I have a Windows Task Scheduler task that starts a .NET .exe application.
(As you dive in, keep in mind that all of this is being done to avoid a strict, unbendable CORS policy at my company)
This application "shells out" to the OS to open Chrome to a specific URL on our own web server for an API call to an "outside" third-party web server:
Process p = Process.Start(
"C:\Program Files\Google\Chrome\Application\chrome.exe",
"https://_OUR_Company.com/index.html?doc_id=" + doc_id
);
This page, when it loads, makes an XMLHttpRequest to a Generic Handler to fetch a page from the outside, third-party web page:
let xhr = new XMLHttpRequest();
xhr.open("GET", "handlers/GetDocument.ashx?doc_id=" + doc_id);
xhr.send();
The Generic Handler then:
WebRequest request = WebRequest.Create("https://_THEIR_Company.com/documents.html?doc_id=" + doc_id);
Once it has obtained the outside page, it loads this content into a DIV in our web page, which I can then use the browser's DOM methods to manipulate and parse.
xhr.onload = ((x) => {
// insert obtained page data into content DIV
document.getElementById("mainContent").innerHTML = x.target.responseText;;
// start parsing it:
let DocData = document.getElementById("mainContent").querySelector("#doc-info-header");
var docID = DocData.substring(0,5); // etc etc .....
}
Finally, another XMLHttpRequest() is made to take the data parsed, and store it in a SQL Server database.
xhr.open("POST", "handlers/SaveDocumentData.ashx?data=" + jsonData);
xhr.send();
Our internal web page is on a site that uses a local Active Directory service account for the App Pool, as well as the "Run As..." credentials for the IIS site itself. That same service account is also used to run the Task Scheduler task. This service account also has full R/W access to the database table. So, everything should be being executed under a valid AD service account.
All of this runs and works perfectly if I run the .NET .exe program directly, while logged in using my domain login credentials.
But as soon as I let the Task Scheduler run it, I get the "Login Failed for NT Authority/Anonymous" error message from SQL Server.
I suspect that the web page itself is running under AD Credentials, but the call to the Generic Handler creates a situation in which the Generic Handler that saves the data to the database is not running under any specific credentials (it's running on the server), and therefore arriving at the SQL Server without any credentials and is defaulting to "NT AUTHORTY", but I am not sure, and wide open to correction/smackdown without any feelings being hurt. ;-)
I want to rewrite the application to just make the Task Scheduler .EXE make the API call to the third-party website, get and parse the data directly, but I cannot, for a few reasons.
My company refuses to let me use Microsoft's "Managed DOM" .NET component because of it's dependency on Internet Explorer, which is strictly forbidden here (thank goodness).
My company is also too cheap to buy AngleSharp, so I need Chrome's DOM engine.
I cannot do it directly from a Browser, because my company also has a strict and unbendable CORS policy which absolutely will not allow it. Thus the call to the Generic Handler to do it to escape the CORS restriction.
The internal page is also used manually by employees to retrieve documents, ad hoc, so I cannot just get rid of it.
Again, it all works fine if I just run the .NET application directly while logged in with my credentials (ordinary user creds, not "admin").
Can anyone tell me why the generic handler on our own web server is getting "Login Failed for NT AUTH/ANONYMOUS", or suggest a solution?
EDIT: I have already reviewed this question: IIS application using application pool identity loses primary token?
However, 1) a reboot does not fix it. 2) I do not know what a "computer password" is, and 3) the recommended "hotfix" does not fix this problem.
