2

I'm trying to start WCF service, listening on net.tcp without the Administrator rights (for client security reasons).

I tried differents ports, 808, 5000, but nothing is working.

.NET error is : 

System.ServiceModel.CommunicationException: The service endpoint failed to listen on the URI 'net.tcp://localhost:5000/ServiceName.svc' because access was denied.  Verify that the current user is granted access in the appropriate allowAccounts section of SMSvcHost.exe.config. ---> System.ComponentModel.Win32Exception: Access is denied
       at System.ServiceModel.Activation.SharedMemory.Read(String name, String& content)
       at System.ServiceModel.Channels.SharedConnectionListener.SharedListenerProxy.ReadEndpoint(String sharedMemoryName, String& listenerEndpoint)

Inner exception : 

 "Access Denied"
       at System.ServiceModel.Activation.SharedMemory.Read(String name, String& content)
       at System.ServiceModel.Channels.SharedConnectionListener.SharedListenerProxy.ReadEndpoint(String sharedMemoryName, String& listenerEndpoint)

I tried to edit my SMSvcHost.exe.config. I took the one used by net "tcp port sharing" in windows 10 services and I used the correct SID and restart the service.

Now my config file is like : 

<configuration>
<runtime>
    <gcConcurrent enabled="false" />
</runtime>
<system.serviceModel>
    <!-- SMSvcHost ETW traces are redirected by default to an etwProviderId different from WCF's default. 
         To trace to the default provider, remove the etwProviderId attribute below. -->
    <diagnostics performanceCounters="Off" etwProviderId="{f18839f5-27ff-4e66-bd2d-639b768cf18b}"/>
</system.serviceModel>
<!-- Below are some sample config settings:  -->  
<system.serviceModel.activation>
    <net.tcp listenBacklog="100" maxPendingConnections="200" maxPendingAccepts="200" receiveTimeout="00:00:10" teredoEnabled="false">
        <allowAccounts>                
            <!-- LocalSystem account -->  
            <add securityIdentifier="S-1-5-18"/>  
            <!-- LocalService account -->  
            <add securityIdentifier="S-1-5-19"/>  
            <!-- Administrators account -->  
            <add securityIdentifier="S-1-5-20"/>  
            <!-- Network Service account -->  
            <add securityIdentifier="S-1-5-32-544" />  
            <!-- IIS_IUSRS account (Vista only) -->  
            <add securityIdentifier="S-1-5-32-568"/>  
            <add securityIdentifier="S-1-5-21-1123561945-1343024091-682003330-4833"/>
        </allowAccounts>
    </net.tcp>
    <diagnostics performanceCountersEnabled="true" />
</system.serviceModel.activation>

Thank you

Rémi Lardier
  • 317
  • 2
  • 14
  • Are you trying to use the default IIS type users or a local/Ad account – BugFinder Feb 21 '19 at 16:08
  • Yes, I'm trying to use a domain user, working with the account if he's local administrator of my computer – Rémi Lardier Feb 21 '19 at 16:11
  • As far as I know, Http protocol address is protected by netsh command, we need to authorized access. For the nettcp protocol address, the firewall generally takes over the security roles. So I think you should consider the firewall. – Abraham Qian Feb 22 '19 at 05:41
  • Nop, not working... It's curently working with net.pipe bindings but not net.Tcp and I need net.Tcp... – Rémi Lardier Feb 25 '19 at 13:48

0 Answers0