Configure framework security to start/stop service

Discussion in 'ASP .Net' started by Amil, Feb 4, 2004.

  1. Amil

    Amil Guest

    Don't answer this unless you know what you are talking about.

    I want to use ServiceController in my code to start and stop a Windows
    Service.
    I do not want to use <impersonate> in my config file.
    This means I must use the Framework Configuration to create Code Group and
    Permissions.

    I've attempted to create a new Code Group and have tried several different
    pieces of
    "evidence", but no matter what I have tried, I continue to get "access
    denied".

    Has anyone ever really done this before...the web is empty to this scenario
    :-(

    My code is:

    [assembly:ServiceControllerPermissionAttribute(SecurityAction.RequestMinimum
    , PermissionAccess=ServiceControllerPermissionAccess.Control)]
    ..
    ..
    ..
    ServiceController sc = new ServiceController("myservicename");
    sc.Start();
     
    Amil, Feb 4, 2004
    #1
    1. Advertising

  2. Amil

    bruce barker Guest

    your mixing .net code security with OS security. the .net security
    attributes control what evidence a routine needs to be called from another.
    this has nothing to do with OS permission need to perform an OS call.

    to call the SystemController, the calling thread needs to running as an NT
    account (security token) that has enough permissions. unless you run asp.net
    as system (not recommended), the only solution is to impersonate a token
    that has the required permissions before making the call.

    -- bruce (sqlwork.com)


    "Amil" <> wrote in message
    news:#...
    > Don't answer this unless you know what you are talking about.
    >
    > I want to use ServiceController in my code to start and stop a Windows
    > Service.
    > I do not want to use <impersonate> in my config file.
    > This means I must use the Framework Configuration to create Code Group and
    > Permissions.
    >
    > I've attempted to create a new Code Group and have tried several different
    > pieces of
    > "evidence", but no matter what I have tried, I continue to get "access
    > denied".
    >
    > Has anyone ever really done this before...the web is empty to this

    scenario
    > :-(
    >
    > My code is:
    >
    >

    [assembly:ServiceControllerPermissionAttribute(SecurityAction.RequestMinimum
    > , PermissionAccess=ServiceControllerPermissionAccess.Control)]
    > .
    > .
    > .
    > ServiceController sc = new ServiceController("myservicename");
    > sc.Start();
    >
    >
     
    bruce barker, Feb 4, 2004
    #2
    1. Advertising

  3. Amil

    Amil Guest

    I added this to my root web.config. Notice I used the path so that not all
    web stuff did the impersonation.

    <location path="mypath">
    <system.web>
    <identity impersonate="true" userName="myusername"
    password="mypassword"/>
    </system.web>
    </location>

    Thanks for the help.


    "bruce barker" <> wrote in message
    news:%...
    > your mixing .net code security with OS security. the .net security
    > attributes control what evidence a routine needs to be called from

    another.
    > this has nothing to do with OS permission need to perform an OS call.
    >
    > to call the SystemController, the calling thread needs to running as an NT
    > account (security token) that has enough permissions. unless you run

    asp.net
    > as system (not recommended), the only solution is to impersonate a token
    > that has the required permissions before making the call.
    >
    > -- bruce (sqlwork.com)
    >
    >
    > "Amil" <> wrote in message
    > news:#...
    > > Don't answer this unless you know what you are talking about.
    > >
    > > I want to use ServiceController in my code to start and stop a Windows
    > > Service.
    > > I do not want to use <impersonate> in my config file.
    > > This means I must use the Framework Configuration to create Code Group

    and
    > > Permissions.
    > >
    > > I've attempted to create a new Code Group and have tried several

    different
    > > pieces of
    > > "evidence", but no matter what I have tried, I continue to get "access
    > > denied".
    > >
    > > Has anyone ever really done this before...the web is empty to this

    > scenario
    > > :-(
    > >
    > > My code is:
    > >
    > >

    >

    [assembly:ServiceControllerPermissionAttribute(SecurityAction.RequestMinimum
    > > , PermissionAccess=ServiceControllerPermissionAccess.Control)]
    > > .
    > > .
    > > .
    > > ServiceController sc = new ServiceController("myservicename");
    > > sc.Start();
    > >
    > >

    >
    >
     
    Amil, Feb 5, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Will
    Replies:
    1
    Views:
    15,439
    Thomas Weidenfeller
    Nov 2, 2004
  2. HS1
    Replies:
    0
    Views:
    483
  3. Goran Djuranovic
    Replies:
    3
    Views:
    4,113
    Goran Djuranovic
    Feb 22, 2007
  4. Hanumanth
    Replies:
    0
    Views:
    1,413
    Hanumanth
    Sep 25, 2008
  5. Goran Djuranovic

    How to start/stop windows service on a remote machine?

    Goran Djuranovic, Feb 21, 2007, in forum: ASP .Net Security
    Replies:
    5
    Views:
    497
    Steven Cheng[MSFT]
    Feb 28, 2007
Loading...

Share This Page