Can ASP.NET be configured to run as an administrator when UAC is enabled?

Question

I can't seem to find any information that indicates whether ASP.NET can be configured (through web.config or maybe machine.config) to run as a real administrator on a machine with UAC enabled.

By this I mean, even if you set it to impersonate an Administrator account, UAC will disable that account's ability to act as an Administrator by returning a token set that hides the administrator role. For any checks such as IsInRole, the running account is effectively not an administrator at all.

So ... Let's say I want to ignore all good advice and just go ahead and run a web app on Vista with administrator permissions. Is it even possible?

Alternatives welcome. (Core reason for needing administrator privileges: to stop or start services that are running on that machine.)

Answer 1

An alternate suggestion for Core Reason:

Use a message queue or similar concept to shuttle the information about services to start/stop back and forth between different security contexts instead of trying to hardwire those things together under ASP.NET.

For example,

1. Under your ASP.NET non-administrator account, write some values to file or registry (a log of some kind) that contain information about what services to stop or start.

2. Your controller service running as a true admin polls the written data location and when it sees info, follows those commands to start and stop the appropriate services.

You get around the problem with a workaround instead of a security hack, or instead of disabling UAC altogether.

Update for monitoring:

1. Same idea as above but somewhat reversed - the main/controller service for this scenario that runs on the system writes to a log file. It's the service that writes about other services.
2. Put an auto-refresh on the web page. Each time your webpage refreshes it watches that log for changes = info about services that have stopped or started (can keep its own scratch file for change detection). The refresh might be a META Refresh tag, or an AJAX callback to the server (more subtle).
3. Web page issues instructions as before.

The problem is if that main/controller service stops and nothing gets reported (logs/messages stop being passed). Make a special case for that one service, if you can, by telling Windows to restart it if it stops, or to reboot the machine if it can't start that service ...

.. By the way, have you looked into Windows tools to automatically watch services and restart them on failure, instead of using a web page monitor, or is that not feasible for your requirements?