WinForm as LocalService

[IsRaEl]

Hello everybody...

i reeeealy need a way to automatically execute a WinForm with the same
permissions that i have with the LocalService user.

Thanks in advance...

 

[Mehdi]

i reeeealy need a way to automatically execute a WinForm with the same
permissions that i have with the LocalService user.

What permissions of the LocalService user does your application need? Why
does it have to be a WinForm?

You can get a Windows Service running under the LocalService account to
display a Form on the screen by checking the Allow Service to Interact with
Desktop but this won't work anymore in Vista and any case might cause you
loads of troubles and pose a serious security risk.

My guess is that running a WindowForm application under the LocalService
account is the wrong solution for your (I suppose real) problem. More
information about what you are really trying to achieve could help.

 

[Ignacio Machin \( .NET/ C# MVP \)]

Hi,

It depend of the user you are logged like. The app will have the same
privilegies

Take a look at the WindowsIdentity class, you can use it to impersonate
other users

What is what you want to do?

 

[IsRaEl]

Ok..so here is what i got...

i have a Windows Service that use a WebService to send some
files...for that, in some places it needs a proxy config..

so, i've created a Windows App that use the same code to send 1 file
using the same WebService...i call it ConnectionTester...

The problem is, when you use the ConnectionTester and you're logged in
with the Machine Admin, or some Network Admin...the Tester sometimes
work's even without the proxy configuration...and when i use the
Windows Service, it only connect's with proxy correctly configured...

So, doing my own brainstorm, i think it's because the Windows Service
is on a LocalService account....and maybe, if execute teh
ConnectionTester with this account, i can have the exactly same
results...

thanks

 

[Nicholas Paldino [.NET/C# MVP]]

IsRaEl,

So, in this case, run the service with an account which has the
appropriate permissions to do what you need it to do. You can right click
on the service and then choose the account that it runs under.

 

[Mehdi]

What permissions of the LocalService user does your application need? Why
does it have to be a WinForm?

You can get a Windows Service running under the LocalService account to
display a Form on the screen by checking the Allow Service to Interact with
Desktop but this won't work anymore in Vista and any case might cause you
loads of troubles and pose a serious security risk.

Forget that, I missread your post. I had read LocalSystem when you really
wrote LocalService. You can't do the Interact with Desktop trick with the
LocalService account.

 

[IsRaEl]

IsRaEl,

So, in this case, run the service with an account which has the
appropriate permissions to do what you need it to do. You can right click
on the service and then choose the account that it runs under.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Ok..so here is what i got...

i have a Windows Service that use a WebService to send some
files...for that, in some places it needs a proxy config..

so, i've created a Windows App that use the same code to send 1 file
using the same WebService...i call it ConnectionTester...

The problem is, when you use the ConnectionTester and you're logged in
with the Machine Admin, or some Network Admin...the Tester sometimes
work's even without the proxy configuration...and when i use the
Windows Service, it only connect's with proxy correctly configured...

So, doing my own brainstorm, i think it's because the Windows Service
is on a LocalService account....and maybe, if execute teh
ConnectionTester with this account, i can have the exactly same
results...

thanks

But i want to run the app as a LocalService...is that impossible?

 

[Mehdi]

i have a Windows Service that use a WebService to send some
files...for that, in some places it needs a proxy config..

so, i've created a Windows App that use the same code to send 1 file
using the same WebService...i call it ConnectionTester...

The problem is, when you use the ConnectionTester and you're logged in
with the Machine Admin, or some Network Admin...the Tester sometimes
work's even without the proxy configuration...and when i use the
Windows Service, it only connect's with proxy correctly configured...

So, doing my own brainstorm, i think it's because the Windows Service
is on a LocalService account....and maybe, if execute teh
ConnectionTester with this account, i can have the exactly same
results...

Maybe, maybe not. Don't take offense but it seems to me that instead of
trying to find the root of the problem and to solve it, you're simply
trying out some random tricks to get around the problem. Even if you manage
to get your WindowForm application to run under the LocalService account
and even if it *seems* to work this way, the problem will still be there.

If I understand you properly, the computer on which your application runs
needs to go through a proxy server in order to access the Web Service. Your
Windows Service application automatically picks up the proxy server
configuration when it connect but your WindowForm application doesn't. What
about looking at the APIs that allow you to retrieve the proxy server info
from, for example, Internet Explorer's settings and set this info when
connecting to a Web Service? That would sound a lot more sensible to me
than trying to run your application under some random user account that
you've found always worked for some reason you can't explain.

