/// <summary>
/// Determines whether the given user is authorized to obtain administrator rights.
/// </summary>
/// <param name="allowedSidsList">
/// The list of allowed SIDs and principal names against which the user's identity is checked.
/// </param>
/// <param name="deniedSidsList">
/// The list of denied SIDs and principal names against which the user's identity is checked.
/// </param>
/// <returns>
/// Returns true if the user is authorized to obtain administrator rights.
/// </returns>
public bool UserIsAuthorized(string[] allowedSidsList, string[] deniedSidsList)
{
WindowsIdentity userIdentity = null;
if (ServiceSecurityContext.Current != null)
{
userIdentity = ServiceSecurityContext.Current.WindowsIdentity;
#if DEBUG
ApplicationLog.WriteEvent(string.Format("In UserIsAuthorized(2), WindowsIdentity.Name is {0} ({1})", ServiceSecurityContext.Current.WindowsIdentity.Name, ServiceSecurityContext.Current.WindowsIdentity.User.Value), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
ApplicationLog.WriteEvent(string.Format("In UserIsAuthorized(2), PrimaryIdentity.Name is {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif
}
if (null == userIdentity)
{
#if DEBUG
ApplicationLog.WriteEvent("In UserIsAuthorized(2), userIdentity is null. Returning false.", EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif
return(false);
}
else
{
return(UserIsAuthorized(userIdentity, allowedSidsList, deniedSidsList));
}
}
/// <summary>
/// Adds a user to the local Administrators group.
/// </summary>
public void AddUserToAdministratorsGroup(DateTime expirationTime)
{
string remoteAddress = null;
WindowsIdentity userIdentity = null;
if (ServiceSecurityContext.Current != null)
{
userIdentity = ServiceSecurityContext.Current.WindowsIdentity;
}
if (OperationContext.Current != null)
{
if (OperationContext.Current.IncomingMessageProperties != null)
{
if (OperationContext.Current.IncomingMessageProperties.ContainsKey(RemoteEndpointMessageProperty.Name))
{
remoteAddress = ((RemoteEndpointMessageProperty)OperationContext.Current.IncomingMessageProperties[RemoteEndpointMessageProperty.Name]).Address;
if (remoteAddress != null)
{
ApplicationLog.WriteEvent(string.Format(Properties.Resources.RequestSentFromHost, remoteAddress), EventID.RemoteRequestInformation, System.Diagnostics.EventLogEntryType.Information);
}
}
}
}
if (userIdentity != null)
{
int timeoutMinutes = GetTimeoutForUser(userIdentity);
LocalAdministratorGroup.AddUser(userIdentity, expirationTime, remoteAddress);
}
}
/// <summary>
/// Gets an object representing the local Administrators group.
/// </summary>
/*private static GroupPrincipal LocalAdminGroup
* {
* get
* {
* if (LocalMachineContext == null)
* {
* ApplicationLog.WriteEvent(Properties.Resources.LocalMachineContextIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error);
* }
* else
* {
* if (LocalAdminsGroupSid == null)
* {
* ApplicationLog.WriteEvent(Properties.Resources.LocalAdminsGroupSIDIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error);
* }
* else
* {
* if (localAdminGroup == null)
* {
* try
* {
* localAdminGroup = GroupPrincipal.FindByIdentity(LocalMachineContext, IdentityType.Sid, LocalAdminsGroupSid.Value);
* }
* catch (Exception exception)
* {
* ApplicationLog.WriteEvent(string.Format("{0}: {1}", Properties.Resources.Exception, exception.Message), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error);
* throw;
* }
* }
* }
* }
* return localAdminGroup;
* }
* }*/
/// <summary>
/// Adds a user to the local Administrators group.
/// </summary>
/// <param name="userIdentity">
/// The identity of the user to be added to the Administrators group.
/// </param>
/// <param name="expirationTime">
/// The date and time at which the user's administrator rights should expire.
/// </param>
/// <param name="remoteAddress">
/// The address of the remote host from which a request for administrator rights came, if applicable.
