I'm working on a ASP.Net application which allows users to schedule certain tasks. So far I have created a GUI to configurate the triggers provided by this library and the tasks can be added to the Windows Task Scheduler without any problems.
So far I did not experience any access denied problems like in earlier discussions.
The problem appears when Task Scheduler tries to run the job:
Task Scheduler failed to start "\482800F0-63BE-4730-A509-73AA554521C9" task for user "IIS APPPOOL\ASP.NET v4.0". Additional Data: Error Value: 2147943645.
When I change the user account of the task manually (in Task Scheduler GUI) to my domain user account, the action gets executed as expected. Obviously it's a problem with the special account type of IIS application pools.
This is the code to create the task:
TaskDefinition taskDef = taskService.NewTask();
taskDef.Principal.UserId = WindowsIdentity.GetCurrent().Name;
taskDef.Principal.LogonType = TaskLogonType.InteractiveToken;
taskService.RootFolder.RegisterTaskDefinition(TaskPlanerFolder + this.ID, taskDef);
As the documentation says InteractiveToken requires an interactive logon of the user, so my first idea was to change the last line to:
taskDef.Principal.LogonType = TaskLogonType.ServiceAccount;
as the virtual identity of the IIS application pool is like the NetworkService account.
This will result in a COMException like
The task XML contains a value which is incorrectly formatted or out of range.
The only difference in the task XML is the lack of this line:
Any suggestions how I can add the task without using a different user account? The ASP.NET application must not be granted admin rights, and the scheduled application does require any other permissions than connecting to a SQL Server.