Search This Blog

Monday, June 25, 2012

Getting started with WCF - A Security Issue

Most of the free documentation I've been reading on WCF starts with a first "Hello World" application you try and create with WCF wherein you set up a contract, service, and host and then develop a client to call that host which returns a simple text string (e.g., "Hello WCF").

Most of this free documentation came out when WCF was first introduced, before the introduction of the Vista OS and Windows 7, and implicitly assumes that you're coding under credentials with admin rights on your machine.

The first roadblock I ran into, then, was a security access violation with an error message that read like:

"HTTP could not register URL http://+:800/.  Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkID=70353 for details).

Having run into this sort of issue before my immediate response was to try running the binaries under my machine's sysadmin account, but it still didn't work.

It turns out that listening on an HTTP port is considered a restricted operation in MS post-XP OS's, so if you want to do this using your standard dev account you'll need to explicitly elevate its rights to include listening on specific HTTP ports.  The NETSH command to do this for me was:

netsh http add urlacl url=http://+:8000/user=graperpc\dgraper

You can then check the current status of listening rights by entering:

netsh http show urlacl

3 comments:

David Graper said...

An important note -- do NOT try using the "netsh" command under the Visual Studio Command prompt. For some reason it will not work.

Run it under a standard command prompt using administrator credentials.

David Graper said...

The spacing is a mess here with the italics ... it's

netshhttpaddurlaclurl=http://+:8000/user=domain\dgraper

David Graper said...

The spacing is a mess here with the italics ... it's

netsh[space]http[space]add[space]urlacl[space]url=http://+:8000/[space]user=domain\dgraper