Configure framework security to start/stop service

[Amil]

Don't answer this unless you know what you are talking about.

I want to use ServiceController in my code to start and stop a Windows
Service.
I do not want to use <impersonate> in my config file.
This means I must use the Framework Configuration to create Code Group and
Permissions.

I've attempted to create a new Code Group and have tried several different
pieces of
"evidence", but no matter what I have tried, I continue to get "access
denied".

Has anyone ever really done this before...the web is empty to this scenario
:-(

My code is:

[assembly:ServiceControllerPermissionAttribute(SecurityAction.RequestMinimum
, PermissionAccess=ServiceControllerPermissionAccess.Control)]
..
..
..
ServiceController sc = new ServiceController("myservicename");
sc.Start();

 

[bruce barker]

your mixing .net code security with OS security. the .net security
attributes control what evidence a routine needs to be called from another.
this has nothing to do with OS permission need to perform an OS call.

to call the SystemController, the calling thread needs to running as an NT
account (security token) that has enough permissions. unless you run asp.net
as system (not recommended), the only solution is to impersonate a token
that has the required permissions before making the call.

-- bruce (sqlwork.com)

 

[Amil]

I added this to my root web.config. Notice I used the path so that not all
web stuff did the impersonation.

<location path="mypath">
<system.web>
<identity impersonate="true" userName="myusername"
password="mypassword"/>
</system.web>
</location>

Thanks for the help.

your mixing .net code security with OS security. the .net security
attributes control what evidence a routine needs to be called from another.
this has nothing to do with OS permission need to perform an OS call.

to call the SystemController, the calling thread needs to running as an NT
account (security token) that has enough permissions. unless you run asp.net
as system (not recommended), the only solution is to impersonate a token
that has the required permissions before making the call.

-- bruce (sqlwork.com)

Don't answer this unless you know what you are talking about.

I want to use ServiceController in my code to start and stop a Windows
Service.
I do not want to use <impersonate> in my config file.
This means I must use the Framework Configuration to create Code Group and
Permissions.

I've attempted to create a new Code Group and have tried several different
pieces of
"evidence", but no matter what I have tried, I continue to get "access
denied".

Has anyone ever really done this before...the web is empty to this scenario
:-(

My code is:

[assembly:ServiceControllerPermissionAttribute(SecurityAction.RequestMinimum

, PermissionAccess=ServiceControllerPermissionAccess.Control)]
.
.
.
ServiceController sc = new ServiceController("myservicename");
sc.Start();