Object& obj)
at MyScheduler.CreateTask(String name)
I've done some searching, and the suggested resolution is to use the web.config 'impersonate' flag to force the application to run as a user with sufficient permissions, as opposed to the ASPNET account which may not have those permissions.
Example:
<system.web>
<identity impersonate="true" />
</system.web>
Unfortunately, this does not seem to resolve the issue. From the documentation I read, this should run as the anonymous web user, but it seems that user does not have enough permissions.
I altered the setting to specify a specific domain user that happens to be an administrator on the machine. Example:
<system.web>
<identity impersonate="true" userName="WindowsDomain\YourUserName" password="YourPassword" />
</system.web>
Doing this allowed the application to successfully create the Windows Scheduled Task. So, obviously, with the correct set of Windows 2003 permissions I can get the app to perform as it does in the development environment. However, I'm not about to place the network or machine administrator account's user credentials in plain text on a Web.config file.
Does anybody happen to know what permissions exactly need to be set in order to get the ASPNET account to behave as desired?
EDIT: The Win32 API is being used to create scheduled tasks.
Best Answer
Instead of worrying about the ASPNET user permissions, would your internal process allow you to create a machine specific account and supply the credentials there?