Access is denied when start/stop Windows Service with ASP

Question

I wrote an ASP.NET Web Application that shows all installed services for our product. My application can retrieve the state of service (running, stopped,...).

Additionally, my application should be able to start a stopped service and stop a running service. On my local machine it works, on the server it doesn't. Currently I configured the web-app to use Administrator, but it doesn't start. The Event Viewer shows, that the access is denied:

Process information: 
    Process ID: 5348 
    Process name: w3wp.exe 
    Account name: IIS APPPOOL\ServiceManager 

Exception information: 
    Exception type: Win32Exception 
    Exception message: Access is denied



Request information: 
    Request URL: http://X/ServiceMonitor/StopService/25 
    Request path: /ServiceMonitor/StopService/25 
    User host address: X 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: X\Administrator 

Thread information: 
    Thread ID: 23 
    Thread account name: X\Administrator 
    Is impersonating: False 
    Stack trace:

Any idea what I missed?

Just as additional info, here my StartService-funtion. But should not be a problem, since it works on my local machine:

public bool StartService()
{
    ServiceController service = new ServiceController(_serviceName,_machineName);
    if (!new[] { ServiceControllerStatus.Running, ServiceControllerStatus.StartPending }.Contains(service.Status))
        service.Start();

    service.WaitForStatus(ServiceControllerStatus.Running, TimeSpan.FromMinutes(2));

    return service.Status == ServiceControllerStatus.Running;
}

`IIS APPPOOL\ServiceManager` you're sure this account has admin permissions? Are you doing impersonation? — mason, Oct 17 '19 at 14:58
@mason where can i find that account? This is just the app-site and app-pool name. isnt it? in application pool i set the user to Administrator — Matthias Burger, Oct 17 '19 at 15:25
Seems like the application pool user doesn't have the administrator rights to the windows service machine. — j.f., Oct 17 '19 at 15:32
You probably need to have an Active Directory account created. Then make your app pool run as that account, and grant that account the proper permissions on all the machines it needs to access. — mason, Oct 17 '19 at 15:53
@mason hmm we dont have AD on that machine - I tried with subinacl but I guess `IIS APPPOOL\ServiceManager` is not a user subinacle can work with — Matthias Burger, Oct 18 '19 at 07:34
iis user or iis application pool does not have enough privilege to start or stop the windows service. so you need to add iusr, iis_iusrs or APPPOOL\ServiceManager to the admin group so that you can access windows service. this way is easy, but the unrecommended way. another way you could use account who has enough privilege to access the windows service and set in iis application pool custom account [image](https://i.stack.imgur.com/w6f17.png). you can find this setting under the application pool advance setting. — Jalpa Panchal, Oct 18 '19 at 07:44
@JalpaPanchal .. I thought I did this already (the way you show in the image), but still was "ApplicationPoolIdentity" or something. Now I changed to Administrator - and boom, it works :) thank you. Maybe add it as an answer with your image - so I can accept it. — Matthias Burger, Oct 18 '19 at 07:54

score 3 · Accepted Answer · answered Oct 18 '19 at 07:56

iis user or iis application pool does not have enough privilege to start or stop the windows service. so you need to add iusr, iis_iusrs or APPPOOL\ServiceManager to the admin group so that you can access windows service. this way is easy, but the unrecommended way. another way you could use account who has enough privilege to access the windows service and set in iis application pool custom account. you can find this setting under the application pool advance setting.

Access is denied when start/stop Windows Service with ASP

1 Answers1