Reputation: 7775
HttpAddUrl permissions
I'm trying to run a custom WinHTTP based web-server on Windows Server 2008 machine.
I pass "http://*:22222/" to HttpAddUrl
When I start my executable as Administrator or LocalSystem everything works fine. However if I try to run it as NetworkService to minimize security risks (since there are no legitimate reasons for the app to use admin rights) function fails with "Access Denied" error code.
I wasn't aware of NetworkService having any restrictions on which ports and interfaces it can listen on.
Is there a way to configure permissions in such a way so that I actually can run the app under NetworkService account and connect to it from other internet hosts?
Upvotes: 5
Views: 1848
Answers (1)
Reputation: 3290
You must be an administrator to add URLs to the http.sys URL mappings. Network Service does is not a member of the admin group, but the admnistrator's group and the System account are members.
IIS gets around this by having one process, inetinfo.exe, that runs as SYSTEM and sets up the URL mappings for worker processes (w3wp.exe) that run as Network Service.
Hope that clarifies tings.
Upvotes: 7
Related Questions
- HttpListener Access Denied
- WinInet Access Violation in HttpOpenRequest()
- winhttp WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR
- HttpAddUrl on localhost fails for non-admin users
- Send WinHTTP request using current user credentials
- NTLM authentication for a web server side application
- C++ Gain Sufficient Privilege to Bind to Port 80
- Access violation in winhttp.dll
- Permission in website
- .Net and Security