/// </param>
public static void AddUser(WindowsIdentity userIdentity, DateTime?expirationTime, string remoteAddress)
{
// TODO: Only do this if the user is not a member of the group?
#if DEBUG
ApplicationLog.WriteEvent(string.Format("Calling UserIsAuthorized(3) from AddUser() beginning of function."), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif
//AdminGroupManipulator adminGroupManipulator = new AdminGroupManipulator();
bool userIsAuthorized = AdminGroupManipulator.UserIsAuthorized(userIdentity, Settings.LocalAllowedEntities, Settings.LocalDeniedEntities);
if (!string.IsNullOrEmpty(remoteAddress))
{ // Request is from a remote computer. Check the remote authorization list.
#if DEBUG
ApplicationLog.WriteEvent(string.Format("Calling UserIsAuthorized(3) from AddUser() where remote address is not null or empty."), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif
userIsAuthorized &= AdminGroupManipulator.UserIsAuthorized(userIdentity, Settings.RemoteAllowedEntities, Settings.RemoteDeniedEntities);
}
if (
(LocalAdminGroupName != null) &&
(userIdentity.User != null) &&
(userIdentity.Groups != null) &&
(userIsAuthorized)
)
{
// Save the user's information to the list of users.
EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath);
encryptedSettings.AddUser(userIdentity, expirationTime, remoteAddress);
AddUserToAdministrators(userIdentity.User);
}
}
/// <summary>
/// Removes the given security identifier (SID) from the local Administrators group.
/// </summary>
/// <param name="userSid">
/// The security identifier (SID) to be removed from the local Administrators group.
/// </param>
/// <param name="reason">
/// The reason for the removal.
/// </param>
public static void RemoveUser(SecurityIdentifier userSid, RemovalReason reason)
{
// TODO: Only do this if the user is a member of the group?
if ((LocalAdminGroup != null) && (userSid != null))
{
SecurityIdentifier[] localAdminSids = GetLocalGroupMembers(LocalAdminGroup.SamAccountName);
foreach (SecurityIdentifier sid in localAdminSids)
{
if (sid == userSid)
{
string accountName = GetAccountNameFromSID(userSid);
int result = RemoveLocalGroupMembers(LocalAdminGroup.SamAccountName, userSid);
if (result == 0)
{
EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath);
encryptedSettings.RemoveUser(userSid);
string reasonString = Properties.Resources.RemovalReasonUnknown;
switch (reason)
{
case RemovalReason.ServiceStopped:
reasonString = Properties.Resources.RemovalReasonServiceStopped;
break;
case RemovalReason.Timeout:
reasonString = Properties.Resources.RemovalReasonTimeout;
break;
case RemovalReason.UserLogoff:
reasonString = Properties.Resources.RemovalReasonUserLogoff;
break;
case RemovalReason.UserRequest:
reasonString = Properties.Resources.RemovalReasonUserRequest;
break;
}
string message = string.Format(Properties.Resources.UserRemoved, userSid, accountName, reasonString);
ApplicationLog.WriteEvent(message, EventID.UserRemovedFromAdminsSuccess, System.Diagnostics.EventLogEntryType.Information);
}
else
{
ApplicationLog.WriteEvent(string.Format(Properties.Resources.RemovingUserReturnedError, userSid, accountName, result), EventID.UserRemovedFromAdminsFailure, System.Diagnostics.EventLogEntryType.Warning);
}
}
}
}
}
/// <summary>
/// Adds the given security identifier (SID) to the local Administrators group.
/// </summary>
/// <param name="userSid">
/// The security identifier (SID) to be added to the local Administrators group.
