I am trying to control a Windows Service via a Web Service interface.
(I am developing in .NET2003) I am using the ServiceController object
which allows me to read the state of the services with no problems.
However, I am not able to start or stop the service unless I go
through the process of impersonating an administrative user. (See
MSDN KB 306158)
Since it appears to be a privilege issue, I set the folders in IIS
holding the Web Service files to Anonymous Access with the privileges
of the administrative user that I was able to impersonate. This did
not work.
Does anybody have any ideas as to how I need to set the security of
the Web service such that I can get rid of the impersonation code in
my application?
Thanks
Doug
WORKS:
String __gc* streamAccessClass::turnStreamOn()
{
ServiceController * streamCtl = new ServiceController();
streamCtl->ServiceName = "newserviceWinService";
if(streamCtl->get_Status() == ServiceControllerStatus::Stopped
|| streamCtl->get_Status() == ServiceControllerStatus::Paused)
{
cImpersonation * user = new cImpersonation();
try
{
if(user->impersonateValidUser(S"IISTEST", S"BaileyD", S"IISTEST"))
{
streamCtl->Start();
streamCtl->WaitForStatus (ServiceControllerStatus::Running);
user->undoImpersonation();
return S"Streamer is On";
}
else
{
return S"Could not log on";
}
}
catch (Exception * startErr)
{
user->undoImpersonation();
return startErr->get_Message();
}
} return S"Streamer failed due to improper state";
}
bool cImpersonation::impersonateValidUser(String * userName, String *
domain, String * password)
{
WindowsIdentity * tempWindowsIdentity;
IntPtr token = IntPtr(0);
IntPtr tokenDuplicate = IntPtr(0);
if(RevertToSelf())
{
if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) != 0)
{
if(DuplicateToken(token, 2, tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity->Impersonate();
if (impersonationContext != 0)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr::Zero)
CloseHandle(token);
if(tokenDuplicate!=IntPtr::Zero)
CloseHandle(tokenDuplicate);
return false;
}
void cImpersonation::undoImpersonation()
{
if (impersonationContext != 0)
impersonationContext->Undo();
}
DOES NOT WORK:
String __gc* streamAccessClass::turnStreamOn()
{
ServiceController * streamCtl = new ServiceController();
streamCtl->ServiceName = "newserviceWinService";
if(streamCtl->get_Status() == ServiceControllerStatus::Stopped
|| streamCtl->get_Status() ==ServiceControllerStatus::Paused)
{
try
{
streamCtl->Start();
streamCtl->WaitForStatus (ServiceControllerStatus::Running);
return S"Streamer is On";
}
catch (Exception * startErr)
{
return startErr->get_Message();
}
} return S"Streamer failed due to improper state";
}
3  3550 
I'm guessing it didn't work because setting the folder is not enough to give
the anonymous user access to the Windows Service. Instead of doing this,
consider running your web service as another user rather than the default
anonymous user. Then give the user enough rights to start/stop the Windows
Service. This way, when you call your Web service, the Web service will run
as the new user in IIS, and, assuming it has the proper rights, it should be
able to manipuate the Windows Services. Of course, if you plan on doing
this, you should properly secure your web service.
Eric
--
Eric Cherng
MCP, MCDBA, MCSD http://echerng.com
"Doug Bailey" <db*****@radiancetech.com> wrote in message
news:f3**************************@posting.google.c om... I am trying to control a Windows Service via a Web Service interface.
(I am developing in .NET2003) I am using the ServiceController object
which allows me to read the state of the services with no problems.
However, I am not able to start or stop the service unless I go
through the process of impersonating an administrative user. (See
MSDN KB 306158)
Since it appears to be a privilege issue, I set the folders in IIS
holding the Web Service files to Anonymous Access with the privileges
of the administrative user that I was able to impersonate. This did
not work.
Does anybody have any ideas as to how I need to set the security of
the Web service such that I can get rid of the impersonation code in
my application?
