Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Running self-hosted OWIN Web API under non-admin account

Is it possible for a self-hosted OWIN Web API to run under a non-administrator account? I have already tried dozens of url reservations and nothing works. The service fails to start with "Access is denied". It works when the account is added to the administrator role but I don't want that. Code below is running on Win 7 framework 4.5.2.

//install-package microsoft.owin.hosting //install-package Microsoft.Owin.Host.HttpListener  StartOptions options = new StartOptions(); options.Urls.Add("http://localhost:5000/"); //options.Urls.Add(string.Format("http://{0}:5000", Environment.MachineName)); //options.Urls.Add("http://+:5000/"); //options.Urls.Add("http://*:5000/");  using (WebApp.Start<WebAPISelfHostMinimal.Startup>(options)) {     while (!Terminate)     {         await Task.Delay(10); //keep cpu from getting pegged     }      LogUtil.LogInfo("Terminating owin host."); } 

EDIT - this is running under a Windows account.

C:\>netsh http add urlacl http://+:5000/ user=mini2012\svcAPI  URL reservation successfully added  C:\>sc start apiservice [SC] StartService FAILED 5:  Access is denied.  C:\>netsh http add urlacl http://*:5000/ user=mini2012\svcAPI  URL reservation successfully added  C:\>sc start apiservice [SC] StartService FAILED 5:  Access is denied.  C:\>netsh http add urlacl http://localhost:5000/ user=mini2012\svcAPI  URL reservation successfully added  C:\>sc start apiservice [SC] StartService FAILED 5:  Access is denied. 
like image 263
Colin Superdog Avatar asked Jul 26 '14 23:07

Colin Superdog


People also ask

Which of the following is true Web API can be self host Web API can be host in IIS Web API can be host in any Web server that supports net framework All of the above?

Web API can be hosted under IIS, in the same way as a web application. You have learned to create a Web API in the previous section. As you have seen there, a Web API is created with ASP.NET MVC project by default.

Can we self host Web API?

You can self-host a web API in your own host process. New applications should use OWIN to self-host Web API. See Use OWIN to Self-Host ASP.NET Web API 2.

Which of the following is true Web API can be self host?

Both Web API and WCF can be self-hosted or can be hosted on the IIS Server.


2 Answers

It looks like the problem was with the URL reservation. I didn't need one. If there is a URL reservation, it will just prevent the owin host from starting with the access denied error. Also, the default port for owin host is 5000. If there is a "dead" process that is still running on that port, it will block your service from starting. To check you can run netstat -a -b at the command prompt.

like image 105
Colin Superdog Avatar answered Oct 03 '22 13:10

Colin Superdog


Your service is running (most likely) under the LocalSystem (SYSTEM) account. This account is not in the Everyone security principal.

In short, to solve this, either make the namespace reservation for Anonymous Logon or change your service to run under the Network Service account which happens to be in the Everyone principal.

Third option is, of course, to create a new local/domain user, create the reservation for it and have the service run under this account. But then you'd have to worry about setting proper security permissions for it, so I'd go with one of the first two options.

like image 26
Marcel N. Avatar answered Oct 03 '22 15:10

Marcel N.