/// </param>
private static bool AddUserToAdministrators(SecurityIdentifier userSid)
{
int result = AddLocalGroupMembers(LocalAdminGroup.SamAccountName, userSid);
if (result == 0)
{
ApplicationLog.WriteEvent(string.Format(Properties.Resources.UserAddedToAdminsGroup, userSid, GetAccountNameFromSID(userSid)), EventID.UserAddedToAdminsSuccess, System.Diagnostics.EventLogEntryType.Information);
return(true);
}
else
{
ApplicationLog.WriteEvent(string.Format(Properties.Resources.AddingUserReturnedError, userSid, GetAccountNameFromSID(userSid), result), EventID.UserAddedToAdminsFailure, System.Diagnostics.EventLogEntryType.Warning);
return(false);
}
}
/// <summary>
/// Determines whether the given user is authorized to obtain administrator rights.
/// </summary>
/// <param name="userIdentity">
/// An identity object representing the user whose authorization is to be checked.
/// </param>
/// <param name="allowedSidsList">
/// The list of allowed SIDs and principal names against which the user's identity is checked.
/// </param>
/// <param name="deniedSidsList">
/// The list of denied SIDs and principal names against which the user's identity is checked.
/// </param>
/// <returns>
/// Returns true if the user is authorized to obtain administrator rights.
/// </returns>
public static bool UserIsAuthorized(WindowsIdentity userIdentity, string[] allowedSidsList, string[] deniedSidsList)
{
if (null == userIdentity)
{
#if DEBUG
ApplicationLog.WriteEvent("In UserIsAuthorized(3), userIdentity is null. Returning false.", EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif
return(false);
}
/*
*
#if DEBUG
* ApplicationLog.WriteEvent(string.Format("In UserIsAuthorized(3), userIdentity.Name is {0} ({1})", userIdentity.Name, userIdentity.User.Value), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif
*/
// The denied list contains entries. Check the user against that list first.
if ((deniedSidsList != null) && AccountListContainsIdentity(deniedSidsList, userIdentity))
{
return(false);
}
// The user hasn't been denied yet, so now we check for authorization.
// Check the authorization list.
if (allowedSidsList == null)
{ // The allowed list is null, meaning everyone is allowed administrator rights.
return(true);
}
else if (allowedSidsList.Length == 0)
{ // The allowed list is empty, meaning no one is allowed administrator rights.
return(false);
}
else
{ // The allowed list has entries.
if (AccountListContainsIdentity(allowedSidsList, userIdentity))
{
return(true);
}
// The user was not found in the allowed list, so the user is not authorized.
return(false);
}
}
/// <summary>
/// Handles the startup of the service.
/// </summary>
/// <param name="args">
/// Data passed the start command.
/// </param>
/// <remarks>
/// This function executes when a Start command is sent to the service by the
/// Service Control Manager (SCM) or when the operating system starts
/// (for a service that starts automatically).
/// </remarks>
protected override void OnStart(string[] args)
{
try
{
base.OnStart(args);
}
catch (Exception) { };
// Create the Windows Event Log source for this application.
ApplicationLog.CreateSource();
// Open the service host which is accessible via named pipes.
this.OpenNamedPipeServiceHost();
// If remote requests are allowed, open the service host which
// is accessible via TCP.
if (Settings.AllowRemoteRequests)
{
try
{
this.OpenTcpServiceHost();
}
catch (AddressAlreadyInUseException addressInUseException)
{
System.Text.StringBuilder logMessage = new System.Text.StringBuilder(addressInUseException.Message);
logMessage.Append(System.Environment.NewLine);
logMessage.Append(string.Format("Determine whether another application is using TCP port {0:N0}.", Settings.TCPServicePort));
ApplicationLog.WriteEvent(logMessage.ToString(), EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning);
}
catch (Exception)
{
ApplicationLog.WriteEvent("Unhandled exception while opening the remote request handler. Remote requests may not be honored.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning);
}
}
if ((Settings.LogElevatedProcesses != ElevatedProcessLogging.Never) && (this.processWatchSession == null))
{
StartTracing();
}
// Start the timer that watches for expired administrator rights.
this.removalTimer.Start();
}
/// <summary>
/// Instantiate a new instance of the Make Me Admin Windows service.
