[英]Running self-hosted OWIN Web API under non-admin account
Is it possible for a self-hosted OWIN Web API to run under a non-administrator account? 自托管OWIN Web API是否可以在非管理员帐户下运行? I have already tried dozens of url reservations and nothing works.
我已经尝试了几十个网址预订,没有任何作用。 The service fails to start with "Access is denied".
该服务无法以“访问被拒绝”开头。 It works when the account is added to the administrator role but I don't want that.
当帐户添加到管理员角色但我不想要它时,它可以工作。 Code below is running on Win 7 framework 4.5.2.
下面的代码在Win 7 framework 4.5.2上运行。
//install-package microsoft.owin.hosting
//install-package Microsoft.Owin.Host.HttpListener
StartOptions options = new StartOptions();
options.Urls.Add("http://localhost:5000/");
//options.Urls.Add(string.Format("http://{0}:5000", Environment.MachineName));
//options.Urls.Add("http://+:5000/");
//options.Urls.Add("http://*:5000/");
using (WebApp.Start<WebAPISelfHostMinimal.Startup>(options))
{
while (!Terminate)
{
await Task.Delay(10); //keep cpu from getting pegged
}
LogUtil.LogInfo("Terminating owin host.");
}
EDIT - this is running under a Windows account. 编辑 - 这是在Windows帐户下运行。
C:\>netsh http add urlacl http://+:5000/ user=mini2012\svcAPI
URL reservation successfully added
C:\>sc start apiservice
[SC] StartService FAILED 5:
Access is denied.
C:\>netsh http add urlacl http://*:5000/ user=mini2012\svcAPI
URL reservation successfully added
C:\>sc start apiservice
[SC] StartService FAILED 5:
Access is denied.
C:\>netsh http add urlacl http://localhost:5000/ user=mini2012\svcAPI
URL reservation successfully added
C:\>sc start apiservice
[SC] StartService FAILED 5:
Access is denied.
It looks like the problem was with the URL reservation. 看起来问题出在URL保留上。 I didn't need one.
我不需要一个。 If there is a URL reservation, it will just prevent the owin host from starting with the access denied error.
如果存在URL保留,则只会阻止owin主机以拒绝访问错误启动。 Also, the default port for owin host is 5000. If there is a "dead" process that is still running on that port, it will block your service from starting.
此外,owin主机的默认端口是5000.如果仍有一个“死”进程仍在该端口上运行,它将阻止您的服务启动。 To check you can run
netstat -a -b
at the command prompt. 要检查您是否可以在命令提示符下运行
netstat -a -b
。
Your service is running (most likely) under the LocalSystem (SYSTEM) account. 您的服务正在(很可能)在LocalSystem(SYSTEM)帐户下运行。 This account is not in the Everyone security principal.
此帐户不在Everyone安全主体中。
In short, to solve this, either make the namespace reservation for Anonymous Logon or change your service to run under the Network Service account which happens to be in the Everyone principal. 简而言之,要解决此问题,请为匿名登录进行命名空间预留,或者将您的服务更改为在恰好位于Everyone主体中的网络服务帐户下运行。
Third option is, of course, to create a new local/domain user, create the reservation for it and have the service run under this account. 当然,第三个选项是创建新的本地/域用户,为其创建预留并在此帐户下运行服务。 But then you'd have to worry about setting proper security permissions for it, so I'd go with one of the first two options.
但是你必须担心为它设置适当的安全权限,所以我会选择前两个选项之一。
For someone who is looking for a solution and didn't read the text. 对于正在寻找解决方案并且没有阅读文本的人。
The solution is to run visual studio as administrator. 解决方案是以管理员身份运行visual studio。
Run this command line under admin 在admin下运行此命令行
netsh http add urlacl url=http://*:8080/ user=MyUser
netsh http add urlacl url = http:// *:8080 / user = MyUser
端口值为5000或更高的端口值不需要管理员权限
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.