Windows URL ACL



  • I'm trying to run an (self-written) application which uses an HttpListener. Everything apart from a listener on 127.0.0.1 requires elevated privileges to launch.

    I want my application to start without elevated privileges and tried to add a URL ACL:

    netsh http add urlacl url=http://+:12345/ user=SOMEDOMAIN\SOMEUSER listen=yes
    

    ("+" is a wildcard in the netsh syntax.)

    Windows happily accepts that command, but it does not seem to have any effect. What I tried:

    • Different users: the one who invokes the process, NT Authority\Network Service, even Everyone.
    • Computer restart does not help.
    • Added listen=yes

    My HttpListener is configured as http://*:12345/ ("*" is a wildcard for all IPs on that machine)

    Any ideas?



  • Network modification rights can be granted aside from admin rights. Can you add network management group to that user? Name escapes means I am sitting at the table drinking coffee atm.



  • @JaredBusch said in Windows URL ACL:

    Network modification rights can be granted aside from admin rights. Can you add network management group to that user? Name escapes means I am sitting at the table drinking coffee atm.

    Will try, but would rather like to solve that problem. Also happens when you use WCF (Windows Communication Foundation, I think they both interact with http.sys, but I'm not 100% sure about this), so this isn't a once-in-a-decade problem.



  • What OS?



  • @Dashrender said in Windows URL ACL:

    What OS?

    Anything > Vista I guess

    Currently testing on Win7 and Win10