/// </summary>
public MakeMeAdminService()
{
InitializeComponent();
/*
* this.CanHandleSessionChangeEvent = true;
*/
this.EventLog.Source = "Make Me Admin";
this.AutoLog = false;
this.removalTimer = new System.Timers.Timer()
{
Interval = 10000, // Raise the Elapsed event every ten seconds.
AutoReset = true // Raise the Elapsed event repeatedly.
};
this.removalTimer.Elapsed += RemovalTimerElapsed;
#if DEBUG
ApplicationLog.WriteEvent(string.Format("process logging setting: {0:N0}", (int)Settings.LogElevatedProcesses), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif
}
private void StartTracing()
{
Task.Factory.StartNew(
() =>
{
if (this.processWatchSession == null)
{
processWatchSession = new TraceEventSession("Make Me Admin Process Watch")
{
StopOnDispose = true
};
try
{
// Turn on the process events (includes starts and stops).
processWatchSession.EnableKernelProvider(KernelTraceEventParser.Keywords.Process);
// Enable the Microsoft-Windows-Kernel-Process provider.
processWatchSession.EnableProvider(Guid.Parse("22fb2cd6-0e7b-422b-a0c7-2fad1fd0e716"));
// Ask the DynamicTraceEventParser to raise an event for all events that it knows about.
processWatchSession.Source.Dynamic.All += Dynamic_All;
// Raise an event for every process start event that the kernel knows about.
processWatchSession.Source.Kernel.ProcessStart += Kernel_ProcessStart;
// Listen for events.
processWatchSession.Source.Process();
}
catch (Exception exxx)
{
ApplicationLog.WriteEvent(exxx.Message, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error);
}
}
},
TaskCreationOptions.LongRunning);
}
/// <summary>
/// Validates that all of the users stored in the on-disk user list
/// are in the local Adminstrators group if they're supposed to be, and vice-vera.
/// </summary>
public static void ValidateAllAddedUsers()
{
// Get a list of the users stored in the on-disk list.
EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath);
SecurityIdentifier[] addedUserList = encryptedSettings.AddedUserSIDs;
// Get a list of the current members of the Administrators group.
SecurityIdentifier[] localAdminSids = null;
if ((addedUserList.Length > 0) && (LocalAdminGroup != null))
{
localAdminSids = GetLocalGroupMembers(LocalAdminGroup.SamAccountName);
}
for (int i = 0; i < addedUserList.Length; i++)
{
bool sidFoundInAdminsGroup = false;
if ((addedUserList[i] != null) && (localAdminSids != null))
{
foreach (SecurityIdentifier sid in localAdminSids)
{
if (sid == addedUserList[i])
{
sidFoundInAdminsGroup = true;
break;
}
}
AdminGroupManipulator adminGroup = new AdminGroupManipulator();
if (sidFoundInAdminsGroup)
{ // User's SID was found in the local administrators group.
DateTime?expirationTime = encryptedSettings.GetExpirationTime(addedUserList[i]);
if (expirationTime.HasValue)
{ // The user's rights expire at some point.
if (expirationTime.Value > DateTime.Now)
{ // The user's administrator rights expire in the future.
// Nothing to do here, since the user is already in the administrators group.
}
else
{ // The user's administrator rights have expired.
LocalAdministratorGroup.RemoveUser(addedUserList[i], RemovalReason.Timeout);
}
}
else
{ // The user's rights never expire.
// Get a WindowsIdentity object for the user matching the added user SID.
WindowsIdentity sessionIdentity = null;
WindowsIdentity userIdentity = null;
int[] loggedOnSessionIDs = LsaLogonSessions.LogonSessions.GetLoggedOnUserSessionIds();
foreach (int sessionId in loggedOnSessionIDs)
{
sessionIdentity = LsaLogonSessions.LogonSessions.GetWindowsIdentityForSessionId(sessionId);
if ((sessionIdentity != null) && (sessionIdentity.User == addedUserList[i]))
{
userIdentity = sessionIdentity;
break;
}
}
if (
(Settings.AutomaticAddAllowed != null) &&
(Settings.AutomaticAddAllowed.Length > 0) &&
(adminGroup.UserIsAuthorized(Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied))
)
{ // The user is an automatically-added user.
