A while back I had a task that I needed to be able to trigger from a web page. In this particular case the task involved running a few different scripts & command line operations – some of which had to be done with particular permissions (such as accessing a share on a different server).
What I didn’t want to do was give those permissions to the IIS process to allow the page to execute these commands directly, as I was worried that a mistake might happen that will allow the page to do a lot more than I wanted and become an easy attack vector.
Realizing that I could encapsulate all of the steps of the task and their necessary permissions into a Windows Scheduled Task, I then set out to see how I can kick off a specified task in the scheduler from an ASP page. This is what I came up with. It has three basic steps:
- Create your scheduled task that calls the script(s) that you want to run.
- Open up the folder where the task file is saved and change permissions on it so that the IIS process can run it.
- Create the web page that will access & run your task.
It’s actually a very simple process, but I’ll spell it out in detail here – because of that it may seem more complicated than it really is.
Create the Scheduled Task
The first step is to create the scheduled task, so log into your IIS webserver and open up the Windows Task Scheduler.
In this example, I’ve created a separate sub-folder called “WebTasks” (select & then right-click on Task Scheduler Library” in the left panel –> New Folder) for organization purposes.
I have a prepared script that I want to run called “mytask.bat” located in a folder at “E:\Scripts\”. So lets start the Create Task dialog (right panel) to set up a task to run it, that we’ll call “IIS_Task”
Set Permissions on the Task
Next we have to change the permissions on this task so that the IIS process can run it. To do this go to the folder that the task files are saved in, by default that's:
C:\Windows\System32\Tasks\
In our case, since we earlier created this task in a sub-folder called “WebTasks”, we go here:
C:\Windows\System32\Tasks\WebTasks
You should see our new task in a file called “IIS_Task” (or whatever you named your version). Right-click on it & select Properties. Then add Read & Execute permissions for the IUSR account (the default account that IIS uses). If your install of IIS uses a different account, apply that one instead. Apply the change & close the dialog.
Now our task is created, and it’s permissions are changed so that the IIS process can call it, and IIS hasn’t been granted any unneeded permissions such as creating/changing tasks, or access to any of the resources that our task will use.
Create the web page
Finally, it’s time to create the web page that will do this.
I’ve actually looked to see how to call the Task Scheduler from .NET, but couldn’t find the reference in my brief poking around, but did see how to do it in VBScript, so this page is done in “Classic ASP”, rather than ASP.NET. Also, since it’s just an example, there is no security or controls on this demo page:
<%
Dim vRun, vMsg vMsg = "" vRun = Trim(Request("run")) 'get form input 'If form value was submitted, run the task If vRun = "Run Task" Then
RunJob
End If
'Routine to execute our task Sub RunJob
Dim objTaskService, objRootFolder, objTask 'create instance of the scheduler service Set objTaskService = Server.CreateObject("Schedule.Service") 'connect to the service objTaskService.Connect 'go to our task folder, use just "\" if you saved it under the root folder Set objRootFolder = objTaskService.GetFolder("\WebTasks") 'reference our task Set objTask = objRootFolder.GetTask("IIS_Task") 'run it objTask.Run vbNull
vMsg = "Submitted" 'clean up Set objTaskService = Nothing Set objRootFolder = Nothing Set objTask = Nothing
End Sub %> <html> <body>
<form method="post" action="runtask.asp">
<p>Click to run the task: <input type="submit" value="Run Task" name="run" /></p>
<p>[<%= run %>]</p>
<p style="font-weight:bold; color:#006600;"><%= vMsg %></p>
</form>
</body> </html>
Save that as runtask.asp in your wwwroot folder & try it out.
As you can see, the code to actually run our task is really simple, the real work is done in only five lines of code in the RunJob subroutine.
Hope this helps.
No comments:
Post a Comment