HTTP/S WCF : Commonly faced access issues and solutions

When running WCF services on Windows 7+ (actually, includes Vista too) operating systems when you write a simple code at the service side to open the service host, most users experience this issue

HTTP could not register URL http://+:8010/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details).

When you visit the link in the above error, you do not necessarily get the required information to solve this issue quickly.  So let’s see the solution to this commonly faced problem.   HTTP/S services are usually hosted on IIS or self-hosted in an application.   When registering this service on an operating system that has enhanced security (Win7+, Win 2008/2012) you need to perform some administration work such as mentioned below.   Some of you may get several other issues like endpoint not found, or SSL certificate issues. 

This article explains what is required to fix these issues

 

Namespace registration

Namespace registration grants access rights to a specific URL to a specified group/user on a domain or computer.   This one time activity ensures that only authorized users can open up endpoints on a computer/server – this is definitely more secure.

How to authorize your service/user account:

Local user account:

netsh http add urlacl url=http://+:8010/ user=ComputerName\Username

Domain user account:

netsh http add urlacl url=http://+:8010/ user=DomainName\Username

Built-in Network Service account

netsh http add urlacl url=http://+:8010/ user="NT AUTHORITY\NETWORK SERVICE"

Most likely this should directly solve your problem “HTTP could not register URL”  but I would advise going through the other steps on a production machine (actually, any restricted environment) to ensure that there are no hiccups.

 

Firewall Exception

Most organizations have Firewall Restrictions on HTTP communication on Production machines.  In that case, you would have to ensure that the port on which you are doing communication is added to the Firewall Exception list

 

SSL Certificate Store

 

HTTPS services rely on certificate exchange between server and client (in case of mutual authentication) to authenticate the the request and also to encrypt the request data.  These certificates are stored in a certificate store and it is important to configure the certificate access to a port

You can use following command to bind SSL certificate to a port (8010)

httpcfg set ssl -i 0.0.0.0:8010 –h thumprint-of-certificate-in-certificate-store

The thumbprint of a certificate can be retrieved by viewing the certificate properties in Certificate Management Console (mmc)

 

Changing these settings should help you resolve all service access issues

Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *


*

Current ye@r *