问题
I encountered the exception AddressAccessDeniedException because my processus does not have the right to register the URL. I first ran my program as an administrator : ok, it worked.
But I now want to distribute my application, and I would like every user to be able to run it without having to be administrator.
Is there a way to automatically grant the access to the user?
I saw the command :
netsh http add urlacl url=http://+:8000/ user=DOMAIN\UserName
Should I use that? If yes, how?
What I would like to do would be to grant the access withouth being an administrator... said like that, it seems stupid, but may be...
回答1:
That is not possible. Windows uses kernel driver to process HTTP requests and opening listeners on this driver is secured by ACLs (access control list). If you want to open listener so that your application can listen on requests from other machines you must either run it as administrator to pass ACL or you must have permissions (= you must be in ACL). You can also turn off UAC (user access control) to bypass these checks.
netsh is a tool allowing you to set up ACL for HTTP.sys (kernel driver). You can give permissions to any user to listen on selected port but obviously you must be admin to give these permissions or you must have permissions to delegate rights for already configured permissions otherwise the whole point of this security will be gone.
Add that netsh call to your installation package and require the installation to be done as admin (that is quite common for many applications). Also be aware that netsh works only on Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2. For Windows 2003 and Windows XP (at least SP2 is required) you need another tool called httpcfg which is not part of OS installation (it must be installed separately).
来源:https://stackoverflow.com/questions/7672196/addressaccessdeniedexception-resolve-it-without-netsh