This project has moved. For the latest updates, please go here.

ASP.NET: Run Task as IIS 7 Application Pool Identity

Topics: Errors, Setup
Jul 9, 2013 at 12:46 PM
Hi there

I'm working on a ASP.Net application which allows users to schedule certain tasks. So far I have created a GUI to configurate the triggers provided by this library and the tasks can be added to the Windows Task Scheduler without any problems.
So far I did not experience any access denied problems like in earlier discussions.

The problem appears when Task Scheduler tries to run the job:

Task Scheduler failed to start "\482800F0-63BE-4730-A509-73AA554521C9" task for user "IIS APPPOOL\ASP.NET v4.0". Additional Data: Error Value: 2147943645.

When I change the user account of the task manually (in Task Scheduler GUI) to my domain user account, the action gets executed as expected. Obviously it's a problem with the special account type of IIS application pools.

This is the code to create the task:
TaskDefinition taskDef = taskService.NewTask();
taskDef.Principal.UserId = WindowsIdentity.GetCurrent().Name;
taskDef.Principal.LogonType = TaskLogonType.InteractiveToken;

taskService.RootFolder.RegisterTaskDefinition(TaskPlanerFolder + this.ID, taskDef);
As the documentation says InteractiveToken requires an interactive logon of the user, so my first idea was to change the last line to:
taskDef.Principal.LogonType = TaskLogonType.ServiceAccount;
as the virtual identity of the IIS application pool is like the NetworkService account.

This will result in a COMException like
The task XML contains a value which is incorrectly formatted or out of range.

The only difference in the task XML is the lack of this line:
<LogonType>InteractiveToken</LogonType>

Any suggestions how I can add the task without using a different user account? The ASP.NET application must not be granted admin rights, and the scheduled application does require any other permissions than connecting to a SQL Server.

Thanks!
Jul 9, 2013 at 1:19 PM
_
_

By the way thats the complete Xml:
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Source></Source>
    <Author>ViewOnly</Author>
    <Description>Task von ViewOnly</Description>
  </RegistrationInfo>
  <Triggers>
    <CalendarTrigger id="C8F0CCC2-AF76-4CAB-92F2-C3DF6F87BC3C">
      <StartBoundary>2013-07-09T11:47:34</StartBoundary>
      <Enabled>true</Enabled>
      <ScheduleByWeek>
        <DaysOfWeek>
          <Wednesday />
          <Friday />
        </DaysOfWeek>
        <WeeksInterval>1</WeeksInterval>
      </ScheduleByWeek>
    </CalendarTrigger>
  </Triggers>
  <Principals>
    <Principal>
      <UserId>S-1-5-82-794271414-2547205055-1060673776-2579641347-304524694</UserId>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <Duration>PT10M</Duration>
      <WaitTimeout>PT1H</WaitTimeout>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions>
    <Exec>
      <Command>notepad.exe</Command>
      <Arguments></Arguments>
    </Exec>
  </Actions>
</Task>
Coordinator
Jul 15, 2013 at 10:01 PM