Thanks
Doug
WORKS:
String __gc* streamAccessClass::turnStreamOn()
{
ServiceController * streamCtl = new ServiceController();
streamCtl->ServiceName = "newserviceWinService";
if(streamCtl->get_Status() == ServiceControllerStatus::Stopped
|| streamCtl->get_Status() == ServiceControllerStatus::Paused)
{
cImpersonation * user = new cImpersonation();
try
{
if(user->impersonateValidUser(S"IISTEST", S"BaileyD", S"IISTEST"))
{
streamCtl->Start();
streamCtl->WaitForStatus (ServiceControllerStatus::Running);
user->undoImpersonation();
return S"Streamer is On";
}
else
{
return S"Could not log on";
}
}
catch (Exception * startErr)
{
user->undoImpersonation();
return startErr->get_Message();
}
} return S"Streamer failed due to improper state";
}
bool cImpersonation::impersonateValidUser(String * userName, String *
domain, String * password)
{
WindowsIdentity * tempWindowsIdentity;
IntPtr token = IntPtr(0);
IntPtr tokenDuplicate = IntPtr(0);
if(RevertToSelf())
{
if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) != 0)
{
if(DuplicateToken(token, 2, tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity->Impersonate();
if (impersonationContext != 0)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr::Zero)
CloseHandle(token);
if(tokenDuplicate!=IntPtr::Zero)
CloseHandle(tokenDuplicate);
return false;
}
void cImpersonation::undoImpersonation()
{
if (impersonationContext != 0)
impersonationContext->Undo();
}
DOES NOT WORK:
String __gc* streamAccessClass::turnStreamOn()
{
ServiceController * streamCtl = new ServiceController();
streamCtl->ServiceName = "newserviceWinService";
if(streamCtl->get_Status() == ServiceControllerStatus::Stopped
|| streamCtl->get_Status() ==ServiceControllerStatus::Paused)
{
try
{
streamCtl->Start();
streamCtl->WaitForStatus (ServiceControllerStatus::Running);
return S"Streamer is On";
}
catch (Exception * startErr)
{
return startErr->get_Message();
}
} return S"Streamer failed due to improper state";
}
What do I need to do this? I went to the service's IIS directory and
turned off the anonymous access. I still got the same results when I
ran it.
Do I need to do anything to the service's web.config file. Right now
it is set to the default which uses Windows authentication and all
users have privileges.
Doug
"Eric Cherng" <ericch1@remove_the_dot-hotmai.l.com> wrote in message news:<uv**************@TK2MSFTNGP11.phx.gbl>... I'm guessing it didn't work because setting the folder is not enough to give
the anonymous user access to the Windows Service. Instead of doing this,
consider running your web service as another user rather than the default
anonymous user. Then give the user enough rights to start/stop the Windows
Service. This way, when you call your Web service, the Web service will run
as the new user in IIS, and, assuming it has the proper rights, it should be
able to manipuate the Windows Services. Of course, if you plan on doing
this, you should properly secure your web service.
Eric
--
Eric Cherng
MCP, MCDBA, MCSD
http://echerng.com
"Doug Bailey" <db*****@radiancetech.com> wrote in message
news:f3**************************@posting.google.c om...I am trying to control a Windows Service via a Web Service interface.
(I am developing in .NET2003) I am using the ServiceController object
which allows me to read the state of the services with no problems.
However, I am not able to start or stop the service unless I go
through the process of impersonating an administrative user. (See
MSDN KB 306158)
Since it appears to be a privilege issue, I set the folders in IIS
holding the Web Service files to Anonymous Access with the privileges
of the administrative user that I was able to impersonate. This did
not work.
Does anybody have any ideas as to how I need to set the security of
the Web service such that I can get rid of the impersonation code in
my application?
Thanks
Doug
WORKS:
String __gc* streamAccessClass::turnStreamOn()
{
ServiceController * streamCtl = new ServiceController();
streamCtl->ServiceName = "newserviceWinService";
if(streamCtl->get_Status() == ServiceControllerStatus::Stopped
|| streamCtl->get_Status() == ServiceControllerStatus::Paused)
{
cImpersonation * user = new cImpersonation();
try
{
if(user->impersonateValidUser(S"IISTEST", S"BaileyD", S"IISTEST"))
{
streamCtl->Start();
streamCtl->WaitForStatus (ServiceControllerStatus::Running);
user->undoImpersonation();
return S"Streamer is On";
}
else
{
return S"Could not log on";
}
}
catch (Exception * startErr)
{
user->undoImpersonation();
return startErr->get_Message();
}
} return S"Streamer failed due to improper state";
}
bool cImpersonation::impersonateValidUser(String * userName, String *
domain, String * password)
{
WindowsIdentity * tempWindowsIdentity;
IntPtr token = IntPtr(0);
IntPtr tokenDuplicate = IntPtr(0);
if(RevertToSelf())
{
if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) != 0)
{
if(DuplicateToken(token, 2, tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity->Impersonate();
if (impersonationContext != 0)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr::Zero)
CloseHandle(token);
if(tokenDuplicate!=IntPtr::Zero)
CloseHandle(tokenDuplicate);
return false;
}
void cImpersonation::undoImpersonation()
{
if (impersonationContext != 0)
impersonationContext->Undo();
}
DOES NOT WORK:
String __gc* streamAccessClass::turnStreamOn()
{
ServiceController * streamCtl = new ServiceController();
streamCtl->ServiceName = "newserviceWinService";
if(streamCtl->get_Status() == ServiceControllerStatus::Stopped
|| streamCtl->get_Status() ==ServiceControllerStatus::Paused)
{
try
{
streamCtl->Start();
streamCtl->WaitForStatus (ServiceControllerStatus::Running);
return S"Streamer is On";
}
catch (Exception * startErr)
{
return startErr->get_Message();
}
} return S"Streamer failed due to improper state";
}
Here's how to do it. This uses Windows Authentication so if your client
isn't or doesn't support it then this method will not work.
