Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, November 15, 2010 12:30 PM
i have a windows service, am running this service programatically from a c#.net windows application. all the operations like start, restart, stop are working fine on winxp machine.
but when am running the same from win 7 machine it is throwing error "cannot open <servicename> service on computer '.'."
i can run as administrator but cant say client to run as administrator.
i tried windowsservice.MachineName = "." property, still same error.
if i start/stop directly from services window it is running fine, problem when am trying to start/stop programatically.
welcome all suggestions
Thanks
--Naren
All replies (6)
Tuesday, November 16, 2010 11:18 AM ✅Answered
HI Naren,
Look at this post. Hope it helps
Knowledge is like light; It spreads only when you have clear and transparent mind.
Thursday, November 18, 2010 9:04 AM ✅Answered
The thread which I was mention earlier, had you look at my reply?
http://msdn.microsoft.com/en-us/library/bb756929.aspx
http://msdn.microsoft.com/en-us/library/dd371711(VS.85).aspx
Tuesday, November 16, 2010 10:00 AM
BUMP
Tuesday, November 16, 2010 10:30 AM | 1 vote
It is a security issue. When you are developing (and using the development server) you are probably running as an administrator which means you can start services. However as soon as you switch to IIS you are running under a restricted account which can not start the service. Ultimately you should reconsider why you would want to start a service in a web service call. However assuming that there is a good reason all you need to do is ensure that the IIS account has the necessary rights to start services (Local Computer Policy). Ultimately this is a serious security issue so you should probably consider it carefully. If you are running IIS 6+ then you can create a separate account for your web service. You then associate the account with a web pool that runs only your web service. This custom account would then be assigned the right to start services. It is still a potential security hole but at least it is somewhat isolated.
There are a couple of different ways to start a service but ultimately you'll still need to have the necessary rights. There is no way around this issue.
Actually there is one alternative that would prove to be ever so slightly more secure but I'm hesitant to mention it. Impersonation will allow you to run the web site under a normal account but then "promote" yourself long enough to perform a privileged operation. Back in the v1.x days it was common to see web sites use LogonUser in order to temporarily increase their rights. Fortunately in v2 you can use WindowsIdentity.Impersonate to temporarily increase your rights. You'll have to have the name and password of a user that has the necessary rights to start services. Securing the name and password may be a bigger security issue than simply running IIS under an account with the appropriate rights. Definitely do not hard-code it in the code. You must be sure to properly protect any call to Impersonate . You must ensure that no matter what happens you eventually call Undo to revert back to the normal account. Otherwise the site will continue to run under the higher privilege. Note that this might not even work for your situation but you could try.
Tuesday, November 16, 2010 10:54 AM
Hi arya thanks for you reply and detailed description.
but this is a windows service not webservice. why IIS coming to the picture? just curious to know.
Thursday, November 18, 2010 8:46 AM
Hi sreedhar,
thats what i mentioned in my question, i dont want to run as administrator. we should not allow users to run as administrator.
hope you got what i am expecting.
Thanks
--Naren