How to protect a VB.net windows service?

G

gregory_may

I would like to prevent a VB.Net windows service from stopping by any user
who does not have Administrative privilges on the box.

Is this possible in the "OnStop" or "OnShutdown" areas of
System.ServiceProcess.ServiceBase?

It looks like there is a "CanStop" property refered to in this article:
http://msdn.microsoft.com/library/d...systemserviceprocessservicebaseclasstopic.asp

But I dont know how to turn CanStop off/on only if someone has Admin
privledges.

Any suggestions?

Thanks!
 
R

Richard L Rosenheim

I would suggest that you take a look at the classes dealing with user
authentication. There should be a way of check to see if the currently
logged in user is an administrator.

Richard Rosenheim
 
J

Jay B. Harlow [MVP - Outlook]

Gregory,
I don't believe you can within the service itself.

Remember when you use the Services plug-in with in a MMC console (such as
Computer Management - Services and Applications - Services) or a
ServiceController object, you are actually talking to the SCM (Service
Control Manager). My understanding is that the SCM runs under a system
account with elevated authorities. The SCM then talks to your service which
is running under the account that you configured it to run under.

So the service itself only knows specifically what account it is, not the
originating request. Seeing as this originating request may be either a
local or remote request, performed in either a local desktop, remote
desktop, COM+, .NET Remoting, IIS, or other context. I not seeing any way to
know who actually made the request.

What you might (*might*) be able to do is use RegEdit to deauthorize (Deny)
normal users to the registry key that defines the service itself, however I
have not tried it. I'm not sure if I would try it, without further
research...

Asking this "down the hall" in one of the security or server newsgroups
might give a more definite answer.

Hope this helps
Jay
 
G

gregory_may

Well, one thing I am doing, is capturing the username when someone logs in
(In a seperate helper application). This helper application then passes the
username into my service. I suppose I could also pass/lookup the
credentials at this point.

Currently I am using a TCP port to do this... wish there were a simpler way
for this. But it seems to be working fine.

So, if I know the credentials of a user as they log in, its sounding like I
could update the "CanStop" flag of the service?

Thanks!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Adjusting a services "CanStop" on the fly? 4
Windows Service Shutdown 1
windows (vb.net 1.1) service - threading issue 6
OnShutdown not executing in Windows service 2
OnShutdown not executing in Windows service 2
Windows Service help (VB.Net) 5
How can I send mail on windows 98 using vb.net 2
Installing a .net windows service 3

Top