We are using the ServiceController object to query if our Service is running or not. Our web application that is performing the query is using Impersonation for security/login.
System.ServiceProcess.ServiceController sc = new System.ServiceProcess.ServiceController("myService");
return sc.Status
Using an Administrator account, the query is successful. Using a limited account (non-administrator), the query is failing with a message of "Service myService was not found on computer '.'"... BUT it is only failing in Windows Server 2003 and not in Windows XP.
I've Googled it and checked in MSDN. I didn't find anything related to the usage of ServiceController in Windows Server 2003.
Any ideas?
EDIT: If there is a way to query the service status without using the ServiceController that doesn't involve "security" privileges, that might work for us. We just need to get the status of the service.
UPDATE:
I created a simple console application that will print the status of the service. I used the "runas" command to run the application using both the Administrator and Non-Administrator account. It both worked in Windows Server 2003... Which means that this is an issue of the privilege not being properly passed to the ServiceController call in the web application? IIS security stuff perhaps?
Thanks!
I thought that web app-s are supposed to be run in a sandbox. Allowing access to the service running on local computer isn't really what you should do, because of security issues.
Maybe you could tell us what you want to do and there is another solution?
Related
i have a huge problem with my Windows-Service (C#). We had a system change on a few servers (from windows 2012R2 to Ubuntu) and for all these servers i wrote a monitoring tool as windows service running on a windows server. In this service i checked a few things on the server which worked fine. One of the things i had to check was if some special windows services (e.g. iis) are in state = running.
So - is there ANY possibility to check an Ubuntu-Service programmatically from my monitoring service? Can i set commands on the Ubuntu shell? Or start a bat File?
ServiceController sc = new ServiceController("servicename", "ubuntu-IP"))
Using a ServiceController doesn't work i guess because of Windows != Ubuntu?!
It should be an "easy" way to do it - so if it would be too ornate i just don't do it.
Any information would be appreciated.
EDIT: totally rewrote, I misunderstood the question.
Linux does not use services the way Windows does, first of all there is no infrastructure to remotely check and manage the services like in a windows domain.
You have two options there:
1-Connect through SSH with an account with admin privileges and issue "service (servicename) status", this wil yield if the service is running or not. To connect through SSH the servers must have an SSH server configured and use some C# library for the SSH connection (per example this: https://sshnet.codeplex.com/)
2-Create a C# service and use Mono on your servers, in this way that service can execute commands locally like "ps" or use Process.GetProcesses(), then you can comunicate this process with your Windows process the way you best like, per example TCP or UDP.
I am getting Access is denied exception when I try to connect to a remote server using WMI through IIS (10.0). This same code works fine through Visual Studio 2015 debug (IIS Express). Obviously this is a permissions issue, however I cannot find anything definitive or even suggestive on the best way to approach this.
In my example, the client simply makes a POST call to the web service with credentials in the payload. Then the service attempts to make a WMI connection getting the exception. The remote server is not in a domain, and the credentials have been verified to have access to the given namespaces.
I'm running IIS 10, but have duplicated this with as low as IIS 7.
Any help is appreciated!
public ManagementScope Connect(Credentials creds, string path)
{
_creds = creds;
_path = path;
var conOpt = new ConnectionOptions
{
Impersonation = ImpersonationLevel.Impersonate,
Authentication = AuthenticationLevel.PacketPrivacy,
EnablePrivileges = true,
Username = _creds.Username,
Password = _creds.Password,
//Authority = $"ntlmdomain:{_creds.Domain}"
};
// virtualization\v2
_scope = new ManagementScope($#"\\{_creds.Server}\ROOT\{path}", conOpt);
_scope.Connect();
return _scope;
}
I always recommend to avoid WMI calls inside an application on IIS, due to the reason of possible security lacks.
I recommend to create a local windows service as command relay.
So you would call your local service and this service would execute the remote WMI call. The windows service then needs permission to execute the WMI command at the remote machine and you do not have to change the permission of your web application environment.
Just as information: on other platforms like Azure you are not allowed to change the security settings of your WebApp. Also the service / relay way would solve that requirement.
A common misunderstanding is that IIS Express is IIS. No.
IIS Express executes the code under your account. That means if your account has necessary permissions then the code runs fine.
However, IIS is purely a hosting service and your code runs under the worker process identity aka application pool identity. Review your IIS settings to understand what I mean.
Only if you change that identity to another suitable one or grant the account necessary permissions, the code can work after.
Note that a web app should not perform such tasks that requires lots of extra permissions and then they can be compromised and lead to serious security issues. That's why the other answer suggests you move the WMI calls to a dedicate Windows service.
I had a blog post a few months ago,
https://blog.lextudio.com/2015/04/web-application-differences-in-visual-studio-and-iis/
I'm trying to run an exe with parameters from a web application.
I'm using Process.start() but it does not seem to run on iis!
It works fine when running from iis express. I'm publishing the application to my local iis as a test but it does nothing.
I've tried setting the iis admin service to enable interactions with the desktop and ive told iis to connect as my user credentials and set the application pool to use the same user credentials but still nothing works!
is there anything else someone can advise to get this working!
Cheers.
UPDATE
I got iis to run the process by setting the application pool identity to local system and double checking the credentials for the site.
But as expected the applications do not interact with the desktop, so creating a file from command line is simple, but running an application with parameters do not have the application open.
At the moment iis admin service has interact with desktop checked and is using the local system account.
Ok so this isn't really an answer but in the end I got process.start to work by setting the application pool identity to local system.
But as expected the commands do not interact with the desktop, but this was enough for what my application needs to do.
Sorry for the poor answer.
I have a test gui(winform) which I use to test my wcf service. The service callĀ“s another project in my solution which uses some windows api methods(user32.dll) to find word dialog boxes. It works fine when I test it locally, but when I setup my wcf service in the iis and test it with soapUI, it fails to retrieve and do the desired action on the word dialog boxes.
I suspect that because I am using a winform to test the service, so when I run the test form the solution creates instances/handlers so the windows/dialogboxes are at my disposal in the solution. Testing the service alone without creating the test winform does not make the service get the dialogboxes...
Could this be a permission issue in the iss or somewhere else? I have tried to grant the worker process admin rights, but maby I am not granting the rights in the wrong place. I need find out how the service alone can get a hold of the windows/dialogboxes with user32.dll methods?
windows 7 pro, iis7, vs2010
Any help is greatly appreciated.
Your approach is completely wrong. It works under Visual Studio because it's runing under your user account, but once deployed in IIS, it runs in the context of the App Pool account, which has limited rights and can't interact with Desktop.
Even if you run the service under an Admin account, which is a big security flaw, it will only work with local windows, never with windows on remote machines.
If you explain better your requirements maybe we could suggest a better approach for this.
I have developed a TCP Server. I want my TCP server to be running even when I log off my machine. So clients can connect to it even when my computer is logged off. I was thinking if I must create a Windows Service to implement this approach, but I am not sure how to do so.
Please tell me how can I let my application to keep working even when my machine is logged off.
You can create a service by following these instructions:
http://support.microsoft.com/kb/251192
And then installing it to your PC should be as simple as using
installutil MyService.msc
(installutil will be part of your .NET installation, eg in C:\Windows\Microsoft.NET\Framework\v3.5)
You can the configure it to Startup Automatically by running services.msc from the command prompt.
You could launch it as a task from Windows Task Scheduler and set it to run even if you aren't logged in. This would work even if the application isn't a service.
If you want to be able to shut down your machine and still let the client connect then you need to deploy your application on a server.
Create a windows service and run it as LocalService http://msdn.microsoft.com/en-us/library/zt39148a(v=vs.80).aspx