如何让iis8.5服务与桌面交互
问题是我根本找不到这个选项。
我需要从iis运行winforms app,但我无法实现它。 $ b $bСan有人给我一个提示。
The problem is i couldn't find this option at all. I need to run winforms app from iis, and i couldn't achieve it. Сan someone give me a tip for this.
我试图给网站池提供本地系统和管理员身份,但它不起作用,只是在没有任何进程的情况下运行窗口。
I tried to give localsystem and admin identity to site pool, but it's not working,just process running without any window.
我确实检查了允许服务与桌面交互感谢回答,但仍未显示窗口
i did check "allow service to interact with desktop" thank to answer,but still window not appear
i even tried this one answer,and second one but can not start process at all
'与桌面交互'设置在Windows Vista中受到限制。交互式服务容易受到所谓的破碎攻击,其中高权限进程无法正确验证在同一桌面上运行的较低权限进程发送给它的窗口消息的参数。这可能会导致安全漏洞。作为一项纵深防御措施,Microsoft将控制台会话从会话0(如在以前版本的Windows中)更改为会话1.交互式服务仍在会话0上运行,可以创建UI,或运行其他显示UI的程序,但是用户无法看到它们,也无法从其他进程接收恶意消息。
The 'Interact With Desktop' setting was restricted starting in Windows Vista. Interactive services are susceptible to a so-called 'shatter' attack, where a high-privileged process doesn't properly validate the parameters of a window message sent to it by a lower-privileged process running on the same desktop. That can lead to a security vulnerability. As a defence-in-depth measure, Microsoft changed the console session from being session 0, as in previous versions of Windows, to session 1. Interactive services still run on session 0 and can create UI, or run other programs that show UI, but the user can't see them and they can't receive malicious messages from other processes.
为了兼容性,Windows包含交互式服务检测服务(Ui0detect)。如果交互式服务创建了一个新窗口,则会生成一个提示,告诉用户它正在尝试显示一条消息并请求他们切换到会话0以查看它。
For compatibility, Windows includes the Interactive Service Detection service (Ui0detect). If an interactive service creates a new window, this generates a prompt telling the user that it's trying to show a message and requesting that they switch to session 0 to see it.
但是,在Windows 8上,此服务现在设置为手动启动,如果 NoInteractiveServices 注册表值设置为1,它将无法启动(报告错误1,功能不正确) ,默认情况下。该值在 HKLM \SYSTEM\CurrentControlSet \Control \ Windows 下。 (来源)
However, on Windows 8 this service is now set to manual start, and it won't start (reporting error 1, Incorrect function) if the NoInteractiveServices registry value is set to 1, which it is by default. This value is under HKLM\SYSTEM\CurrentControlSet\Control\Windows. (source)
我强烈建议不要这样做。交互式服务必须在具有高权限的LocalSystem安全上下文中运行。您的代码实际上不太可能需要这些权限。相反,将UI编写为从用户的启动程序组或各种Run注册表项之一启动的低权限进程,并连接到Web应用程序,轮询信号以启动需要启动的进程。您可以使用SignalR通知启动器启动应用程序的时间。
I strongly advise not doing this. Interactive services must run under the LocalSystem security context, which is highly privileged. It's unlikely that your code actually needs those privileges. Instead, write the UI as a low-privileged process that gets launched from the user's Startup program group or one of the various Run registry keys, and connects to the web application, polling for a signal to launch the process that you need to be launched. You could use SignalR to notify the launcher that it's time to launch the application.
参考:会话0服务和驱动程序隔离