Hello there! Been doing some Windows Service lately and I have created a simple Windows Service application that monitors a folder and logs the activities on a text file. I have also created a controller to my Windows Service application. My question now is: Is it possible for Windows Services to authenticate if the user of the PC is the one who installed the service application? I want to add to my service application, in the installation part, some authentication stuff. Like for example; I have 1 pc with 2 different users. User 1 installed the service application then uses it. He launches the service controller and the service controller recognizes him as the user who installed the service, user 1 then logs out. User 2 then uses the pc and logs in, he launches the service controller but the controller doesn't recognizes him as the one who installed the service, so it will prompt him that he is not allowed to use it. Would that be possible? I just want to confirm. Thanks! :)

Services do not run in the same session as a user, and should not be user specific. If you need it to run as a specific user then they need to enter their details in the service credentials so it runs as them, however, the user session when they log into the desktop is always going to be separate.

Someone should always have to confirm credentials to use a service - or there is a gaping chasm of issues with vulnerability!

Agree with LizR, this is a very common question that comes up.

Remember you can have two users on a machine, and the service could be running as a completely different user than either of those (and most likely will).

If you need your service to be user specific, then it probably doesn't need to be a service.

Remember you can start an application at startup and not show any windows. This would appear to the user the same thing as a service. Possibly rethink if your app truly needs to be a service or can be handled as an application.

I guess, if I well understand your problem you have a windows service that you want restrict all users to profit of its services but only one person, is it?
Why you don't use the role based security you can use the principal permission either in a declarative or imperative context I give you an expamle

[PrincipalPermissionAttribute(SecurityAction.Demand, Name="dickersonka",
Role="Supervisor")]

you can use this attribute to restrict the services

This article has been dead for over six months. Start a new discussion instead.