我创建了一个Web服务,应该允许将命令传递给Exchange Server Powershell。当我通过VS(localhost)在机器上运行它来测试它时一切正常。但是,当我尝试从其他机器使用此服务时。我得到了拒绝访问错误。
这是服务:
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Remoting;
using System.Management.Automation.Runspaces;
using System.Configuration;
using Microsoft.Exchange.WebServices.Data;
namespace pshell
{
[WebService(Namespace = "http://some1.domain.int/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
public class PowerShellService : System.Web.Services.WebService
{
private bool Authenticate(string u, string p)
{
if ((u == "xxxxxx") && (p == "xxxxxxx"))
return true;
else
return false;
}
private int SecurityLevel(string u)
{
if (u == "xxxxx")
return 100;
else
return 0;
}
[WebMethod]
public string PSCmd(string authuser, string authpass, string cmd, string pars)
{
if (!Authenticate(authuser, authpass))
return "<collection><RESULT status=\"ERROR\" message=\"Authentication failed!\" /></collection>";
String Password = System.Configuration.ConfigurationManager.AppSettings["UUPASS"];
System.Security.SecureString secureString = new System.Security.SecureString();
foreach (char c in Password)
secureString.AppendChar(c);
PSCredential ExchangeCredential = new PSCredential(System.Configuration.ConfigurationManager.AppSettings["UUNAME"], secureString);
WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri(System.Configuration.ConfigurationManager.AppSettings["UURI"]), "http://schemas.microsoft.com/powershell/Microsoft.Exchange", ExchangeCredential);
Runspace runspace = RunspaceFactory.CreateRunspace(connectionInfo);
connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Basic;
PowerShell powershell = PowerShell.Create();
PSCommand command = new PSCommand();
if (cmd.Trim() != "")
{
//here we check for security level
if (SecurityLevel(authuser) >= 100)
{
//admin fully allowed
command.AddCommand(cmd);
}
else
{
//test for allowed commands
if ((SecurityLevel(authuser) < 100) &&
(SecurityLevel(authuser) >= 90))
{
if (cmd.ToLower() == "get-mailbox")
{
command.AddCommand(cmd);
}
}
}
}
else
return "<collection><RESULT status=\"ERROR\" message=\"Missing command!\" /></collection>";
if (pars.Trim() != "")
{
string[] parameters = pars.Split('|');
foreach (string item in parameters)
{
String p = item.Substring(0, item.IndexOf("="));
String v = item.Substring(item.IndexOf("=") + 1);
if (p.Trim().ToLower() == "password")
{
System.Security.SecureString passString = new System.Security.SecureString();
foreach (char c in v)
passString.AppendChar(c);
command.AddParameter(p, passString);
}
else if ((v.Trim().ToLower() == "false") ||
(v.Trim().ToLower() == "true"))
{
if (v.Trim().ToLower() == "false")
command.AddParameter(p, false);
else
command.AddParameter(p, true);
}
else
{
command.AddParameter(p, v);
}
}
}
powershell.Commands = command;
runspace.Open();
Pipeline pl = runspace.CreatePipeline();
powershell.Runspace = runspace;
Collection<PSObject> results = null;
string xml = "<collection>";
try
{
results = powershell.Invoke();
var error = pl.Error.Read() as Collection<ErrorRecord>;
if (error != null)
{
foreach (ErrorRecord er in error)
{
xml += "<RESULT status=\"ERROR\" type=\"pipe\" message=\"" + er.ErrorDetails.Message + "\" />";
}
pl.Stop();
}
xml += "<RESULT status=\"OK\" />";
}
catch(Exception err)
{
xml += "<RESULT status=\"ERROR\" type=\"exception\" codelevel=\"1\" message=\"" + err.Message + "\" />";
}
try
{
foreach (PSObject item in results)
{
for (int i = 0; i < item.Properties.Count(); i++)
{
if (item.Properties.ElementAt(i).MemberType == PSMemberTypes.Property)
{
xml += "<" + item.Properties.ElementAt(i).Name + ">" +
item.Properties.ElementAt(i).Value +
"</" + item.Properties.ElementAt(i).Name + ">";
}
}
}
}
catch(Exception err)
{
xml += "<RESULT status=\"ERROR\" type=\"exception\" codelevel=\"2\" message=\"" + err.Message + "\" />";
}
xml += "</collection>";
return xml;
}
}
}
这是我想用来发送命令的PHP代码:
$ini = ini_set("soap.wsdl_cache_enabled","0");
$params = array('authuser' => 'xxxx',
'authpass' => 'xxxx',
'cmd' => 'get-mailbox',
'pars' => '');
$client = new SoapClient("http://web.domain.com/pshell/callpshell.asmx?WSDL", array('soap_version' => SOAP_1_2));
$response = $client->PSCmd($params)->PSCmdResult;
print $response;
这是我收到的错误消息:
连接到远程服务器some1.domain.int失败,并显示以下错误消息:拒绝访问。有关详细信息,请参阅about_Remote_Troubleshooting帮助主题。
我在Exchange Server上启用了远程访问,并且我做了所有远程故障排除建议。
有什么建议吗?
答案 0 :(得分:0)
发生访问拒绝错误,因为Web服务作为IIS_USER启动,其权限不足以调用远程PowerShell。
好好久不好,我解决了这个问题:
它有效:)