{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 【Aperson】 的问题《HttpAddUrl on localhost fails for non-admin users》','https://www.manongdao.com/q-1369387.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Using the Windows HTTP API I'm running a HTTP file server on localhost.
This involves calling HttpAddUrl(hRequestQueue, L"http://localhost:80/", NULL).
This fails with ERROR_ACCESS_DENIED unless the user runs the application as administrator. I need this functionality for users who don't have admin privileges. (What's wrong with a user running a localhost server anyway? It's just for the user themselves.)
I found a hotfix for Vista and XP which seems aimed at solving this, but there's nothing for Windows 7. The article implies it was fixed in Vista SP1, and I have Windows 7 SP1 and it's still a problem - did the fix not make it to Windows 7?
Is there anything else I can do to get the server to run for non-admins?
Ports
1-1024, by default, require administrative access. Otherwise you get error code 5 (ACCESS_DENIED). If you attempt to bind to a port above 1024, e.g.:it will work for non-admin users. In your case you tried to listen on port
80, which HttpServer API limits to administrators.Everything in Windows is controlled by Access Control Lists (ACLs); this includes the listen ports allowed when using HttpServer. You can display the current ACLs used by http by running:
If you do that, you'll see a lot of ACLs already defined by various systems.
Windows Communication Foundation
One ACL entry is particularly interesting:
Everyone is granted the right to listen on port
80, as long as you live off of:This url is used by Windows Communication Foundation (WCF), which normally constructs a URL of the form:
It also means, if you really want port 80, you can listen with your own, for example:
As long as nobody is already using port 80 (i'm looking at your Skype!), you'll get it.
WinSock listening sockets do not require admin
While the HttpServer API has ACLs controlling access to ports below
1024, it should be noted that the WinSock API has no restriction.If you want to use WinSock to open a listening socket on port
80, you do not need to be an administrator. It is only theHttpapi that has the ACL.Answering my own question, but found a workaround: the IANA port numbers state ports 49152-65535 are for dynamic/private purposes.
HttpAddUrlfor localhost on a port >= 49152 works fine for non-admins.This must be configured on system level because HTTP API uses http.sys (kernel driver). You can use netsh.exe command executed with Administrator privileges to grant access to the user or application: