背景

在Windows系统中,当我们从共享路径或者未信任的网络允许可执行程序时,如果程序未签名那么系统就会提示是否允许执行程序;只有当允许后,程序才能继续执行。当我们需要在一些自动化运行解决方案中调用此类未签名程序时,则会遇到麻烦,因为无法交互。在以前一个SSIS项目中,我们则遇到了类似的麻烦:在SSIS的Package中,需要调用一个放置于共享文件夹中的未签名的Console程序(通过Process类)或者直接添加Execute Process Task,任务则会失败(当通过Agent Job 或者其它调度程序调用时)。

Open File – Security Warning

The publisher could not be verified. Are you sure you want to run this software ?

Name: *.*

Publisher: Unknown

Type: Windows Batch file

 

本文将介绍解决此类问题的一种解决方案(在一些情况下我们无法签名程序或者修改IE安全属性):通过AppDomain来调用控制台程序,绕过Windows的对话框。

另外的解决方法是将程序用受信任的证书签名或者直接设置IE的安全属性,这里不详细介绍:

Internet Options -> Security -> Trusted sites - add \\serverName to trusted sites list.
in "Security level for this zone" - Custom level... -> Miscellaneous -> Launching applications and unsafe files -> Enable

创建Console 程序TestConsole

代码如下:

class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Test");
        }
     }

生成应用程序,并共享TestConsole.exe。在我机器上,共享文件夹为“\\192.168.1.102\TestConsole”,其中包含TestConsole.exe可执行程序。

创建SSIS项目TestSSIS

运行SQL Server Data Tool,选择Business Intelligence,创建SSIS项目。

image

在默认添加的Package.dtsx中,添加一个Execute Process Task,设置Executable属性为“\\192.168.1.102\TestConsole\TestConsole.exe”,如下图所示:

image

运行任务则会提示:

image

如果在Agent Job中允许,同时无法交互,那么最终此任务会失败,抛出类似的信息:

The process exit code was "***" while the expected was "0".

通过Script Task解决此问题

如背景中描述,在一些情况下,我们无法修改IE安全设置,那么以下这个方式则可以轻松的解决这个问题。

删除Execute Process Task,新建C# Script Task,主要代码如下:

public void Main()
        {
            // TODO: Add your code here
            try
            {
                ExecuteApp();
                Dts.TaskResult = (int)ScriptResults.Success;
            }
            catch
            {
                Dts.TaskResult = (int)ScriptResults.Failure;
            }

        }

        private void ExecuteApp()
        {
            string path = @"\\192.168.1.102\TestConsole\TestConsole.exe";
            string dir = Path.GetDirectoryName(path);
            AppDomain currentDomain = AppDomain.CurrentDomain;
            AppDomain subDomain = AppDomain.CreateDomain("TestConsole", null, currentDomain.SetupInformation, new System.Security.PermissionSet(System.Security.Permissions.PermissionState.Unrestricted));
            subDomain.ExecuteAssembly(path);
        }

 

其中的new System.Security.PermissionSet(System.Security.Permissions.PermissionState.Unrestricted)设置尤为重要。

运行Script Task则会成功执行,而不会提示安全警告:

image

总结

这种解决方案,绕过了IE浏览器安全设置,同时也无需被调用程序使用受信任的证书签名,大家可以参考使用。

info Last modified by Raymond at 6 years ago * This page is subject to Site terms.

More from Kontext

visibility 14250
thumb_up 0
access_time 6 years ago

SQL Server Compact 4.0 (CE 4.0) is a free SQL Server embedded database ideal for building standalone and occasionally connected applications for mobile devices, desktops, Web clients and others. In one of my projects, I used it as the database for logging errors, which assumes the errors will onl...

open_in_new SQL Server

visibility 689
thumb_up 0
access_time 7 years ago

SQL Server provides a batch of great features to build robust, high-performance and scalable data solutions. ...

open_in_new SQL Server

visibility 1178
thumb_up 0
access_time 7 years ago

Serial: An Introduction to SQL Server Features Case Scenario In the previous articles of this serial, I’ve introduced how to use SQL Server as database for online transaction proces...

open_in_new SQL Server

visibility 4467
thumb_up 1
access_time 7 years ago

Serial: An Introduction to SQL Server Features Case Scenario For this ETL project, the requirements are listed below: Sales data will be pushed to specified shared fold...

open_in_new SQL Server

info About author

comment Comments (0)

comment Add comment

Please log in or register to comment.

account_circle Log in person_add Register

Log in with external accounts

No comments yet.

Dark theme mode

Dark theme mode is available on Kontext.

Learn more arrow_forward

Kontext Column

Created for everyone to publish data, programming and cloud related articles. Follow three steps to create your columns.


Learn more arrow_forward