servicecontroller permissions

2019-04-20 19:53发布

问题:

I have written a service which a website can execute a command on remotely using the ExecuteCommand method. I have noticed that if the website is not running under a user that is an admin on the remote machine then I get a permission denied exception on trying to execute command.

The servicecontroller class doesn't even allow you to specify any authentication parameters. Is this right? Are there a specific set of privelages the user need rather than an admin, as I am reluctant to add all the webservers users in our cluster as local admins on the service machine?

回答1:

You will have to impersonate an admin user for the current thread temporarily then revert back. Look up WindowsIdentity.Impersonate() in MSDN.

ServiceController will use the current thread's principal to make the registry and service control manager calls and you have to make sure it is set to an admin user if you want to manipulate the services. The downside is that you will need to store the password somewhere for the account, make sure you are using SecureString and not storing the password in plain-text.