Starting/stopping windows service from ASP.NET web application problem

Question

Hi,

There is a windows service on server that can be started or stopped from asp.net web application and it worked fine since it ran under the local user account (name it AA) which is not AD account (also an application pool identity). Web app is hosted on the same machine as service. Service was configured to log on as local system.
But when I changed log in to web app so the users can log in using their AD account I can't start/stop service from web app anymore. I've googled for solutions, tried them all but had no success. My application pool identity for web app is AD user (name it XY) created just for this. This XY user is localy in adminstrators group and assigned "Log on as a service" permission. If I run Visual Studio 2017 as administrator then it works ok.
This is code:

ServiceController sc = new ServiceController("service name", _serviceMachineName); //_serviceMachineName - parameter set in database so this could be done on remote machine

                if ((sc.Status.Equals(ServiceControllerStatus.Stopped)) ||
                    (sc.Status.Equals(ServiceControllerStatus.StopPending)))
                {
                    sc.Start();
                    sc.WaitForStatus(ServiceControllerStatus.Running);
                    btnStartStopService.Text = GetGlobalResourceObject("AspxResources", "stop_service").ToString();
                    divStatus.InnerHtml = GetGlobalResourceObject("AspxResources", "service_status_running_html").ToString();
                }
                else
                {
                    sc.Stop();
                    sc.WaitForStatus(ServiceControllerStatus.Stopped);
                    btnStartStopService.Text = GetGlobalResourceObject("AspxResources", "start_service").ToString();
                    divStatus.InnerHtml = GetGlobalResourceObject("AspxResources", "service_status_stopped_html").ToString();
                }

How should I configure service log on (to run under local system, network service or AD user) should I change c# code ... to make it start/stop from web app?

Answer 1

Hi @Pacoss ,
The issue is security related as the account does not have sufficient privileges to start/stop the service.
You need to impersonate the application/code section with user credentials with appropriate permissions and access to the window service.
You can simulate via web.config or in code.
Details can be found in the documentation:
https://learn.microsoft.com/zh-CN/troubleshoot/developer/webapps/aspnet/ftp-authentication-authorization/implement-impersonation
https://weblogs.asp.net/kaushal/start-stop-window-service-from-asp-net-page
Web.config

<identity impersonate="true" userName="accountname" password="password" />  

In code

System.Security.Principal.WindowsImpersonationContext impersonationContext;  
impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();  
//Insert your code that runs under the security context of the authenticating user here.  
impersonationContext.Undo();  

Best regards,
Lan Huang

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Thanks for the help Lan Huang.

I've tried this solution and I can start/stop service on remote machine (server) but I can't do that on my own machine.
service is installed on 2 servers and on my machine, so on these 2 servers I can start/stop service but not on my own.
All services run under local system, web application pool runs under AD user (XY), this XY user is administrator on all machines (2 servers and my machine), added to "Log on as a service".
I must be doing something wrong ...