// Nothing to do here. The user is an automatically-added one, and their rights don't expire.
}
else
{ // The user is not an automatically-added user.
// Users who are not automatically added should not have non-expiring rights. Remove this user.
LocalAdministratorGroup.RemoveUser(addedUserList[i], RemovalReason.Timeout);
}
}
}
else
{ // User's SID was not found in the local administrators group.
DateTime?expirationTime = encryptedSettings.GetExpirationTime(addedUserList[i]);
if (expirationTime.HasValue)
{ // The user's rights expire at some point.
if (expirationTime.Value > DateTime.Now)
{ // The user's administrator rights expire in the future.
string accountName = GetAccountNameFromSID(addedUserList[i]);
if (Settings.OverrideRemovalByOutsideProcess)
{
ApplicationLog.WriteEvent(string.Format(Properties.Resources.UserRemovedByOutsideProcess + " " + Properties.Resources.AddingUserBackToAdministrators, addedUserList[i], string.IsNullOrEmpty(accountName) ? Properties.Resources.UnknownAccount : accountName), EventID.UserRemovedByExternalProcess, System.Diagnostics.EventLogEntryType.Information);
AddUserToAdministrators(addedUserList[i]);
}
else
{
ApplicationLog.WriteEvent(string.Format(Properties.Resources.UserRemovedByOutsideProcess + " " + Properties.Resources.RemovingUserFromList, addedUserList[i], string.IsNullOrEmpty(accountName) ? Properties.Resources.UnknownAccount : accountName), EventID.UserRemovedByExternalProcess, System.Diagnostics.EventLogEntryType.Information);
encryptedSettings.RemoveUser(addedUserList[i]);
}
}
else
{ // The user's administrator rights have expired.
// No need to remove from the administrators group, as we already know the SID
// is not present in the group.
encryptedSettings.RemoveUser(addedUserList[i]);
}
}
else
{ // The user's rights never expire.
// Get a WindowsIdentity object for the user matching the added user SID.
WindowsIdentity sessionIdentity = null;
WindowsIdentity userIdentity = null;
int[] loggedOnSessionIDs = LsaLogonSessions.LogonSessions.GetLoggedOnUserSessionIds();
foreach (int sessionId in loggedOnSessionIDs)
{
sessionIdentity = LsaLogonSessions.LogonSessions.GetWindowsIdentityForSessionId(sessionId);
if ((sessionIdentity != null) && (sessionIdentity.User == addedUserList[i]))
{
userIdentity = sessionIdentity;
break;
}
}
if (
(Settings.AutomaticAddAllowed != null) &&
(Settings.AutomaticAddAllowed.Length > 0) &&
(adminGroup.UserIsAuthorized(Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied))
)
{ // The user is an automatically-added user.
// The users rights do not expire, but they are an automatically-added user and are missing
// from the Administrators group. Add the user back in.
AddUserToAdministrators(addedUserList[i]);
}
else
{ // The user is not an automatically-added user.
// The user is not in the Administrators group now, but they are
// listed as having non-expiring rights, even though they are not
// automatically added. This should never really happen, but
// just in case, we'll remove them from the on-disk user list.
encryptedSettings.RemoveUser(addedUserList[i]);
}
}
}
}
}
}
/// <summary>
/// Executes when a change event is received from a Terminal Server session.
/// </summary>
/// <param name="changeDescription">
/// Identifies the type of session change and the session to which it applies.
