Can I listen on a port (using HttpListener or other .NET code) on Vista without requiring administrator priveleges? [duplicate]

Question

This question already has an answer here:

• HttpListener Access Denied 10 answers

I'm using HttpListener to allow a user to set up a proxy on a user-defined port. When I start the HttpListener, I get an exception if the application isn't running under administrator privileges in Vista.

From what I've read, this is expected behavior - administrator privileges are required to start listening on a port. But I'm sure there are ways around this, as I run plenty of programs (like Skype) which listen on a port without requiring elevation to administrator.

Is there a way to do this with HttpListener? If not, can I make other API calls in .NET code to set up the port?

Answer 1

I've never used an HttpListener, but from your description it sounds more like you want to listen on a regular TCP port, instead of embedding your application into a server URL namespace (which is what HttpListener appears to do). You should be able to use regular socket functions (System.Net.Sockets.TcpListener) to open and listen on a TCP port without requiring administrator privileges. I'm almost certain Skype doesn't use an HttpListener.

Answer 2

While you can write your own HTTP server using normal TCP/IP (it's relatively simple), it is easier to use HttpListener, which takes advantage of the HTTP.SYS functionality added in Windows XP SP2.

However, HTTP.SYS adds the concept of URL ACLs. This is partly because HTTP.SYS allows you to bind to sub-namespaces on port 80. Using TCP/IP directly avoids this requirement, but means that you can't bind to a port that's already in use.

On Windows XP, you can use the HttpCfg.exe program to set up a URL ACL granting your user account the right to bind to a particular URL. It's in the Platform SDK samples.

On Windows Vista, HTTPCFG is still supported, but the functionality has been absorbed into NETSH:

netsh http show urlacl

...will show a list of existing URL ACLs. The ACLs are expressed in SDDL.

netsh http add urlacl url=http://+:80/MyUri user=DOMAIN\User listen=yes

...will configure the MyURI namespace so that DOMAIN\User can listen to requests.

Answer 3

If you need to handle requests only from you own computer (usually for test purposes), you can write localhost instead of * in prefix.

For example, instead of "http://*:9669/" you can write "http://localhost:9669/". This works fine with HttpListener and doesn't require administrative privileges (at least on Windows 7).

Answer 4

Well I had to deal with something similar. My Computer is in a restricted domain, so I don't have administrator privileges. After some research and reading I found this thread and the netsh hints made me use temporary acl bindings just for developing tests. On my computer these rule exists.

There's this entry:

Run 'netsh http show urlacl' (as shown above)

    [...]
        Reservierte URL            : http://+:80/Temporary_Listen_Addresses/
            Benutzer: \Jeder
                Abhören: Yes
                Delegieren: No
                SDDL: D:(A;;GX;;;WD)
    [...]

So I can use the HttpListener as non-admin (Jeder):

    [...]
    HttpListener l = new HttpListener();
    string prefix = "http://+:80/Temporary_Listen_Addresses/";
    l.Prefixes.Add(prefix);
    l.Start(); // does not throw any "Permission Denied/Access Denied/Zugriff verweigert"
    [...]

May this helps anybody finding this thread.

Answer 5

In XP, you had to use a command-line (httpcfg) to open up the port first, otherwise it wouldn't work for non-admins.

See here - the page explains the issue, and there is a zip at the bottom to make it usable.