WCF Windows服务权限问题 [英] WCF Windows service permissions problem

问题描述

我创建了一个WCF服务和托管它使用Windows服务主机。 要安装我创建了一个安装工程项目（如这里描述 ）。 在本教程中，它说来定义ProjectInstaller.cs的 serviceProcessInstaller1 的帐户的属性为网络服务的。 当使用这个设置的服务没有在服务器上启动。当我试图手动启动的过程中，它会立即返回的停止的状态。
当我改变后的帐户的到的本地系统的服务工作正常。 我的问题是：

1. 在任何想法，为什么它不会与网络服务帐户工作？
2. 什么是使用一台服务器的使用的本地系统的帐户安全问题？该服务器在本地使用的内联网作为报告服务器，其他服务器。

解决方案

1. 在网络服务没有正确的priviligies使用命名管道运行WCF主机（见<一href="http://weblogs.thinktecture.com/cweyer/2007/12/dealing-with-os-privilege-issues-in-wcf-named-pipes-scenarios.html" rel="nofollow">http://weblogs.thinktecture.com/cweyer/2007/12/dealing-with-os-privilege-issues-in-wcf-named-pipes-scenarios.html).
2. 见<一href="http://www.windowsitpro.com/article/services/understanding-the-local-service-and-network-service-accounts.aspx" rel="nofollow">http://www.windowsitpro.com/article/services/understanding-the-local-service-and-network-service-accounts.aspx对于有关这些账户之间的差异说明。在LocalSystem是本地管理员权限，可能会导致很多麻烦，如果利用被攻击者。网络服务帐户有很大的机会较少，是因为这一点，最好使用。

I have created a WCF service and hosted it using Windows Services host. To install the project I created an installation project (as described here). In the tutorial, it says to define in the ProjectInstaller.cs the serviceProcessInstaller1 Account property to be Network Service. When using this setting the service did not started on the server. When I tried to start the process manually, it immediately returned to stopped state.
After when I changed the Account to LocalSystem the service works properly. My questions are:

1. Any ideas why it won't work with Network Service account?
2. What are the security implications of using a server with LocalSystem account? This server is used locally in the intranet as a reporting server for other servers.

解决方案

1. Network Service does not have proper priviligies to run a WCF host using named pipes (see http://weblogs.thinktecture.com/cweyer/2007/12/dealing-with-os-privilege-issues-in-wcf-named-pipes-scenarios.html).
2. See http://www.windowsitpro.com/article/services/understanding-the-local-service-and-network-service-accounts.aspx for a description about the differences between those accounts. The LocalSystem is a local administrative account that can cause a lot of trouble if exploited by an attacker. The Network Service account has much less access and is because of that better to use.

这篇关于WCF Windows服务权限问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！