/// <summary> /// Determines whether the given user is authorized to obtain administrator rights. /// </summary> /// <param name="allowedSidsList"> /// The list of allowed SIDs and principal names against which the user's identity is checked. /// </param> /// <param name="deniedSidsList"> /// The list of denied SIDs and principal names against which the user's identity is checked. /// </param> /// <returns> /// Returns true if the user is authorized to obtain administrator rights. /// </returns> public bool UserIsAuthorized(string[] allowedSidsList, string[] deniedSidsList) { WindowsIdentity userIdentity = null; if (ServiceSecurityContext.Current != null) { userIdentity = ServiceSecurityContext.Current.WindowsIdentity; #if DEBUG ApplicationLog.WriteEvent(string.Format("In UserIsAuthorized(2), WindowsIdentity.Name is {0} ({1})", ServiceSecurityContext.Current.WindowsIdentity.Name, ServiceSecurityContext.Current.WindowsIdentity.User.Value), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); ApplicationLog.WriteEvent(string.Format("In UserIsAuthorized(2), PrimaryIdentity.Name is {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif } if (null == userIdentity) { #if DEBUG ApplicationLog.WriteEvent("In UserIsAuthorized(2), userIdentity is null. Returning false.", EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif return(false); } else { return(UserIsAuthorized(userIdentity, allowedSidsList, deniedSidsList)); } }
/// <summary> /// Adds a user to the local Administrators group. /// </summary> public void AddUserToAdministratorsGroup(DateTime expirationTime) { string remoteAddress = null; WindowsIdentity userIdentity = null; if (ServiceSecurityContext.Current != null) { userIdentity = ServiceSecurityContext.Current.WindowsIdentity; } if (OperationContext.Current != null) { if (OperationContext.Current.IncomingMessageProperties != null) { if (OperationContext.Current.IncomingMessageProperties.ContainsKey(RemoteEndpointMessageProperty.Name)) { remoteAddress = ((RemoteEndpointMessageProperty)OperationContext.Current.IncomingMessageProperties[RemoteEndpointMessageProperty.Name]).Address; if (remoteAddress != null) { ApplicationLog.WriteEvent(string.Format(Properties.Resources.RequestSentFromHost, remoteAddress), EventID.RemoteRequestInformation, System.Diagnostics.EventLogEntryType.Information); } } } } if (userIdentity != null) { int timeoutMinutes = GetTimeoutForUser(userIdentity); LocalAdministratorGroup.AddUser(userIdentity, expirationTime, remoteAddress); } }
/// <summary> /// Gets an object representing the local Administrators group. /// </summary> /*private static GroupPrincipal LocalAdminGroup * { * get * { * if (LocalMachineContext == null) * { * ApplicationLog.WriteEvent(Properties.Resources.LocalMachineContextIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error); * } * else * { * if (LocalAdminsGroupSid == null) * { * ApplicationLog.WriteEvent(Properties.Resources.LocalAdminsGroupSIDIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error); * } * else * { * if (localAdminGroup == null) * { * try * { * localAdminGroup = GroupPrincipal.FindByIdentity(LocalMachineContext, IdentityType.Sid, LocalAdminsGroupSid.Value); * } * catch (Exception exception) * { * ApplicationLog.WriteEvent(string.Format("{0}: {1}", Properties.Resources.Exception, exception.Message), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error); * throw; * } * } * } * } * return localAdminGroup; * } * }*/ /// <summary> /// Adds a user to the local Administrators group. /// </summary> /// <param name="userIdentity"> /// The identity of the user to be added to the Administrators group. /// </param> /// <param name="expirationTime"> /// The date and time at which the user's administrator rights should expire. /// </param> /// <param name="remoteAddress"> /// The address of the remote host from which a request for administrator rights came, if applicable. /// </param> public static void AddUser(WindowsIdentity userIdentity, DateTime?expirationTime, string remoteAddress) { // TODO: Only do this if the user is not a member of the group? #if DEBUG ApplicationLog.WriteEvent(string.Format("Calling UserIsAuthorized(3) from AddUser() beginning of function."), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif //AdminGroupManipulator adminGroupManipulator = new AdminGroupManipulator(); bool userIsAuthorized = AdminGroupManipulator.UserIsAuthorized(userIdentity, Settings.LocalAllowedEntities, Settings.LocalDeniedEntities); if (!string.IsNullOrEmpty(remoteAddress)) { // Request is from a remote