/// </param>
protected override void OnSessionChange(SessionChangeDescription changeDescription)
{
switch (changeDescription.Reason)
{
// The user has logged off from a session, either locally or remotely.
case SessionChangeReason.SessionLogoff:
EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath);
System.Collections.Generic.List <SecurityIdentifier> sidsToRemove = new System.Collections.Generic.List <SecurityIdentifier>(encryptedSettings.AddedUserSIDs);
int[] sessionIds = LsaLogonSessions.LogonSessions.GetLoggedOnUserSessionIds();
// For any user that is still logged on, remove their SID from the list of
// SIDs to be removed from Administrators. That is, let the users who are still
// logged on stay in the Administrators group.
foreach (int id in sessionIds)
{
SecurityIdentifier sid = LsaLogonSessions.LogonSessions.GetSidForSessionId(id);
if (sid != null)
{
if (sidsToRemove.Contains(sid))
{
sidsToRemove.Remove(sid);
}
}
}
// Process the list of SIDs to be removed from Administrators.
for (int i = 0; i < sidsToRemove.Count; i++)
{
if (
// If the user is not remote.
(!(encryptedSettings.ContainsSID(sidsToRemove[i]) && encryptedSettings.IsRemote(sidsToRemove[i])))
&&
// If admin rights are to be removed on logoff, or the user's rights do not expire.
(Settings.RemoveAdminRightsOnLogout || !encryptedSettings.GetExpirationTime(sidsToRemove[i]).HasValue)
)
{
LocalAdministratorGroup.RemoveUser(sidsToRemove[i], RemovalReason.UserLogoff);
}
}
/*
* In theory, this code should remove the user associated with the logoff, but it doesn't work.
* SecurityIdentifier sid = LsaLogonSessions.LogonSessions.GetSidForSessionId(changeDescription.SessionId);
* if (!(UserList.ContainsSID(sid) && UserList.IsRemote(sid)))
* {
* LocalAdministratorGroup.RemoveUser(sid, RemovalReason.UserLogoff);
* }
*/
break;
// The user has logged on to a session, either locally or remotely.
case SessionChangeReason.SessionLogon:
WindowsIdentity userIdentity = LsaLogonSessions.LogonSessions.GetWindowsIdentityForSessionId(changeDescription.SessionId);
if (userIdentity != null)
{
NetNamedPipeBinding binding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport);
ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, Settings.NamedPipeServiceBaseAddress);
IAdminGroup channel = namedPipeFactory.CreateChannel();
bool userIsAuthorizedForAutoAdd = channel.UserIsAuthorized(Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied);
namedPipeFactory.Close();
// If the user is in the automatic add list, then add them to the Administrators group.
if (
(Settings.AutomaticAddAllowed != null) &&
(Settings.AutomaticAddAllowed.Length > 0) &&
(userIsAuthorizedForAutoAdd /*UserIsAuthorized(userIdentity, Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied)*/)
)
{
LocalAdministratorGroup.AddUser(userIdentity, null, null);
}
}
else
{
ApplicationLog.WriteEvent(Properties.Resources.UserIdentifyIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Warning);
}
break;
/*
* // The user has reconnected or logged on to a remote session.
* case SessionChangeReason.RemoteConnect:
* ApplicationLog.WriteInformationEvent(string.Format("Remote connect. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent);
* break;
*/
/*
* // The user has disconnected or logged off from a remote session.
* case SessionChangeReason.RemoteDisconnect:
* ApplicationLog.WriteInformationEvent(string.Format("Remote disconnect. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent);
* break;
*/
/*
* // The user has locked their session.
* case SessionChangeReason.SessionLock:
* ApplicationLog.WriteInformationEvent(string.Format("Session lock. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent);
* break;
*/
/*
* // The user has unlocked their session.
* case SessionChangeReason.SessionUnlock:
* ApplicationLog.WriteInformationEvent(string.Format("Session unlock. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent);
* break;
*/
}
base.OnSessionChange(changeDescription);
}
/*
* private bool TcpPortInUse
* {
* get
* {
* System.Net.NetworkInformation.IPGlobalProperties globalIPProps = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties();
* return globalIPProps.GetActiveTcpListeners().Where(n => n.Port == Settings.TCPServicePort).Count() > 0;
* }
* }
*/
/// <summary>
/// Handles the faulted event for a WCF service host.
