How to give witadmin execution rights to a dotnet application on IIS?

Question

I have created a C# dotnet application, in which I run witadmin commands :

Process process = new() { StartInfo =
{
    FileName = "witadmin.exe",
    Arguments = $"exportgloballist {TfsCollectionArgument}",
    UseShellExecute = false,
    RedirectStandardOutput = true,
    CreateNoWindow = true
}};
process.Start();
var res = await process.StandardOutput.ReadToEndAsync();

Process process = new() { StartInfo =
{
    FileName = "witadmin.exe",
    Arguments = $"importgloballist {TfsCollectionArgument} /f:{Path.Combine(System.AppContext.BaseDirectory, "globallistsToPost.xml")}",
    UseShellExecute = false,
    RedirectStandardOutput = true,
    CreateNoWindow = true
}};
process.Start();
var res = await process.StandardOutput.ReadToEndAsync();

The code works perfectly on my computer: I can execute these witadmin commands directly from a CMD, and without having done anything special my application also has permission to execute these commands.

The problem is when I put my application on a server with IIS. witadmin.exe is in the PATH on the server, so I can run witadmin.exe (note that I am administrator). However when my application runs witadmin.exe, I get an error you are not authorized to access [My collection]. How can I avoid this error? I think that my application should have the right to run witadmin.exe, as it is the case for the administrator role on the server, but how to give this authorization to my dotnet IIS application? Thank you in advance, please tell me if I have not been clear on some points.

Answer 1

You can try this solution, set ApplicationPool Identity as the Admin user:

1. In IIS Manager, select Application Pools.

2. From the list of application pools, right-click your website ApplicationPool and select Advanced Settings.

3. In the Process Model section, change the identity property to Custom account and enter the admin account.