24

I have written a C# application that uses HttpListener to listen for HTTP requests -obviously! The namespace prefix I use is also registered using netsh for the current user (as suggested by everyone on SO).

The problem is despite using netsh my application still throws an "access is denied" exception for non-admin users. The OS is Windows 7.

Update: It appears as though my application is not executing the netsh command when I run it with a non-admin user. Is there any problems with my code? There are no exceptions thrown.

    AddAddress("http://localhost:8400/", Environment.UserDomainName, Environment.UserName);

    HttpListener _listener = new HttpListener();
    _listener.Prefixes.Add("http://localhost:8400/");
    _listener.Start();

    ...

    /** method stolen from an SO thread. sorry can't remember the author **/
    static void AddAddress(string address, string domain, string user)
    {
        string args = string.Format(@"http add urlacl url={0}", address) + " user=\"" + domain + "\\" + user + "\"";

        ProcessStartInfo psi = new ProcessStartInfo("netsh", args);
        psi.Verb = "runas";
        psi.CreateNoWindow = true;
        psi.WindowStyle = ProcessWindowStyle.Hidden;
        psi.UseShellExecute = true;

        Process.Start(psi).WaitForExit();
    }
CodeFox
  • 3,321
  • 1
  • 29
  • 41
Mossi
  • 997
  • 5
  • 15
  • 28
  • This is *likely* due to Windows 7 disallowing a usermode application from creating a listener on port 80 (which is default for HTTP). See this answer: http://stackoverflow.com/a/4115328/507793 – Matthew Feb 19 '13 at 17:02
  • Thanks. I am not using port 80. I also just posted my code. – Mossi Feb 19 '13 at 17:07
  • 1
    I suspect that your `netsh` is failing to add the mapping that you want. Or perhaps it's because you're using `locolhast` rather than `localhost`. Or is that just a typo in your question? – Jim Mischel Feb 19 '13 at 17:37
  • SO editor wouldn't let me type localhost, so I had to change it! Also when I run the same netsh command in the command prompt I get a message saying that the namespace is already registered. So I assume netsh was successful. – Mossi Feb 19 '13 at 17:51
  • 1
    Enter `netsh http show urlacl` at the command prompt, and find the entry you made. Be sure that Listen is Yes. As I recall, you have to add "listen=true" after the user name. – Jim Mischel Feb 19 '13 at 17:59
  • I don't understand this. When I run your command I don't see my non-admin user listed anywhere. But running the "netsh http add" command shows: Cannot create a file when that file already exists. Here's what I run in the command prompt: netsh http add urlacl url=http://localhost:8400/ user="mycomp-01\standard user" – Mossi Feb 19 '13 at 18:07
  • So apparently you can only reserve a namespace for 1 user at a time. But this is a problem because I need to add more than 1 user. Is there a way?! – Mossi Feb 20 '13 at 01:20

1 Answers1

46

The line that I use when I'm doing an HttpListener is:

netsh http add urlacl url=http://+:8008/ user=Everyone listen=yes

The user can be an individual user or a user group. So if you want only Administrators to have access, for example:

netsh http add urlacl url=http://+:8008/ user=Administrators listen=yes

You can get help on the command:

netsh http add urlacl help

Note that the url= is optional. Also, older versions of the command require true or false for the listen parameter. Current versions use yes or no.

Jim Mischel
  • 131,090
  • 20
  • 188
  • 351
  • 1
    Well, user groups are not available on all Windows platforms according to here: http://windows.microsoft.com/en-CA/windows-vista/User-groups-in-Windows. BUT, looks like user=Everyone did it!!! But where was this documented?!!!! I wasted 2 days on this! Is there a similar thing for httpcfg (for Win XP)? Thanks! – Mossi Feb 20 '13 at 05:26
  • @user1936026: I'm not familiar with httpcfg, but if I had to work with it, I'd probably start with the examples at http://technet.microsoft.com/en-us/library/cc786389(v=ws.10).aspx – Jim Mischel Feb 20 '13 at 12:19
  • 11
    According to the help, listen takes a yes|no value not true|false. It wouldn't work for me with the listen=true. – tafoo85 Nov 05 '13 at 15:44
  • 3
    @tafoo85: Older versions of Windows used true/false. Newer versions use yes/no. Or perhaps it was the other way around. Glad you found the fix. – Jim Mischel Nov 05 '13 at 16:56
  • @JimMischel: I'm trying this in a command prompt on a normal, non-admin Windows account. I keep getting error type 5, and it's telling me to run as admin. Do you know if it's possible for a non-admin user to successfully execute this command? – Charlie Salts Apr 04 '16 at 17:34
  • 2
    @CharlieSalts: To my knowledge, it is not possible for a non-admin to execute this command successfully. – Jim Mischel Apr 04 '16 at 18:10
  • @JimMischel: Thanks. I guess I'll have to roll my own. – Charlie Salts Apr 04 '16 at 18:22
  • @CharlieSalts: The command must run under an admin-account to grant access to the listener for non-admins. Once the access is granted, no admin needs to be involved anymore. – Davatar Feb 13 '17 at 04:49
  • @Davatar: Thanks. Asking our customers to run the program under an admin account, even once, was not possible. I ended up writing my own small http server, and it works for what we need. – Charlie Salts Feb 15 '17 at 17:41
  • I realize this is an old post - but someone else might benefit. It sounds like your clients need to run a local application. Does installing the application not involve an Admin? you might have an opportunity to incorporate the netsh command into the installation process, and getting what you want. – increddibelly Mar 31 '17 at 08:28