1. Uncheck anonymous access to your Web service and make sure your Windows
Authentication is checked. If you don't uncheck anonymous, access to the Web
service will use anonymous by default.
2. Add this into your web.config for your Web service (in the <system.web>
tag)
<identity impersonate="true" />
3. Access the Web service test page as a Windows user that has the proper
rights on the machine to start/stop web services.
Attached is my sample code that implements this solution and successfully
starts/stops the "FTP Publishing" service.
Eric
--
Eric Cherng
MCP, MCDBA, MCSD http://echerng.com
"Doug Bailey" <db*****@radiancetech.com> wrote in message
news:f3*************************@posting.google.co m... What do I need to do this? I went to the service's IIS directory and
turned off the anonymous access. I still got the same results when I
ran it.
Do I need to do anything to the service's web.config file. Right now
it is set to the default which uses Windows authentication and all
users have privileges.
Doug
"Eric Cherng" <ericch1@remove_the_dot-hotmai.l.com> wrote in message
news:<uv**************@TK2MSFTNGP11.phx.gbl>... I'm guessing it didn't work because setting the folder is not enough to
give
the anonymous user access to the Windows Service. Instead of doing this,
consider running your web service as another user rather than the default
anonymous user. Then give the user enough rights to start/stop the
Windows
Service. This way, when you call your Web service, the Web service will
run
as the new user in IIS, and, assuming it has the proper rights, it should
be
able to manipuate the Windows Services. Of course, if you plan on doing
this, you should properly secure your web service.
Eric
--
Eric Cherng
MCP, MCDBA, MCSD
http://echerng.com
"Doug Bailey" <db*****@radiancetech.com> wrote in message
news:f3**************************@posting.google.c om... >I am trying to control a Windows Service via a Web Service interface.
> (I am developing in .NET2003) I am using the ServiceController object
> which allows me to read the state of the services with no problems.
> However, I am not able to start or stop the service unless I go
> through the process of impersonating an administrative user. (See
> MSDN KB 306158)
>
> Since it appears to be a privilege issue, I set the folders in IIS
> holding the Web Service files to Anonymous Access with the privileges
> of the administrative user that I was able to impersonate. This did
> not work.
>
> Does anybody have any ideas as to how I need to set the security of
> the Web service such that I can get rid of the impersonation code in
> my application?
>
> Thanks
> Doug
>
> WORKS:
> String __gc* streamAccessClass::turnStreamOn()
> {
> ServiceController * streamCtl = new ServiceController();
> streamCtl->ServiceName = "newserviceWinService";
>
> if(streamCtl->get_Status() == ServiceControllerStatus::Stopped
> || streamCtl->get_Status() == ServiceControllerStatus::Paused)
> {
> cImpersonation * user = new cImpersonation();
> try
> {
> if(user->impersonateValidUser(S"IISTEST", S"BaileyD", S"IISTEST"))
> {
> streamCtl->Start();
> streamCtl->WaitForStatus (ServiceControllerStatus::Running);
> user->undoImpersonation();
> return S"Streamer is On";
> }
> else
> {
> return S"Could not log on";
> }
> }
> catch (Exception * startErr)
> {
> user->undoImpersonation();
> return startErr->get_Message();
> }
> } return S"Streamer failed due to improper state";
> }
>
> bool cImpersonation::impersonateValidUser(String * userName, String *
> domain, String * password)
> {
>
> WindowsIdentity * tempWindowsIdentity;
> IntPtr token = IntPtr(0);
> IntPtr tokenDuplicate = IntPtr(0);
>
> if(RevertToSelf())
> {
> if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
> LOGON32_PROVIDER_DEFAULT, token) != 0)
> {
> if(DuplicateToken(token, 2, tokenDuplicate) != 0)
> {
> tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
> impersonationContext = tempWindowsIdentity->Impersonate();
> if (impersonationContext != 0)
> {
> CloseHandle(token);
> CloseHandle(tokenDuplicate);
> return true;
> }
> }
> }
> }
> if(token!= IntPtr::Zero)
> CloseHandle(token);
> if(tokenDuplicate!=IntPtr::Zero)
> CloseHandle(tokenDuplicate);
> return false;
> }
>
> void cImpersonation::undoImpersonation()
> {
> if (impersonationContext != 0)
> impersonationContext->Undo();
> }
>
>
>
>
> DOES NOT WORK:
> String __gc* streamAccessClass::turnStreamOn()