computer. Check the remote authorization list. #if DEBUG ApplicationLog.WriteEvent(string.Format("Calling UserIsAuthorized(3) from AddUser() where remote address is not null or empty."), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif userIsAuthorized &= AdminGroupManipulator.UserIsAuthorized(userIdentity, Settings.RemoteAllowedEntities, Settings.RemoteDeniedEntities); } if ( (LocalAdminGroupName != null) && (userIdentity.User != null) && (userIdentity.Groups != null) && (userIsAuthorized) ) { // Save the user's information to the list of users. EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath); encryptedSettings.AddUser(userIdentity, expirationTime, remoteAddress); AddUserToAdministrators(userIdentity.User); } }
/// <summary> /// Removes the given security identifier (SID) from the local Administrators group. /// </summary> /// <param name="userSid"> /// The security identifier (SID) to be removed from the local Administrators group. /// </param> /// <param name="reason"> /// The reason for the removal. /// </param> public static void RemoveUser(SecurityIdentifier userSid, RemovalReason reason) { // TODO: Only do this if the user is a member of the group? if ((LocalAdminGroup != null) && (userSid != null)) { SecurityIdentifier[] localAdminSids = GetLocalGroupMembers(LocalAdminGroup.SamAccountName); foreach (SecurityIdentifier sid in localAdminSids) { if (sid == userSid) { string accountName = GetAccountNameFromSID(userSid); int result = RemoveLocalGroupMembers(LocalAdminGroup.SamAccountName, userSid); if (result == 0) { EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath); encryptedSettings.RemoveUser(userSid); string reasonString = Properties.Resources.RemovalReasonUnknown; switch (reason) { case RemovalReason.ServiceStopped: reasonString = Properties.Resources.RemovalReasonServiceStopped; break; case RemovalReason.Timeout: reasonString = Properties.Resources.RemovalReasonTimeout; break; case RemovalReason.UserLogoff: reasonString = Properties.Resources.RemovalReasonUserLogoff; break; case RemovalReason.UserRequest: reasonString = Properties.Resources.RemovalReasonUserRequest; break; } string message = string.Format(Properties.Resources.UserRemoved, userSid, accountName, reasonString); ApplicationLog.WriteEvent(message, EventID.UserRemovedFromAdminsSuccess, System.Diagnostics.EventLogEntryType.Information); } else { ApplicationLog.WriteEvent(string.Format(Properties.Resources.RemovingUserReturnedError, userSid, accountName, result), EventID.UserRemovedFromAdminsFailure, System.Diagnostics.EventLogEntryType.Warning); } } } } }
/// <summary> /// Adds the given security identifier (SID) to the local Administrators group. /// </summary> /// <param name="userSid"> /// The security identifier (SID) to be added to the local Administrators group. /// </param> private static bool AddUserToAdministrators(SecurityIdentifier userSid) { int result = AddLocalGroupMembers(LocalAdminGroup.SamAccountName, userSid); if (result == 0) { ApplicationLog.WriteEvent(string.Format(Properties.Resources.UserAddedToAdminsGroup, userSid, GetAccountNameFromSID(userSid)), EventID.UserAddedToAdminsSuccess, System.Diagnostics.EventLogEntryType.Information); return(true); } else { ApplicationLog.WriteEvent(string.Format(Properties.Resources.AddingUserReturnedError, userSid, GetAccountNameFromSID(userSid), result), EventID.UserAddedToAdminsFailure, System.Diagnostics.EventLogEntryType.Warning); return(false); } }
/// <summary> /// Determines whether the given user is authorized to obtain administrator rights. /// </summary> /// <param name="userIdentity"> /// An identity object representing the user whose authorization is to be checked. /// </param> /// <param name="allowedSidsList"> /// The list of allowed SIDs and principal names against which the user's identity is checked. /// </param> /// <param name="deniedSidsList"> /// The list of denied SIDs and principal names against which the user's identity is checked. /// </param> /// <returns> /// Returns true if the user is authorized to obtain administrator rights. /// </returns> public static bool UserIsAuthorized(WindowsIdentity userIdentity, string[] allowedSidsList, string[] deniedSidsList) { if (null == userIdentity) { #if DEBUG ApplicationLog.WriteEvent("In UserIsAuthorized(3), userIdentity is null. Returning false.", EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif return(false); } /* * #if DEBUG * ApplicationLog.WriteEvent(string.Format("In UserIsAuthorized(3), userIdentity.Name is {0} ({1})", userIdentity.Name, userIdentity.User.Value), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif */ // The denied list contains entries. Check the user against that list first. if ((deniedSidsList != null) && AccountListContainsIdentity(deniedSidsList, userIdentity)) { return(false); } // The user hasn't been denied yet, so now we check for authorization. // Check the authorization list. if (allowedSidsList == null) { // The allowed list is null, meaning everyone is allowed administrator rights. return(true); } else if (allowedSidsList.Length == 0) { // The allowed list is empty, meaning no one is allowed administrator rights. return(false); } else { // The allowed list has entries. if (AccountListContainsIdentity(allowedSidsList, userIdentity)) { return(true); } // The user was not found in the allowed list, so the user is not authorized. return(false); } }
/// <summary> /// Handles the startup of the service. /// </summary> /// <param name="args"> /// Data passed the start command. /// </param> /// <remarks> /// This function executes when a Start command is sent to the service by the /// Service Control Manager (SCM) or when the operating system starts /// (for a service that starts automatically). /// </remarks> protected override void OnStart(string[] args) { try { base.OnStart(args); } catch (Exception) { }; // Create the Windows Event Log source for this application. ApplicationLog.CreateSource(); // Open the service host which is accessible via named pipes. this.OpenNamedPipeServiceHost(); // If remote requests are allowed, open the service host which // is accessible via TCP. if (Settings.AllowRemoteRequests) { try { this.OpenTcpServiceHost(); } catch (AddressAlreadyInUseException addressInUseException) { System.Text.StringBuilder logMessage = new System.Text.StringBuilder(addressInUseException.Message); logMessage.Append(System.Environment.NewLine); logMessage.Append(string.Format("Determine whether another application is using TCP port {0:N0}.", Settings.TCPServicePort)); ApplicationLog.WriteEvent(logMessage.ToString(), EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning); } catch (Exception) { ApplicationLog.WriteEvent("Unhandled exception while opening the remote request handler. Remote requests may not be honored.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning); } } if ((Settings.LogElevatedProcesses != ElevatedProcessLogging.Never) && (this.processWatchSession == null)) { StartTracing(); } // Start the timer that watches for expired administrator rights. this.removalTimer.Start(); }
/// <summary> /// Instantiate a new instance of the Make Me Admin Windows service. /// </summary> public MakeMeAdminService() { InitializeComponent(); /* * this.CanHandleSessionChangeEvent = true; */ this.EventLog.Source = "Make Me Admin"; this.AutoLog = false; this.removalTimer = new System.Timers.Timer() { Interval = 10000, // Raise the Elapsed event every ten seconds. AutoReset = true // Raise the Elapsed event repeatedly. }; this.removalTimer.Elapsed += RemovalTimerElapsed; #if DEBUG ApplicationLog.WriteEvent(string.Format("process logging setting: {0:N0}", (int)Settings.LogElevatedProcesses), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif }
private void StartTracing() { Task.Factory.StartNew( () => { if (this.processWatchSession == null) { processWatchSession = new TraceEventSession("Make Me Admin Process Watch") { StopOnDispose = true }; try { // Turn on the process events (includes starts and stops). processWatchSession.EnableKernelProvider(KernelTraceEventParser.Keywords.Process); // Enable the Microsoft-Windows-Kernel-Process provider. processWatchSession.EnableProvider(Guid.Parse("22fb2cd6-0e7b-422b-a0c7-2fad1fd0e716")); // Ask the DynamicTraceEventParser to raise an event for all events that it knows about. processWatchSession.Source.Dynamic.All += Dynamic_All; // Raise an event for every process start event that the kernel knows about. processWatchSession.Source.Kernel.ProcessStart += Kernel_ProcessStart; // Listen for events. processWatchSession.Source.Process(); } catch (Exception exxx) { ApplicationLog.WriteEvent(exxx.Message, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error); } } }, TaskCreationOptions.LongRunning); }
