Configure framework security to start/stop service

A

Amil

Don't answer this unless you know what you are talking about.

I want to use ServiceController in my code to start and stop a Windows
Service.
I do not want to use <impersonate> in my config file.
This means I must use the Framework Configuration to create Code Group and
Permissions.

I've attempted to create a new Code Group and have tried several different
pieces of
"evidence", but no matter what I have tried, I continue to get "access
denied".

Has anyone ever really done this before...the web is empty to this scenario
:-(

My code is:

[assembly:ServiceControllerPermissionAttribute(SecurityAction.RequestMinimum
, PermissionAccess=ServiceControllerPermissionAccess.Control)]
..
..
..
ServiceController sc = new ServiceController("myservicename");
sc.Start();
 
B

bruce barker

your mixing .net code security with OS security. the .net security
attributes control what evidence a routine needs to be called from another.
this has nothing to do with OS permission need to perform an OS call.

to call the SystemController, the calling thread needs to running as an NT
account (security token) that has enough permissions. unless you run asp.net
as system (not recommended), the only solution is to impersonate a token
that has the required permissions before making the call.

-- bruce (sqlwork.com)
 
A

Amil

I added this to my root web.config. Notice I used the path so that not all
web stuff did the impersonation.

<location path="mypath">
<system.web>
<identity impersonate="true" userName="myusername"
password="mypassword"/>
</system.web>
</location>

Thanks for the help.


bruce barker said:
your mixing .net code security with OS security. the .net security
attributes control what evidence a routine needs to be called from another.
this has nothing to do with OS permission need to perform an OS call.

to call the SystemController, the calling thread needs to running as an NT
account (security token) that has enough permissions. unless you run asp.net
as system (not recommended), the only solution is to impersonate a token
that has the required permissions before making the call.

-- bruce (sqlwork.com)


Amil said:
Don't answer this unless you know what you are talking about.

I want to use ServiceController in my code to start and stop a Windows
Service.
I do not want to use <impersonate> in my config file.
This means I must use the Framework Configuration to create Code Group and
Permissions.

I've attempted to create a new Code Group and have tried several different
pieces of
"evidence", but no matter what I have tried, I continue to get "access
denied".

Has anyone ever really done this before...the web is empty to this scenario
:-(

My code is:
[assembly:ServiceControllerPermissionAttribute(SecurityAction.RequestMinimum
, PermissionAccess=ServiceControllerPermissionAccess.Control)]
.
.
.
ServiceController sc = new ServiceController("myservicename");
sc.Start();
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top