Aspnetcore.docs: Is it necessary to have a Service User Account to deploy an ASP.NET Core Application as a Windows Service?

Created on 4 Oct 2019 · 2Comments · Source: dotnet/AspNetCore.Docs

I have been developing custom API services and hosting them on a windows server as windows services; of course, it's reached a point where the work has become tedious and redundant not to mention very buggy and insecure. So now am exploring ways of leveraging the advantages of ASP.NET Core while still deploying them as windows services. What I can't understand is the purpose of setting up Service User Accounts is it necessary? What is the importance of this? Can I skip the User Account step and just deploy them manually without the need for a User Account?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: b0bd8cb8-7e28-8c4d-a550-3aea8f3ab4dd
Version Independent ID: 4b60d24e-ef05-15e5-10b4-483094081bf3
Content: Host ASP.NET Core in a Windows Service
Content Source: aspnetcore/host-and-deploy/windows-service.md
Product: aspnet-core
Technology: aspnetcore-hostdeploy
GitHub Login: @guardrex
Microsoft Alias: riande

P4 Source - Docs.ms product-question

Source

j0nimost

Most helpful comment

@guardrex This makes sense, thank you for this eye-opener

j0nimost on 4 Oct 2019

👍2

All 2 comments

Hello @j0nimost ... All services run as some user. The guidance recommends creating a service user account in order to control (limit) the service's access to resources on the system. You grant access to the service user account for only those resources required for the service to perform its functions. If the service were to be compromised by an attacker (or even if the service were badly coded), the damage to the whole system is limited to the restricted scope of the account that the service runs under.

Although you can run a service under the LocalSystem account, it isn't recommended because it gives the service extensive privileges on the system and thus is much more risky.