/// <summary> /// Validates that all of the users stored in the on-disk user list /// are in the local Adminstrators group if they're supposed to be, and vice-vera. /// </summary> public static void ValidateAllAddedUsers() { // Get a list of the users stored in the on-disk list. EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath); SecurityIdentifier[] addedUserList = encryptedSettings.AddedUserSIDs; // Get a list of the current members of the Administrators group. SecurityIdentifier[] localAdminSids = null; if ((addedUserList.Length > 0) && (LocalAdminGroup != null)) { localAdminSids = GetLocalGroupMembers(LocalAdminGroup.SamAccountName); } for (int i = 0; i < addedUserList.Length; i++) { bool sidFoundInAdminsGroup = false; if ((addedUserList[i] != null) && (localAdminSids != null)) { foreach (SecurityIdentifier sid in localAdminSids) { if (sid == addedUserList[i]) { sidFoundInAdminsGroup = true; break; } } AdminGroupManipulator adminGroup = new AdminGroupManipulator(); if (sidFoundInAdminsGroup) { // User's SID was found in the local administrators group. DateTime?expirationTime = encryptedSettings.GetExpirationTime(addedUserList[i]); if (expirationTime.HasValue) { // The user's rights expire at some point. if (expirationTime.Value > DateTime.Now) { // The user's administrator rights expire in the future. // Nothing to do here, since the user is already in the administrators group. } else { // The user's administrator rights have expired. LocalAdministratorGroup.RemoveUser(addedUserList[i], RemovalReason.Timeout); } } else { // The user's rights never expire. // Get a WindowsIdentity object for the user matching the added user SID. WindowsIdentity sessionIdentity = null; WindowsIdentity userIdentity = null; int[] loggedOnSessionIDs = LsaLogonSessions.LogonSessions.GetLoggedOnUserSessionIds(); foreach (int sessionId in loggedOnSessionIDs) { sessionIdentity = LsaLogonSessions.LogonSessions.GetWindowsIdentityForSessionId(sessionId); if ((sessionIdentity != null) && (sessionIdentity.User == addedUserList[i])) { userIdentity = sessionIdentity; break; } } if ( (Settings.AutomaticAddAllowed != null) && (Settings.AutomaticAddAllowed.Length > 0) && (adminGroup.UserIsAuthorized(Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied)) ) { // The user is an automatically-added user. // Nothing to do here. The user is an automatically-added one, and their rights don't expire. } else { // The user is not an automatically-added user. // Users who are not automatically added should not have non-expiring rights. Remove this user. LocalAdministratorGroup.RemoveUser(addedUserList[i], RemovalReason.Timeout); } } } else { // User's SID was not found in the local administrators group. DateTime?expirationTime = encryptedSettings.GetExpirationTime(addedUserList[i]); if (expirationTime.HasValue) { // The user's rights expire at some point. if (expirationTime.Value > DateTime.Now) { // The user's administrator rights expire in the future. string accountName = GetAccountNameFromSID(addedUserList[i]); if (Settings.OverrideRemovalByOutsideProcess) { ApplicationLog.WriteEvent(string.Format(Properties.Resources.UserRemovedByOutsideProcess + " " + Properties.Resources.AddingUserBackToAdministrators, addedUserList[i], string.IsNullOrEmpty(accountName) ? Properties.Resources.UnknownAccount : accountName), EventID.UserRemovedByExternalProcess, System.Diagnostics.EventLogEntryType.Information); AddUserToAdministrators(addedUserList[i]); } else { ApplicationLog.WriteEvent(string.Format(Properties.Resources.UserRemovedByOutsideProcess + " " + Properties.Resources.RemovingUserFromList, addedUserList[i], string.IsNullOrEmpty(accountName) ? Properties.Resources.UnknownAccount : accountName), EventID.UserRemovedByExternalProcess, System.Diagnostics.EventLogEntryType.Information); encryptedSettings.RemoveUser(addedUserList[i]); } } else { // The user's administrator rights have expired. // No need to remove from the administrators group, as we already know the SID // is not present in the group. encryptedSettings.RemoveUser(addedUserList[i]); } } else { // The user's rights never expire. // Get a WindowsIdentity object for the user matching the added user SID. WindowsIdentity sessionIdentity = null; WindowsIdentity userIdentity = null; int[] loggedOnSessionIDs = LsaLogonSessions.LogonSessions.GetLoggedOnUserSessionIds(); foreach (int sessionId in loggedOnSessionIDs) { sessionIdentity = LsaLogonSessions.LogonSessions.GetWindowsIdentityForSessionId(sessionId); if ((sessionIdentity != null) && (sessionIdentity.User == addedUserList[i])) { userIdentity = sessionIdentity; break; } } if ( (Settings.AutomaticAddAllowed != null) && (Settings.AutomaticAddAllowed.Length > 0) && (adminGroup.UserIsAuthorized(Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied)) ) { // The user is an automatically-added user. // The users rights do not expire, but they are an automatically-added user and are missing // from the Administrators group. Add the user back in. AddUserToAdministrators(addedUserList[i]); } else { // The user is not an automatically-added user. // The user is not in the Administrators group now, but they are // listed as having non-expiring rights, even though they are not // automatically added. This should never really happen, but // just in case, we'll remove them from the on-disk user list. encryptedSettings.RemoveUser(addedUserList[i]); } } } } } }
