C# running PowerShell (BeginInvoke) trying to Copy-Item : ACCESS DENIED

0
votes

User: A who is an ADMIN (or has rights) runs C#-IIS app, which, runs PowerShell (through new PowerShell.Create(), Script() and ps.BeginInvoke).

PS script does a Copy-Item from one local folder to a networked folder (user has rights). In fact, for testing, I set 'Everyone' to have rights (so it's likely not IIS_IUSRS either).

Result: "Access is denied" error.

How can I solve this?

Background:

  1. Cannot explicitly run the powershell exe elevated because I need to capture verbose and other output streams asynchronously.
  2. Just for fun - tried the using (new Impersonator(...)) {...}. But as expected, I'm already running as myself/admin - no change.
  3. When I dump the username (Write-Verbose "Running as $env:username") - I get the machine name (with dollar sign following) - if that helps.

Thanks,

1
c#powershell
Bit out of my depth here, but could this be due to the limitation on impersonation: support.microsoft.com/kb/207671 - andyb

1 Answers

0
votes

I'm going to assume you are running IIS 7.5. To me, it sounds like the application pool is running with Identity set to ApplicationPoolIdentity. Changing it to NetworkService (or an explicit domain account) should do the trick.

From IIS Manager, go to Application Pools, determine which App Pool is hosting your site, right-click, and select "Advanced Settings." You'll find Identity under the Process Model section.