Enabling HttpListeners for Non-Admins
I’ve just started working through the Cardspace samples to learn some more about online identity layers (download them here [http://netfx3.com/files/folders/cardspace_samples/default.aspx] if you’re interested). The first example demonstrates a web service running on http://localhost:4123 requesting a certificate from a client. However, as a non-admin, I get the following error from Visual Studio when running the sample.
AddressAccessDeniedException was unhandled HTTP could not register URL http://+:4123/HelloService/. Your process does not have access rights to this namespace
Coincidentally, the error is totally analogous to a similar problem I’ve had while trying out the CR_Documentor plug-in [http://code.google.com/p/cr-documentor] that Travis Illig [http://paraesthesia.com/] has created and it’s Travis and co that figured out both problems in hindsight. To paraphrase [http://code.google.com/p/cr-documentor/issues/detail?id=10],
By default, only local admins have permission to listen to http prefixes. Other accounts require explicit grant using either httpcfg.exe for WinXp/2003 users or netsh for Vista/2008 users. This isn’t a .net permission, it goes right to the windows urlacl level.
Just as this cardspace demo relies on port 4123 being accessible, so too does CR_Documentor rely on port 11235. The full commands to call either can be found here, explaining the various options.
- http://blogs.msdn.com/drnick/archive/2006/10/16/configuring-http-for-windows-vista.aspx * http://msdn.microsoft.com/en-us/library/ms733768.aspx
Thus, to solve my cardspace problem, I needed to open a command prompt as an admin and run the following command to match the URL given in the error dialog.
netsh http add urlacl url=http://+:4123/ user=cweb
And hey presto, I can continue debugging my web services as a standard user.
Thanks again to Travis and the CR_Documentor guys for figuring this one out and explaining it here [http://code.google.com/p/cr-documentor/issues/detail?id=10]. I’m just passing on the info.Posted on July 28, 2008 #Geek Stuff