/// <summary> /// Executes when a change event is received from a Terminal Server session. /// </summary> /// <param name="changeDescription"> /// Identifies the type of session change and the session to which it applies. /// </param> protected override void OnSessionChange(SessionChangeDescription changeDescription) { switch (changeDescription.Reason) { // The user has logged off from a session, either locally or remotely. case SessionChangeReason.SessionLogoff: EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath); System.Collections.Generic.List <SecurityIdentifier> sidsToRemove = new System.Collections.Generic.List <SecurityIdentifier>(encryptedSettings.AddedUserSIDs); int[] sessionIds = LsaLogonSessions.LogonSessions.GetLoggedOnUserSessionIds(); // For any user that is still logged on, remove their SID from the list of // SIDs to be removed from Administrators. That is, let the users who are still // logged on stay in the Administrators group. foreach (int id in sessionIds) { SecurityIdentifier sid = LsaLogonSessions.LogonSessions.GetSidForSessionId(id); if (sid != null) { if (sidsToRemove.Contains(sid)) { sidsToRemove.Remove(sid); } } } // Process the list of SIDs to be removed from Administrators. for (int i = 0; i < sidsToRemove.Count; i++) { if ( // If the user is not remote. (!(encryptedSettings.ContainsSID(sidsToRemove[i]) && encryptedSettings.IsRemote(sidsToRemove[i]))) && // If admin rights are to be removed on logoff, or the user's rights do not expire. (Settings.RemoveAdminRightsOnLogout || !encryptedSettings.GetExpirationTime(sidsToRemove[i]).HasValue) ) { LocalAdministratorGroup.RemoveUser(sidsToRemove[i], RemovalReason.UserLogoff); } } /* * In theory, this code should remove the user associated with the logoff, but it doesn't work. * SecurityIdentifier sid = LsaLogonSessions.LogonSessions.GetSidForSessionId(changeDescription.SessionId); * if (!(UserList.ContainsSID(sid) && UserList.IsRemote(sid))) * { * LocalAdministratorGroup.RemoveUser(sid, RemovalReason.UserLogoff); * } */ break; // The user has logged on to a session, either locally or remotely. case SessionChangeReason.SessionLogon: WindowsIdentity userIdentity = LsaLogonSessions.LogonSessions.GetWindowsIdentityForSessionId(changeDescription.SessionId); if (userIdentity != null) { NetNamedPipeBinding binding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, Settings.NamedPipeServiceBaseAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); bool userIsAuthorizedForAutoAdd = channel.UserIsAuthorized(Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied); namedPipeFactory.Close(); // If the user is in the automatic add list, then add them to the Administrators group. if ( (Settings.AutomaticAddAllowed != null) && (Settings.AutomaticAddAllowed.Length > 0) && (userIsAuthorizedForAutoAdd /*UserIsAuthorized(userIdentity, Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied)*/) ) { LocalAdministratorGroup.AddUser(userIdentity, null, null); } } else { ApplicationLog.WriteEvent(Properties.Resources.UserIdentifyIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Warning); } break; /* * // The user has reconnected or logged on to a remote session. * case SessionChangeReason.RemoteConnect: * ApplicationLog.WriteInformationEvent(string.Format("Remote connect. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ /* * // The user has disconnected or logged off from a remote session. * case SessionChangeReason.RemoteDisconnect: * ApplicationLog.WriteInformationEvent(string.Format("Remote disconnect. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ /* * // The user has locked their session. * case SessionChangeReason.SessionLock: * ApplicationLog.WriteInformationEvent(string.Format("Session lock. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ /* * // The user has unlocked their session. * case SessionChangeReason.SessionUnlock: * ApplicationLog.WriteInformationEvent(string.Format("Session unlock. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ } base.OnSessionChange(changeDescription); }