> {
>
> ServiceController * streamCtl = new ServiceController();
> streamCtl->ServiceName = "newserviceWinService";
>
> if(streamCtl->get_Status() == ServiceControllerStatus::Stopped
> || streamCtl->get_Status() ==ServiceControllerStatus::Paused)
> {
> try
> {
> streamCtl->Start();
> streamCtl->WaitForStatus (ServiceControllerStatus::Running);
> return S"Streamer is On";
> }
> catch (Exception * startErr)
> {
> return startErr->get_Message();
> }
> } return S"Streamer failed due to improper state";
> } This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Michael Riggio |
last post by:
Is there a way to have a windows service instantiate a class that is a web
service, which will then be accessible to clients via HTTP?
Thanks,
-Mike
|
by: mailme.faisal |
last post by:
I have created a service that create a process.
The service is running in local system account & it also create the
new process in system account.
In process i have to access network resource ....
|
by: Rob |
last post by:
Hi,
I am working on a project that requires a Windows Service which
performs the following file transfer functions.
1. It monitors a specific local directory on a Windows 2003 Server.
2. When...
|
by: SP |
last post by:
Hi All,
I wrote a windows service which is supposed to stop after specified amount
of time. I am calling OnStop() after specified time. OnStop() methods
executed but I dont see the service...
|
by: Bijesh |
last post by:
Hi All,
I've developed a Windows Service that acts as a remoting server (.NET
Remoting). The client(user) is able to connect to the server and start a
program by giving the executable path of...
|
by: Bruce |
last post by:
I am developing an ASP.NET web service application. It works fine on my
WinXP Prof development machine. But when I send it to a Windows Server 2003
system I get the following error (attached...
|
by: pbd22 |
last post by:
Hi.
I know my windows service works when i run it in debug mode on my dev
machine.
It also works in release mode on my dev machine. But, when I move the
service to
a production server, it...
|
by: robertgregson |
last post by:
Using C#, .NET3.5, Visual Studio 2008 and WCF on Windows VISTA SP1, I have written a service, service host (as a C# console application) and a client.
The service uses...
|
by: Matt Lowrance |
last post by:
I'm hoping someone can give me a little guidance. I have written a
simple Windows Service that goes out and scrapes a few web pages and
updates some data in an access database. The service works...
|
by: Kemmylinns12 |
last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and efficiency. While initially associated with cryptocurrencies...
|
by: antdb |
last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine
In the overall architecture, a new "hyper-convergence" concept was proposed, which integrated multiple engines and...
|
by: Oralloy |
last post by:
Hello Folks,
I am trying to hook up a CPU which I designed using SystemC to I/O pins on an FPGA.
My problem (spelled failure) is with the synthesis of my design into a bitstream, not the C++...
|
by: Carina712 |
last post by:
Setting background colors for Excel documents can help to improve the visual appeal of the document and make it easier to read and understand. Background colors can be used to highlight important...
|
by: BLUEPANDA |
last post by:
At BluePanda Dev, we're passionate about building high-quality software and sharing our knowledge with the community. That's why we've created a SaaS starter kit that's not only easy to use but also...
|
by: Ricardo de Mila |
last post by:
Dear people, good afternoon...
I have a form in msAccess with lots of controls and a specific routine must be triggered if the mouse_down event happens in any control.
Than I need to discover what...
|
by: jack2019x |
last post by:
hello, Is there code or static lib for hook swapchain present?
I wanna hook dxgi swapchain present for dx11 and dx9.
|
by: DizelArs |
last post by:
Hi all)
Faced with a problem, element.click() event doesn't work in Safari browser.
Tried various tricks like emulating touch event through a function:
let clickEvent = new Event('click', {...
|
by: F22F35 |
last post by:
I am a newbie to Access (most programming for that matter). I need help in creating an Access database that keeps the history of each user in a database. For example, a user might have lesson 1 sent...
| |
