Security settings to start a windows service in a ASP.net web app

I have a bit of code in an internal ASP.net application that we use to start automatic services should they be stopped on the server that the web app is running on. The only problem is that it doesn't seem to start the service when its run on the server. It does so fine when its run on my desktop locally though so I'm guessing I have to give certain security settings to the the ASP.net user?

Here's my code:

protected void StartService(object sender, EventArgs e)
{
    LinkButton serviceButton = (LinkButton)sender;
    string name = serviceButton.ID;

    ManagementPath path = new ManagementPath();

    path.Server = System.Environment.MachineName;

    path.NamespacePath = @"root\CIMV2";

    path.RelativePath = "Win32_service.Name='" + name + "'";

    ManagementObject service = new ManagementObject(path);

    ManagementBaseObject temp = service.InvokeMethod("StartService", null, null);

    Thread.Sleep(100);

    GetStoppedServic开发者_JS百科es();
}

Anyone have any ideas on how to get this to work?

Edit: For clarification the web app is run on the same server as the server that I want to start services on.

Edit 2: Had a brainwave and tried to use this code instead.. no dice.

    ProcessInfo = new ProcessStartInfo("cmd.exe", "/C net start " + name);
    ProcessInfo.CreateNoWindow = true;
    ProcessInfo.UseShellExecute = false;
    Process = Process.Start(ProcessInfo);
    Process.Close();

Rather than using the System.Management objects for controlling services, look into the ServiceController class. All the methods for start/stop/pause are available and in a much more structured manner.

You may still encounter permission issues, though. The executing account for your web app will require permissions to control the target service you wish to affect.

Depending on your platform (which version of Win Serv), different accounts will execute for anonymous requests for your web application. Verify which accounts come into play (or if you have authenticated requests, you know your user) and determine their privileges against your Windows service.

Could be an access rights issue. When you run the application locally (through Visual Studio and the built-in Cassini web server) I think you're running it as yourself, so it makes sense that it would work.

When you run the application through IIS (on the server), its running as whatever user is specified in the application pool. (I think its "Network Service" by default). Check which user it is in IIS and try giving that user permission to start your service.

What version of IIS are you running? If its a Win 2K3 server, I'm guessing 6.0.

Information on configuring the application pool:

• IIS 7.0
• IIS 6.0

EDIT: You can use SubInACL.exe (a microsoft tool) to configure service permissions:

So let's say you have user "Johnny" and you want Johnny to be able to stop and start the World Wide Web Publishing service. Simply run the following subinacl.exe command:

subinacl /service W3SVC /GRANT=YOURDOMAIN\Johnny=TO

Obviously you will want to replace YOURDOMAIN with the name of your domain. The TO at the end are the identifiers that tell subinacl which actions you actually want grant to Johnny. T is used for "Start Service" and O is for "Stop Service".

For more information, check out Ingmar's blog post about it.

For Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

1. Open IIS Manager.(From start->run-> type inetmgr and press enter)

2. In the Connections pane, expand the server node and click Application Pools.

3. On the Application Pools page, select the application pool for which you want to specify an identity, and then click Advanced Settings in the Actions pane.

4. For the Identity property, click the ... button to open the Application Pool Identity dialog box.

5. If you want to use a built-in account, select the Built-in account option and select an account from the list. Select Local System from the list

6. If you want to use a custom identity, select the Custom account option and click Set to open the Set Credentials dialog box. Then type the custom account name in the User name text box, type a password in the Password text box, retype the password in the Confirm password text box, and then click OK.

7. Click OK to dismiss the Application Pool Identity dialog box.

Right click on the application pull and then stop and again click on start