tags:

views:

220

answers:

4
Q: 

Permission differences between windows service and console application

Hello!

I'm developing an application with a smart card involved (digital signature). Let's assume that we have the same code in this two contexts:

  • Console application, executed by Administrator user
  • Windows Service, executed by Administrator user

I suposed that if this two codes were executed by the same user they would have the same privileges. It seems that this is not true. When I try with the Windows Service (Executed with Administrator user) i receive

TargetInvocationException
CryptographicException

Can't initialize DLL provider at System.Security.Cryptography.Utils.CreateProvHandle(.

As far as I read on internet maybe is some king of permissions issue. Console Application works OK.

  • What is the difference between the Windows Service and Console Application if they are executed by the same user?

  • Is possible to achieve the same results with Windows Service?

Free virtual beers for the person who solves it ;)

Thanks!

A: 

I do not have a solution for you, unfortunately, but Windows Services behave quite differently that ordinary programs. For example, you could not access network drives from a windows service, unless your service starts AFTER the service that initializes those drives.

You can add dependencies to your service, to make them depend on the services you need, or at the very end. This MAY solve your problem, but I cannot guarantee that.

Callash  2010-06-02 10:06:08
Thanks Callash, Thanks a lot. Unfortunately my service is starting manually, so all possible dependencies are resolved before.
 2010-06-02 10:08:10
If you always start your service manually, what is the point of having it as a windows service in the first place, if you do not mind my asking?
Callash  2010-06-02 10:26:45
Yeah, good question ;). I'm starting manually the service just for testing purposes. In production server it has to be started automatically :) .
 2010-06-02 10:31:30
Then the only other solution I can come up with, is to create a separate AppDomain and handle the security yourself. But I am no expert on that, I think you will want to google that.
Callash  2010-06-02 10:38:08
Thanks Callash, but no way. I've managed to install .Net Framework 2.0 Configuration Tool and I granted to all code groups to 'Full Trust'. But this is not working... I don't know what to look at...
 2010-06-02 12:55:00
Creating an AppDomain is done in your code, not with any configuration tool.
Callash  2010-06-02 15:07:10
Yes, I know. What I've tried is to modify the permissions of the default AppDomain where all applications are executed. All the code zones are set to 'full trust'
 2010-06-03 07:05:01
A: 

One difference between a console app and a Windows service which caused me headaches is the fact that the Windows service uses C:\Windows\System32 as the current directory. I don't know if this will help in your case, but I guess you could try it: http://igorbrejc.net/development/c/windows-services-and-working-directories

Igor Brejc  2010-06-02 17:44:43
Thanks a lot Igor,But no luck ;). I've set Environment.CurrentDirectory as you suggested but the same error is thrown.Thanks again! :(
 2010-06-03 07:06:41
Can you post the whole exception description (including the stack trace)?
Igor Brejc  2010-06-03 07:38:51
I post it in a new answer, thanks :)
 2010-06-03 07:50:57
A: 

Of course Igor, (part of the exception stack is in spanish, sorry).

  • Type: System.Security.Cryptography.CryptographicException
  • Message: La DLL proveedora no se ha podido inicializar correctamente. DLL provider could not start correctly.
  • Base of stack: System.Security.Cryptography.Utils.CreateProvHandle

.Reflection.TargetInvocationException: Se produjo una excepción en el destino de la invocación. ---> System.Security.Cryptography.CryptographicException: La DLL proveedora no se ha podido inicializar correctamente.

en System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) en System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) en System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() en System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) en System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters parameters) --- Fin del seguimiento de la pila de la excepción interna --- en LibWcfFirma.Clases.Criptografia.Algoritmos.Sha1.Encriptar(Stream streamEntrada) en C:\Users*\documents\visual studio 2010\Projects\WcfFirma\LibWcfFirma\Clases\Criptografia\Algoritmos\Sha1.cs:línea 38 en LibWcfFirma.FrontalServicio.FirmarDocumentoPdf(Byte[] archivoDeEntrada) en C:\Users*\documents\visual studio 2010\Projects\WcfFirma\LibWcfFirma\FrontalServicio.svc.cs:línea 56

 2010-06-03 07:52:12
After googling around for this kind of exception, it seems to me your app cannot access the RSA machine keys or something similar (see http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/b52ba916-52d4-4f75-854e-2aa873247ca6 and http://social.msdn.microsoft.com/forums/en-US/clr/thread/7ea48fd0-8d6b-43ed-b272-1a0249ae490f/)
Igor Brejc  2010-06-03 20:41:15
I also recommend switching to English locale when error logging, you'll be able to find answers on Google more easily ;)
Igor Brejc  2010-06-03 20:42:30
+1  A: 

Have you tried running your service as Local Service, Network Service, and Local System? No difference with changing these? I know I had to change mine from Local Service to Local System to give it access to my files. Not sure if you're even using any files, but at least it's something to check.

Brandi  2010-06-03 21:25:22
Ok, thanks Brandi, that worked!! :). The problem is that I don't know why. I changed to other user because Network service doesn't had access to the certificate. In some way I don't understand, the certificate has ended in the folder: - c:\windows\system32\config\systemprofile\application data\microsoft\systemcertificates\my\certificatesLike this file is located in that folder it can work with Local Service and I don't get the error: - Can't initialize DLL provider at System.Security.Cryptography.Utils.CreateProvHandle(.Somebody knows how this file ended in that folder?Thanks Brandi!
 2010-06-14 10:10:53

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?