/* * private bool TcpPortInUse * { * get * { * System.Net.NetworkInformation.IPGlobalProperties globalIPProps = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties(); * return globalIPProps.GetActiveTcpListeners().Where(n => n.Port == Settings.TCPServicePort).Count() > 0; * } * } */ /// <summary> /// Handles the faulted event for a WCF service host. /// </summary> /// <param name="sender"> /// The service host that has entered the faulted state. /// </param> /// <param name="e"> /// Data related to the event. /// </param> private void ServiceHostFaulted(object sender, EventArgs e) { ApplicationLog.WriteEvent(Properties.Resources.ServiceHostFaulted, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Warning); }
/// <summary> /// Creates the WCF Service Host which is accessible via TCP. /// </summary> private void OpenTcpServiceHost() { if ((null != this.tcpServiceHost) && (this.tcpServiceHost.State == CommunicationState.Opened)) { this.tcpServiceHost.Close(); } this.tcpServiceHost = new ServiceHost(typeof(AdminGroupManipulator), new Uri(Settings.TcpServiceBaseAddress)); this.tcpServiceHost.Faulted += ServiceHostFaulted; NetTcpBinding binding = new NetTcpBinding(SecurityMode.Transport) { PortSharingEnabled = true }; // If port sharing is enabled, then the Net.Tcp Port Sharing Service must be available as well. if (PortSharingServiceExists) { ServiceController controller = new ServiceController(portSharingServiceName); switch (controller.StartType) { case ServiceStartMode.Disabled: ApplicationLog.WriteEvent("The Net.Tcp Port Sharing Service is disabled. Remote access will not be available.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning); return; /* * case ServiceStartMode.Automatic: #if DEBUG * ApplicationLog.WriteEvent("Port sharing service is set to start automatically.", EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif * break; * case ServiceStartMode.Manual: #if DEBUG * ApplicationLog.WriteEvent("Port sharing service is set to start manually.", EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information); #endif * int waitCount = 0; * while ((controller.Status != ServiceControllerStatus.Running) && (waitCount < 10)) * { * switch (controller.Status) * { * case ServiceControllerStatus.Paused: * controller.Continue(); * controller.WaitForStatus(ServiceControllerStatus.Running, new TimeSpan(0, 0, 5)); * break; * case ServiceControllerStatus.Stopped: * try * { * controller.Start(); * controller.WaitForStatus(ServiceControllerStatus.Running, new TimeSpan(0, 0, 5)); * } * catch (Win32Exception win32Exception) * { * ApplicationLog.WriteEvent(win32Exception.Message, EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Error); * } * catch (InvalidOperationException invalidOpException) * { * ApplicationLog.WriteEvent(invalidOpException.Message, EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Error); * } * break; * } * System.Threading.Thread.Sleep(1000); * waitCount++; * } * * if (controller.Status != ServiceControllerStatus.Running) * { * ApplicationLog.WriteEvent(string.Format("Port {0} is already in use, but the Net.Tcp Port Sharing Service is not running. Remote access will not be available.", Settings.TCPServicePort), EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning); * } * * break; */ } controller.Close(); } else { ApplicationLog.WriteEvent(string.Format("Port {0} is already in use, but the Net.Tcp Port Sharing Service does not exist. Remote access will not be available.", Settings.TCPServicePort), EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning); return; } this.tcpServiceHost.AddServiceEndpoint(typeof(IAdminGroup), binding, Settings.TcpServiceBaseAddress); try { this.tcpServiceHost.Open(); } catch (ObjectDisposedException) { ApplicationLog.WriteEvent("The communication object is in a Closing or Closed state and cannot be modified.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning); } catch (InvalidOperationException) { ApplicationLog.WriteEvent("The communication object is not in a Opened or Opening state and cannot be modified.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning); } catch (CommunicationObjectFaultedException) { ApplicationLog.WriteEvent("The communication object is in a Faulted state and cannot be modified.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning); } catch (System.TimeoutException) { ApplicationLog.WriteEvent("The default interval of time that was allotted for the operation was exceeded before the operation was completed.", EventID.RemoteAccessFailure, System.Diagnostics.EventLogEntryType.Warning); } }