Start/Stop Window Service from ASP.NET page

Update: The article has been selected as "Article of the day" on 30th April 2011 at official asp.net (http://www.asp.net) site

Last week, I needed to complete one task on which I am going to blog about in this entry. The task is "Create a control panel like webpage to control (Start/Stop) Window Services which are part of my solution installed on computer where the main application is hosted".

Here are the important points to accomplish:
[1] You need to add System.ServiceProcess reference in your application. This namespace holds ServiceController Class to access the window service.

[2] You need to check the status of the window services before you explicitly start or stop it.

[3] By default, IIS application runs under ASP.NET account which doesn't have access rights permission to window service. So, Very Important part of the solution is: Impersonation. You need to impersonate the application/part of the code with the User Credentials which is having proper rights and permission to access the window service.

If you try to access window service it will generate "access denied" error.

The alternatives are: You can either impersonate whole application by adding Identity tag in web.cofig as:
        <identity impersonate="true" userName="" password=""/>

This tag will be under System.Web section. the "userName" and "password" will be the credentials of the user which is having rights to access the window service. But, this would not be a wise and good solution; because you may not impersonate whole website like this just to have access window service (which is going to be a small part of code).

Second alternative is: Only impersonate part of code where you need to access the window service to start or stop it. I opted this one. But, to be fair; I am really unaware of the code part for impersonation. So, I just googled it and injected the code in my solution in a separate class file named as "Impersonate" with required static methods. In Impersonate class; impersonateValidUser() is the method to impersonate a part of code and undoImpersonation() is the method to undo the impersonation. Below is one example:

 Start/Stop Window Service from ASP.NET page

 You need to provide domain name (which is "." if you are working on your home computer), username and password of appropriate user to impersonate.

[4] Here, it is very important to note that: You need to have to store the Access Credentials (username and password) which you are going to user for impersonation; to some secured and encrypted format. I have used Machinekey Encryption to store the value encrypted value inside database.

[5] So now; The real part is to start or stop a window service. You are almost done; because ServiceController class has simple Start() and Stop() methods to start or stop a window service. A ServiceController class has parametrized constructor that takes name of the service as parameter.

Code to Start the window service:

Start/Stop Window Service from ASP.NET page 

Code to Stop the window service:

Start/Stop Window Service from ASP.NET page 

Isn't that too easy! ServiceController made it easy :) I have attached a working example with this post here to start/stop "SQLBrowser" service where you need to provide proper credentials who have permission to access to window service.

Start/Stop Window Service from ASP.NET page 

hope it would helps./.

21 Comments

  • Hi,
    I think this is the asp code I was looking for. I copied it to my WHS and when I start the page I get a runtime error.
    Can you help me out?

  • @Sharky Please let me know the error that you are facing.

  • @sandeep Thanks!

  • @Sharky - IF you are using the attached example then:
    [1] you might have problem in opening the solution. You try to open it from root folder.
    [2] Also, the example application is targeted to Framework 4.0

  • Very Good Article. Keep It up :)

  • I just did something similar but instead of impersonation i gave the user under which the asp.net application specific rights to stop/start/etc the service. At first i used subinacl, but afterward i needed to grant the permissions programtically, so used wmi, if you would like i could give you the code to do this. Cheers.

  • @grasu5xl <>

    Sure, If you can share. This will be great! Thanks.

  • Can we stop IIS? means IIS service in remote server

  • @Prakash Try out below link. This might help you.

    http://www.codeproject.com/KB/cs/Start_Stop_IIS_Website.aspx

  • This is the function that sets the bitmask.

    Public Shared Function SetBitmask(ByVal ServiceName As String, ByVal UserName As String, ByVal bitmask As UInt32) As Int32
    Dim wmi As WmiHelper = New WmiHelper("root\cimv2")
    Dim service As ManagementObject = wmi.GetInstance(".", String.Format(" SELECT * FROM Win32_Service WHERE Name = '{0}'", ServiceName))
    Dim outParams As ManagementBaseObject = service.InvokeMethod("GetSecurityDescriptor", Nothing, Nothing)
    Dim sd As ManagementBaseObject = outParams("Descriptor")

    Dim dacls As ManagementBaseObject() = sd("DACL")
    Dim sacls As ManagementBaseObject() = sd("SACL")
    Dim ctrlFlags As UInt32 = sd("ControlFlags")

    Dim newDescriptor As ManagementBaseObject = wmi.GetClass("Win32_SecurityDescriptor").CreateInstance

    'Create previous DACLs
    Dim newDaclList As New List(Of ManagementBaseObject)
    For Each dacl As ManagementBaseObject In dacls
    'Ignore the DACL if it belongs to the User we are trying to assign a new DACL to.
    If Not dacl("Trustee")("Name") = UserName Then
    newDaclList.Add(dacl)
    End If
    Next
    'Create new DACL
    Dim customDaclACE As ManagementBaseObject = wmi.GetClass("Win32_ACE").CreateInstance
    Dim newTrustee = SecurityUtils.GetTrustee(SecurityUtils.GetSid(UserName, Nothing))
    customDaclACE.Properties("Trustee").Value = newTrustee
    Dim newAccessMask As UInt32 = bitmask
    customDaclACE.Properties("AccessMask").Value = newAccessMask
    newDaclList.Add(customDaclACE)
    'Add DACL
    newDescriptor.Properties("DACL").Value = newDaclList.ToArray