 

[Nicholas Paldino [.NET/C# MVP]]

Why do you want to run the service under the LocalService account if it
doesn't allow you to do what you need it to do? The other option is to
change the rights of the LocalService account to allow it to do what you
need to do, but then that would affect all other services that run under the
LocalService account, which isn't a good idea.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

IsRaEl,

So, in this case, run the service with an account which has the
appropriate permissions to do what you need it to do. You can right
click
on the service and then choose the account that it runs under.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Ok..so here is what i got...

i have a Windows Service that use a WebService to send some
files...for that, in some places it needs a proxy config..

so, i've created a Windows App that use the same code to send 1 file
using the same WebService...i call it ConnectionTester...

The problem is, when you use the ConnectionTester and you're logged in
with the Machine Admin, or some Network Admin...the Tester sometimes
work's even without the proxy configuration...and when i use the
Windows Service, it only connect's with proxy correctly configured...

So, doing my own brainstorm, i think it's because the Windows Service
is on a LocalService account....and maybe, if execute teh
ConnectionTester with this account, i can have the exactly same
results...

thanks

But i want to run the app as a LocalService...is that impossible?

 

[IsRaEl]

Maybe, maybe not. Don't take offense but it seems to me that instead of
trying to find the root of the problem and to solve it, you're simply
trying out some random tricks to get around the problem. Even if you manage
to get your WindowForm application to run under the LocalService account
and even if it *seems* to work this way, the problem will still be there.

If I understand you properly, the computer on which your application runs
needs to go through a proxy server in order to access the Web Service. Your
Windows Service application automatically picks up the proxy server
configuration when it connect but your WindowForm application doesn't. What
about looking at the APIs that allow you to retrieve the proxy server info
from, for example, Internet Explorer's settings and set this info when
connecting to a Web Service? That would sound a lot more sensible to me
than trying to run your application under some random user account that
you've found always worked for some reason you can't explain.

no offense taken...hehehe

this part of taking the proxy config from IE i already do...here is my
code:
if(CboProxy.Checked)
{
WebProxy Proxy = new WebProxy(TxtIPProxy.Text,
Convert.ToInt32(TxtPortaProxy.Text));
Proxy.BypassProxyOnLocal = true;
STA.Proxy = Proxy;

CredentialCache cache = new CredentialCache();
// Verifica o overload correto das credenciais
if(TxtUsuario.Text == "" && TxtDominio.Text == "")
cache.Add( new Uri(STA.Url), "Negotiate", new
NetworkCredential());
else if(TxtDominio.Text == "")
cache.Add( new Uri(STA.Url), "Basic", new
NetworkCredential(TxtUsuario.Text, TxtSenha.Text));
else
cache.Add( new Uri(STA.Url), "Negotiate", new
NetworkCredential(TxtUsuario.Text, TxtSenha.Text, TxtDominio.Text));
STA.Credentials = cache;
STA.Proxy.Credentials = cache;
}
else
{
STA.Credentials = System.Net.CredentialCache.DefaultCredentials;
}

and i can't predict in what computer it will run...and if will run on
a Vista, XP, 2003 server, 2000 server...and if will use a proxy or
not...
it will be installed in a lot of locations...

and about change the LocalService permissions, sometimes the client
may not agree with that..

i need only to run my Win App with a LocalService account...

 

[Mehdi]

this part of taking the proxy config from IE i already do...here is my
code: [...]
and i can't predict in what computer it will run...and if will run on
a Vista, XP, 2003 server, 2000 server...and if will use a proxy or
not...
it will be installed in a lot of locations...

and about change the LocalService permissions, sometimes the client
may not agree with that..

i need only to run my Win App with a LocalService account...

Unfortunately, I won't be able to help you with the Proxy Server settings
problem as I haven't had to use proxy servers so far.

However, I am still convinced that your problem, if I understood it
correctly, lies in finding a way to set the proper proxy settings in the
Windows Form application and has nothing to do with the user account the
application runs under. The fact that it always works with a Windows
Service running under the LocalService account might be just pure
coincidence and be caused by some other factor than the specific user
account that your code runs under. Have you read the documentation about
the LocalService account to try to find out if this account has any
specific features that would explain why your code works under LocalServer
but not under Administrator?

I do not know whether it is even possible to run a standard Window Forms
application under the LocalService account but what's for sure is that
doing that would be a very bad idea as this account as been created
specifically to run background Windows Services that need to run under a
restricted account with anonymous access to LAN ressources. Is has never
been designed to run Windows Form applications and you'll probably
encounter all sorts of security problem if you try to do that.