Bruce Parker said:
Does this mean if I put the code in the constructor to change the logon
credentials it is too late?
Yes, the process has already been started with the credentials entered in
the Service Management Tool. You could stop your service starting if the
credentials do not match. Another possible solution would be to impersonate
the required user.
Finally, you could change the service credentials, and then kick off a
process that will restart the service. Needless to say this process would
require pretty high privileges.
In addition, this is not a security hole. A network administrator
provides
this information via another secured application which is required by our
software. The service obtains this information from the secured
application.
Without going into details, it becomes a security risk if the logon
credentials does not match the one the network administrator provides in
the
other application.
Any time you're passing logon information around it presents another attack
surface for your app. Obviously if your solution requires this there's not a
helluva lot you can do about it though. If it was acceptable to have your
service fail to start up if it didn't have the required credentials, then
you could connect to the secured admin app, and check what credentials you
required, compare them with the credentials you have, and exit if you don't
have enough. The security hole comes in when the secured admin app stores
and transmits the logon details (namely the password) to your application.