/// </summary>
/// <param name="sender">
/// The service host that has entered the faulted state.
/// </param>
/// <param name="e">
/// Data related to the event.
/// </param>
private void ServiceHostFaulted(object sender, EventArgs e)
{
ApplicationLog.WriteEvent(Properties.Resources.ServiceHostFaulted, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Warning);
}
/// <summary>
/// Creates the WCF Service Host which is accessible via TCP.
/// </summary>
private void OpenTcpServiceHost()
{
if ((null != this.tcpServiceHost) && (this.tcpServiceHost.State == CommunicationState.Opened))
{
this.tcpServiceHost.Close();
}
this.tcpServiceHost = new ServiceHost(typeof(AdminGroupManipulator), new Uri(Settings.TcpServiceBaseAddress));
this.tcpServiceHost.Faulted += ServiceHostFaulted;
NetTcpBinding binding = new NetTcpBinding(SecurityMode.Transport)
{
PortSharingEnabled = true
};
// If port sharing is enabled, then the Net.Tcp Port Sharing Service must be available as well.
if (PortSharingServiceExists)
{
ServiceController controller = new ServiceController(portSharingServiceName);
switch (controller.StartType)
{
case ServiceStartMode.Disabled:
ApplicationLog.WriteEvent("The Net.Tcp Port Sharing Service is disabled. Remote access will not be available.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning);
return;
/*
* case ServiceStartMode.Automatic:
#if DEBUG
* ApplicationLog.WriteEvent("Port sharing service is set to start automatically.", EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif
* break;
* case ServiceStartMode.Manual:
#if DEBUG
* ApplicationLog.WriteEvent("Port sharing service is set to start manually.", EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif
* int waitCount = 0;
* while ((controller.Status != ServiceControllerStatus.Running) && (waitCount < 10))
* {
* switch (controller.Status)
* {
* case ServiceControllerStatus.Paused:
* controller.Continue();
* controller.WaitForStatus(ServiceControllerStatus.Running, new TimeSpan(0, 0, 5));
* break;
* case ServiceControllerStatus.Stopped:
* try
* {
* controller.Start();
* controller.WaitForStatus(ServiceControllerStatus.Running, new TimeSpan(0, 0, 5));
* }
* catch (Win32Exception win32Exception)
* {
* ApplicationLog.WriteEvent(win32Exception.Message, EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Error);
* }
* catch (InvalidOperationException invalidOpException)
* {
* ApplicationLog.WriteEvent(invalidOpException.Message, EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Error);
* }
* break;
* }
* System.Threading.Thread.Sleep(1000);
* waitCount++;
* }
*
* if (controller.Status != ServiceControllerStatus.Running)
* {
* ApplicationLog.WriteEvent(string.Format("Port {0} is already in use, but the Net.Tcp Port Sharing Service is not running. Remote access will not be available.", Settings.TCPServicePort), EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning);
* }
*
* break;
*/
}
controller.Close();
}
else
{
ApplicationLog.WriteEvent(string.Format("Port {0} is already in use, but the Net.Tcp Port Sharing Service does not exist. Remote access will not be available.", Settings.TCPServicePort), EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning);
return;
}
this.tcpServiceHost.AddServiceEndpoint(typeof(IAdminGroup), binding, Settings.TcpServiceBaseAddress);
try
{
this.tcpServiceHost.Open();
}
catch (ObjectDisposedException)
{
ApplicationLog.WriteEvent("The communication object is in a Closing or Closed state and cannot be modified.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning);
}
catch (InvalidOperationException)
{
ApplicationLog.WriteEvent("The communication object is not in a Opened or Opening state and cannot be modified.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning);
}
catch (CommunicationObjectFaultedException)
{
ApplicationLog.WriteEvent("The communication object is in a Faulted state and cannot be modified.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning);
}
catch (System.TimeoutException)
{
ApplicationLog.WriteEvent("The default interval of time that was allotted for the operation was exceeded before the operation was completed.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning);
}
}
