I've spent days on this and I need to know whether there's much point in continuing! I'm not even sure this is the right forum...
We're inheriting a web application that uses Apache FOP to dynamically generate PDFs. The site is currently live on the previous development company's server and I can see that it works. For reasons that probably don't require imagination, they don't want to help us move the application very much, and I have the uneviable task of trying to work out the appropriate configuration.
Whilst the code works in VS 2008 dev server, I can't get it to work on Localhost (the PDF isn't created but since the function always returns true the application moves on to say file not found), and on the staging server the application hangs on calling the batch file, and the site has to then be restarted in IIS.
What I do know:
According to the developer the code requires FOP 1.1. (I know the code below has a directory called 0.93, but since I cannot modify the code I have extracted FOP to a matching directory)
FOP is called using the following code, and this works on VS Development Server (which I know runs with different privelleges to IIS)
private static bool MakePDF(string xmlIn, string pdfOut, string workingDir)
{
System.Diagnostics.Process pr = new System.Diagnostics.Process();
pr.StartInfo.FileName = @"C:\fop0.93\fop.bat";
pr.StartInfo.Arguments = @"""" + Path.GetFileName(xmlIn) + @"""" + " " + @"""" + Path.GetFileName(pdfOut) + @"""";
pr.StartInfo.WorkingDirectory = workingDir;
pr.Start();
pr.WaitForExit();
return true;
}What I don't know
I don't know what version of Windows Server or IIS the other company deployed the application on.
I don't know what permissions were given to the relevant folders or what user the process was running under.
I can't modify the source code for the live version of the application, as it hasn't been made available to us.
What I've tried
Our staging and production server both run Win 2008 r2, IIS 7.5
The application runs under its own application pool. I have elevated its identity all the way to Administrator, and given permissions to everyone and his dog to access the FOP directory, and of course the folder where I want the PDF to end up. The application still hangs.
I've tried giving IIS Admin permission to interact with the desktop and restarted IIS (restarted the whole server actually).
I've tried looking at event logs and the task manager to see if the batch file is actually launched. I can't see anything or I'm looking in the wrong places.
The application still hangs on the above function call.
I've downloaded and tested a free program called J4L FOP Server which allows the file to be generated over a WebRequest in the hope that I might eventually be able to modify the application source code, however it uses an even older version of FOP, and the pdf it generated from the .fo and .xml files used by the other company's application was always corrupt.
I have run the same FOP commands to execute the batch file used by the application from the command line on the server and I know FOP is installed and works fine.
What I'd like to know...
Is there better security in Server 2008 r2 / IIS 7.5 that prevents any attempt to call batch files from a website? It seems a pretty risky practice to me in anycase.
Is there a difference in the way Process()/cmd.exe should be used on different operating systems? The fact that it hangs rather than crashes seems to indicate to me it's unhappy about something in the batch file. (It is the default fop.bat provided by Apache though.)
Is there anything I haven't tried yet?