none
Permission Settings for Accessing Windows Services with RIA service/Silverlight Client

    Question

  • I am using Visual Studio 2010, Silverlight 5, and WCF RIA services.

    I have a multi-project (Silverlight, Web, class libraries, windows service, and deployment) application that uses a number of Windows services. Everything works fine with the Visual Studio Development/Local IIS Web server.

    When I use Custom Web Server, I encounter a security exception ({"Requested registry access is not allowed."}                System.Exception {System.Security.SecurityException}).

    This exception occurs when the WCF RIA service creates an instance of the Windows service so that it can access it. The instance creation executes some initialization as part of the service constructor. One exception is thrown when the service executes the following code.

    if (System.Diagnostics.EventLog.Exists("SMMServicesLog"))

    {

           System.Diagnostics.EventLog.Delete("SMMServicesLog");

    }

    I did some research on this issue. I found a Microsoft article (http://support.microsoft.com/kb/842795) that described a registry KEY change that can be set to eliminate this error for authorized users. I followed the steps, but still have the problem. One issue with the recommended approach is that it does not accommodate anonymous users, which I need in the case of one service.

    If I comment out the event log code, this particular exception does not occur.

    Is there a way that I can set permissions so that this type of error does not occur? What I need is a declarative way, if it exists, to grant different levels of permissions for different users.

    Some of the services need to be accessed by anonymous users, while others require elevated privileges. I want to control certain Windows services via a Silverlight (Admin) control interface that checks user login credentials and roles.

    I am not sure how to attack this problem. I have searched the web, but have not been able to find any clues as to how to solve this type of issue.

    Please provide recommendations/insights to resolve this issue.

    Thanks…

    Wednesday, July 11, 2012 11:37 AM

Answers

  • I had to comment out code that required Admin privileges

    After doing a lot of reading/web searching, I believe that I cannot elevate the privileges as I had described previously due to Windows security. The event logs are stored in a Windows folder subdirectory, which is very tightly controlled for good reasons. What I wanted to accomplish requires two RIA interfaces. One for authentication and one that is accessible by users with admin privileges who have already logged in. Individual methods can be set for different authentication levels. However, in my case, the Windows service log access requires admin privileges so any user not meeting this requirement will cause a security exception to be thrown.

    EDITED***

    The following link has some good information on this subject.

    http://social.msdn.microsoft.com/forums/en-US/windowssecurity/thread/08e18474-5f8c-4294-a9cf-7ede1ff8ae1f/

    Tuesday, July 17, 2012 11:52 AM
  • I finally figured out an approach that allows an anonymous user to access data from a long-running Windows service using a WCF RIA Service. This process eliminates the exception that was being thrown with my earlier approach. The Windows service is decoupled from the RIA service via a WCF class library.

    I have the solution on the WCF forum at http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/86b471f1-21d7-4dc3-a326-0fef45b903d1.

    Cheers...

    Monday, July 23, 2012 3:00 PM

All replies

  • ******ADDITIONAL INFORMATION*******

    After thinking about what is happening, I think my real problem is "How to access a long running Windows service from WCF RIA services/Silverlight client."

    I believe the way that I am currently accessing the Windows service from the RIA services is not correct. Right now, I test for the service being null and create a new instance if it is. This is not what I want. The service is already running. I just want to connect to it.

    What is the correct process for accessing a running Windows service from a RIA service?

    Thanks, Warren

    Wednesday, July 11, 2012 12:25 PM
  • I now have the end-to-end implementation working from client to backend Windows services, but I had to comment out code that required Admin privileges. After doing a lot of research today, I think I need to implement an elevated login process for anonymous users similar to that of a database. This will allow access to create event logs as part of the Windows services. I would like to implement the elevated access on a per method basis, which, as I understand if is feasible. However, I still have not found an approach that works and could really use some help here... Cry

    Thanks...

     

    Wednesday, July 11, 2012 8:25 PM
  • I did not find any material on accessing windows services with ria service but access ria service from windows services...

    Thursday, July 12, 2012 3:21 AM
  • Remember that a RIA Services DomainService is running under ASP.NET so what you are really looking for is how to access the service from ASP.NET. I don't have a solution for you, but hopefully that will help you.

    Monday, July 16, 2012 2:05 PM
  • I had to comment out code that required Admin privileges

    After doing a lot of reading/web searching, I believe that I cannot elevate the privileges as I had described previously due to Windows security. The event logs are stored in a Windows folder subdirectory, which is very tightly controlled for good reasons. What I wanted to accomplish requires two RIA interfaces. One for authentication and one that is accessible by users with admin privileges who have already logged in. Individual methods can be set for different authentication levels. However, in my case, the Windows service log access requires admin privileges so any user not meeting this requirement will cause a security exception to be thrown.

    EDITED***

    The following link has some good information on this subject.

    http://social.msdn.microsoft.com/forums/en-US/windowssecurity/thread/08e18474-5f8c-4294-a9cf-7ede1ff8ae1f/

    Tuesday, July 17, 2012 11:52 AM
  • I finally figured out an approach that allows an anonymous user to access data from a long-running Windows service using a WCF RIA Service. This process eliminates the exception that was being thrown with my earlier approach. The Windows service is decoupled from the RIA service via a WCF class library.

    I have the solution on the WCF forum at http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/86b471f1-21d7-4dc3-a326-0fef45b903d1.

    Cheers...

    Monday, July 23, 2012 3:00 PM