I hosted my Django app on Windows IIS in Windows Server 2022 Standard
But my application has a feature that opens software (.exe) and run specific user tasks provided in the request of the site.
For example, a user provides some input from my site, and then it processes it with my app by opening software not owned by me using python code in views.py
script_path = "C:\inetpub\wwwroot\webapp\script\runthescript.py"
subprocess.run(["C:/Program Files/My Soft/Soft.exe", "-runScriptFile", script_path])
MY PROBLEM
When I tested my application locally using python manage.py runserver it was working due to admin privileges and session 1 access, but the same when I tried after hosting with IIS then everything working except software to start.
WHAT I TRIED:
I tried providing my AppPool Identity as (IIS APPPOOL\webapp) Administrator privileges.
Tried using Task Scheduler, but it works with the background process but not with the GUI app.
ISSUE
When I googled it, I found that it is due to privileges and session 0 access. IIS has only session 0 isolation so that it is unable to access GUI.
Your small help, idea or suggestion definitely be helpful for me. :)
I hosted my Django app on Windows IIS in Windows Server 2022 Standard
But my application has a feature that opens software (.exe) and run specific user tasks provided in the request of the site.
For example, a user provides some input from my site, and then it processes it with my app by opening software not owned by me using python code in views.py
script_path = "C:\inetpub\wwwroot\webapp\script\runthescript.py"
subprocess.run(["C:/Program Files/My Soft/Soft.exe", "-runScriptFile", script_path])
MY PROBLEM
When I tested my application locally using python manage.py runserver it was working due to admin privileges and session 1 access, but the same when I tried after hosting with IIS then everything working except software to start.
WHAT I TRIED:
I tried providing my AppPool Identity as (IIS APPPOOL\webapp) Administrator privileges.
Tried using Task Scheduler, but it works with the background process but not with the GUI app.
ISSUE
When I googled it, I found that it is due to privileges and session 0 access. IIS has only session 0 isolation so that it is unable to access GUI.
Your small help, idea or suggestion definitely be helpful for me. :)
Share Improve this question edited Mar 8 at 19:58 Lex Li 63.5k11 gold badges124 silver badges161 bronze badges asked Mar 8 at 16:26 MDEVMDEV 8131 gold badge10 silver badges24 bronze badges 15- What is the GUI app? If it is owned by you, it is possible to improve it to work under session 0 with restricted resources (very small resolution, etc), but if it’s owned by someone else, you won’t get it working but rely on its vendor. – Lex Li Commented Mar 8 at 17:49
- No, the GUI app is not mine. I am just using that app process user request. – MDEV Commented Mar 8 at 18:27
- as per my opinion as iis have the restriction that it cant executes as a Windows service in Session 0 – an isolated, non-interactive session. so any of the GUI programs started from IIS stay in Session 0 and it fails with no response. I have also tried task scheduler triggering from the python app but wont be possible as well. the other option left is use the third party application in a user session from an IIS process.as a last option you do not use gui app. – Jalpa Panchal Commented Mar 10 at 10:13
- @JalpaPanchal thanks for your informative opinion, I am currently using two server one production another development to perform GUI task but it decrease the performance and speed of application. I tried with task scheduler and that worked well but got software crash due to multiple request to software – MDEV Commented Mar 10 at 11:37
- @MDEV To avoid crash issue and performance problem with task schedular you could try this setting: 1) check "If the task is already running, then the following rule applies" 2) enable "Delay task for" and set it to 10–30 seconds 3) check Stop the task if it runs longer than and set a timeout 4) Check "If the task fails, restart every" and set it to 1 minute. and Set "Attempt to restart up to" to 3 times. – Jalpa Panchal Commented Mar 11 at 7:13
1 Answer
Reset to default 0I've encountered a similar challenge while running a Linux executable on an Ubuntu server with Django.
The issue you're facing with Django on Windows IIS is a fundamental Windows security feature called "Session 0 Isolation". When I implemented similar functionality on Ubuntu with Django, the permission model was completely different, but here's how I would approach this on Windows Server 2022.
On Ubuntu servers with Django, we typically worry about file permissions and executable bits. However, on Windows Server with IIS, you're facing a different challenge. Your application is running in "Session 0" - a specialized Windows session where services run isolated from user interfaces. This isolation was introduced as a security measure to prevent shatter attacks starting with Windows Vista and Server 2008.
When you run your Django app locally with manage.py runserver, it operates in your interactive user session (Session 1 or higher) with full GUI capabilities. But when hosted on IIS, it's confined to Session 0, which cannot display GUI elements to users by default.
Use FireDaemon Zero
In the Linux world, I would use systemd service files with appropriate user permissions. On Windows, FireDaemon Zero is a specialized tool designed specifically to address Session 0 isolation issues. It allows applications running in Session 0 to display their interface to users.
Create a Windows Service Wrapper
On Ubuntu, I'd typically create a systemd service with proper execution rights. The Windows equivalent is to create a Windows service that runs your EXE:
// Service wrapper code that can launch GUI apps
using System.ServiceProcess;
using System.Diagnostics;
public class ExeService : ServiceBase
{
protected override void OnStart(string[] args)
{
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.FileName = @"C:\Program Files\My Soft\Soft.exe";
startInfo.Arguments = "-runScriptFile C:\\path\\to\\script.py";
startInfo.UseShellExecute = true;
startInfo.CreateNoWindow = false;
Process.Start(startInfo);
}
}
For IIS, specifically:
Give your AppPool Identity proper permissions in Windows Security (GUI or icacls command)
Configure the application pool to run as a specific user with desktop access
Consider delegating IIS Manager permissions for application management