WCF wsdualhttpbinding client without elevation
Question
I've created a Windows Service (server) and a WPF (client) that uses WCFs wsdualhttpbinding callback functionality. Everything between the two pieces of software works correctly but the problem I'm having is that the client needs to run elevated to administrator privileges to work (which is understandable because it has to open ports in order to communicate with the server)
Is there any way to configure the client to work without elevation? Or perhaps create a one-time permanent connection so that the client doesn't need to be elevated at all times?
I'm running out of ideas and google search terms..
UPDATE
I've found a solution. Please correct me if there is another best practice I could follow!
I've added an 'Enable' and 'Disable' buttons to the client application that runs netsh to open (or close) and reserve a port.
Enable
Process process = new Process();
process.StartInfo = new ProcessStartInfo("netsh", @"http add urlacl url=http://+:" + PortNumber + @"/ user=DOMAIN\username");
process.StartInfo.Verb = "runas";
process.Start();
process.WaitForExit();
Disable
Process process = new Process();
process.StartInfo = new ProcessStartInfo("netsh", "http delete urlacl url=http://+:" + PortNumber + "/");
process.StartInfo.Verb = "runas";
process.Start();
process.WaitForExit();
2 answers
solution1
1 ACCPTED 2014-02-15 04:12:20
I've found a solution. Please correct me if there is another best practice I could follow!
I've added an 'Enable' and 'Disable' buttons to the client application that runs netsh to open (or close) and reserve a port.
Enable
Process process = new Process();
process.StartInfo = new ProcessStartInfo("netsh", @"http add urlacl url=http://+:" + PortNumber + @"/ user=DOMAIN\username");
process.StartInfo.Verb = "runas";
process.Start();
process.WaitForExit();
Disable
Process process = new Process();
process.StartInfo = new ProcessStartInfo("netsh", "http delete urlacl url=http://+:" + PortNumber + "/");
process.StartInfo.Verb = "runas";
process.Start();
process.WaitForExit();
solution2
0 2014-02-14 16:40:23
Unfortunately you can only open a port on Windows when running with administrative privileges.
http://msdn.microsoft.com/en-us/library/ms740548%28v=VS.85%29.aspx
To use a socket of type SOCK_RAW requires administrative privileges. Users running Winsock applications that use raw sockets must be a member of the Administrators group on the local computer, otherwise raw socket calls will fail with an error code of WSAEACCES. On Windows Vista and later, access for raw sockets is enforced at socket creation. In earlier versions of Windows, access for raw sockets is enforced during other socket operations.
Raw sockets offer the capability to manipulate the underlying transport, so they can be used for malicious purposes that pose a security threat. Therefore, only members of the Administrators group can create sockets of type SOCK_RAW on Windows 2000 and later.
edit: If you have access to the machine as admin, you can use netsh http://technet.microsoft.com/en-us/library/cc725935(v=ws.10).aspx to permit certain user opening a port.
netsh http add urlacl url= http://+:80/Uri user=DOMAIN\\User listen=yes
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.