    'Add owner & group
    newDescriptor.Properties("Owner").Value = sd.Properties("Owner").Value
    newDescriptor.Properties("Group").Value = sd.Properties("Group").Value

    'Add control flags
    newDescriptor.Properties("ControlFlags").Value = ctrlFlags

    'add SACL
    newDescriptor.Properties("SACL").Value = sd.Properties("SACL").Value

    'Submit new SecurityDescriptor
    Dim inParams As ManagementBaseObject = service.GetMethodParameters("SetSecurityDescriptor")
    inParams("Descriptor") = newDescriptor

    Dim ret As ManagementBaseObject = service.InvokeMethod("SetSecurityDescriptor", inParams, Nothing)

    'Clean up on aisle 5 :)
    service.Dispose()
    sd.Dispose()
    newDescriptor.Dispose()

    Return CInt(ret("ReturnValue"))
    End Function

    Public Enum ServiceAccessRights
    ACCESS_ALLOWED_ACE_TYPE = &H0
    SERVICE_QUERY_CONFIG = &H1
    SERVICE_CHANGE_CONFIG = &H2
    SERVICE_QUERY_STATUS = &H4
    SERVICE_ENUMARATE_DEPEND = &H8
    SERVICE_START = &H10
    SERVICE_STOP = &H20
    SERVICE_PAUSE_CONTINUE = &H40
    SERVICE_INTEROGATE = &H80
    READ_CONTROL = &H20000
    SERVICE_USER_DEFINED_CONTROL = &H100
    End Enum

    Also while connecting to the wmi, ConnectionOptions.EnablePrivilages = True
    I will not be posting the wmihelper class.

  • Also the function is called as followed

    Dim bitmask As UInt32 = ServiceAccessRights.ACCESS_ALLOWED_ACE_TYPE Or ServiceAccessRights.SERVICE_QUERY_STATUS
    Dim retValue As Integer = ServiceSecurityUtils.SetBitmask(serviceName, userName, bitmask)

  • Good article to start with!

  • thanks for the script! :) Need a little assistance if you are able. I do not know ASP at all so bare with me! I copied all your files into a folder inside IIS7 and then tried to run it. I got the same error as Sharky did above and I converted the folder to an application and it got past the previous error. Now im getting this:

    Configuration Error
    Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

    Parser Error Message: Unrecognized attribute 'targetFramework'. Note that attribute names are case-sensitive.

    Source Error:


    Line 18: during development.
    Line 19: -->
    Line 20:
    Line 21:
    Line 22:


    Source File: C:\inetpub\wwwroot\new\web.config Line: 20


    --------------------------------------------------------------------------------
    Version Information: Microsoft .NET Framework Version:2.0.50727.5446; ASP.NET Version:2.0.50727.5420

    Any thoughts?

  • Hello D.J. Reese,
    Check out the error again.. The application is expecting targetFramework=4.0; but last error line shows version information that the virtual directory is configured to use.

    Here is the line i copied from the error that you sent:

    Version Information: Microsoft .NET Framework Version:2.0.50727.5446; ASP.NET Version:2.0.50727.5420

    So, what you need to do is create a separate Application Pool which uses frameWork 4.0 and assign that application pool to Virtual Directory of the application.
    This should work.

    Hope it helps./.

  • thanks!! it worked like a charm! I got an error on running it again but i forgot to make it an application. After doing so it works. I am getting this error though when I run it (i changed the service to the "Spooler" service because the box i am on does not have SQL installed)
    **** Cannot open Spooler service on computer '.'.Access is denied **** I changed the domainName string to reference my domain and also the username and password fields. thanks for the great script! Been looking for something like this for quite some time!

  • Hello D.J. Reese

    **** Cannot open Spooler service on computer '.'.Access is denied ****

    For this error; I would check if the domain username/password that are being used to access the Spooler window service is having proper access permission or not to stop/start it.

  • Nice thought! Yeah i was using my username and password but, in other ASP scripts like this one where impersonate was being used, it wasnt working. My account is a domain admin but... whatever!! its working. Only thing now is that the service DOES stop but it doesnt start back up after pressing start service! Any thoughts?

  • "Pressing Start Service" .. IS that giving you any error or something?

  • No - It says that the service is started but the actual service doesnt start. It says "SpoolerWindow service start success".

  • Your code is amazing ...
    I'm running it on Windows 2008 Server, It says that the service is started but the requested Service doesn't start.
    Any advice please ??

    Thank you.

  • Hi

    Which domain name, username and password should give sir.

Comments have been disabled for this content.