Menu
Is it possible for a self-hosted OWIN Web API to run under a non-administrator account? I have already tried dozens of url reservations and nothing works. The service fails to start with "Access is denied". It works when the account is added to the administrator role but I don't want that. Code below is running on Win 7 framework 4.5.2.
//install-package microsoft.owin.hosting //install-package Microsoft.Owin.Host.HttpListener StartOptions options = new StartOptions(); options.Urls.Add("http://localhost:5000/"); //options.Urls.Add(string.Format("http://{0}:5000", Environment.MachineName)); //options.Urls.Add("http://+:5000/"); //options.Urls.Add("http://*:5000/"); using (WebApp.Start<WebAPISelfHostMinimal.Startup>(options)) { while (!Terminate) { await Task.Delay(10); //keep cpu from getting pegged } LogUtil.LogInfo("Terminating owin host."); } EDIT - this is running under a Windows account.
C:\>netsh http add urlacl http://+:5000/ user=mini2012\svcAPI URL reservation successfully added C:\>sc start apiservice [SC] StartService FAILED 5: Access is denied. C:\>netsh http add urlacl http://*:5000/ user=mini2012\svcAPI URL reservation successfully added C:\>sc start apiservice [SC] StartService FAILED 5: Access is denied. C:\>netsh http add urlacl http://localhost:5000/ user=mini2012\svcAPI URL reservation successfully added C:\>sc start apiservice [SC] StartService FAILED 5: Access is denied. 
263
Web API can be hosted under IIS, in the same way as a web application. You have learned to create a Web API in the previous section. As you have seen there, a Web API is created with ASP.NET MVC project by default.
You can self-host a web API in your own host process. New applications should use OWIN to self-host Web API. See Use OWIN to Self-Host ASP.NET Web API 2.
Both Web API and WCF can be self-hosted or can be hosted on the IIS Server.
It looks like the problem was with the URL reservation. I didn't need one. If there is a URL reservation, it will just prevent the owin host from starting with the access denied error. Also, the default port for owin host is 5000. If there is a "dead" process that is still running on that port, it will block your service from starting. To check you can run netstat -a -b at the command prompt.
105
Your service is running (most likely) under the LocalSystem (SYSTEM) account. This account is not in the Everyone security principal.
In short, to solve this, either make the namespace reservation for Anonymous Logon or change your service to run under the Network Service account which happens to be in the Everyone principal.
Third option is, of course, to create a new local/domain user, create the reservation for it and have the service run under this account. But then you'd have to worry about setting proper security permissions for it, so I'd go with one of the first two options.
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
