About Links Archives Search Feed Albums of Note


Enabling HttpListeners for Non-Admins

I’ve just started working through the Cardspace samples to learn some more about online identity layers (download them here [http://netfx3.com/files/folders/cardspace_samples/default.aspx] if you’re interested). The first example demonstrates a web service running on http://localhost:4123 requesting a certificate from a client. However, as a non-admin, I get the following error from Visual Studio when running the sample.

AddressAccessDeniedException was unhandled HTTP could not register URL http://+:4123/HelloService/. Your process does not have access rights to this namespace

Coincidentally, the error is totally analogous to a similar problem I’ve had while trying out the CR_Documentor plug-in [http://code.google.com/p/cr-documentor] that Travis Illig [http://paraesthesia.com/] has created and it’s Travis and co that figured out both problems in hindsight. To paraphrase [http://code.google.com/p/cr-documentor/issues/detail?id=10],

By default, only local admins have permission to listen to http prefixes. Other accounts require explicit grant using either httpcfg.exe for WinXp/2003 users or netsh for Vista/2008 users. This isn’t a .net permission, it goes right to the windows urlacl level.

Just as this cardspace demo relies on port 4123 being accessible, so too does CR_Documentor rely on port 11235. The full commands to call either can be found here, explaining the various options.

Thus, to solve my cardspace problem, I needed to open a command prompt as an admin and run the following command to match the URL given in the error dialog.

netsh http add urlacl url=http://+:4123/ user=cweb

And hey presto, I can continue debugging my web services as a standard user.

Thanks again to Travis and the CR_Documentor guys for figuring this one out and explaining it here [http://code.google.com/p/cr-documentor/issues/detail?id=10]. I’m just passing on the info.

Posted on July 28, 2008   #Geek Stuff  






← Next post    ·    Previous post →