A sample project to run PowerShell in a Dotnet 7 windows service.
This simple project shows running PowerShell commands from a windows
service that are activated by a GET request on an API. The service passes
a parameter to the PowerShell script and displays that with the current
user and time in the browser, as well as writing this data to a file in
c:\temp. Windows event logging has been enabled in appsettings.json
It is import to target a specific OS in the configuration. Targeting generic win-64 will not allow powershell to work. At this time, single file publishing also does not work.
The port used by the service is specified in appsettings.json. Note that different ports are configured in appsettings.Development.json.
With the posted configuration, the service API is only accessible from localhost using http. If you need the service to be available from other machines on your network, I would recommend preventing eavesdropping by configuring use of an SSL certificate.
- Install the certificate in the Windows Certificate Store using
certmgr.exeinto the Personal store - Get the location and validate the path with this powershell command. Note the location LocalMachine\My and the private key is available:
PS C:\> Get-ChildItem -Path cert:\ -Recurse | Where-Object { $_.Subject -imatch "desk.domain.com" } | Select Subject, HasPrivateKey, PsParentPath
Subject HasPrivateKey PSParentPath
------- ------------- ------------
CN=desk.domain.com True Microsoft.PowerShell.Security\Certificate::LocalMachine\My
- Add the FQDN from the certificate to AllowedHosts in
appsettings.json:
"AllowedHosts": "desk.domain.com;localhost"
- Add an HTTPS entry:
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://localhost:5400"
},
"Https": {
"Url": "https://desk.domain.com:5401",
"Certificate": {
"Subject": "desk.domain.com",
"Store": "My",
"Location": "LocalMachine",
"AllowInvalid": false
}
}
}
}
To publish the project, mark the project as self contained and target the specific OS runtime. Generic win-x64 will fail.
dotnet publish -o C:\Services\MinimalApiPowershellService\ --sc --runtime win10-x64
This is the publishing profile in Rider:
Finally, create a service on your windows system using this command:
sc create "MinimalApiPowershellService" binpath="c:\Services\MinimalApiPowershellService\MinimalApiPowershellService.exe"
Once the service is created you can start it right away, or configure it to run under specific user context. When running under a specific user context, make sure to check the permissions for this user.
With the service running you can test it by connecting to
http://localhost:5400 from a web browser or a PowerShell
command Invoke-WebRequest -Uri "http://localhost:5400"
If the service will not run, check the event log for any errors.