none
Expose service on TCP without Adminstrator right RRS feed

  • Question

  • Hello,

    I'm trying to expose a WCF Service over net.TCP on Windows 10.

    It's working with my C# code launched by a Local Administrator user.

    It's not working if I remove the Local Administrators group to the user..

    It's possible to do that without the Administrator on Windows 10 ? 

    Thank you
    Monday, March 4, 2019 9:54 AM

All replies

  • It all depends on what the WCF service is doing. It may be accessing a resource on the computer that requires admin rights.
    Tuesday, March 5, 2019 7:11 AM
  • Hi Lardier, 
    As far as I know, nettcp is not protected by admin privilege. It means that we could host the nettcp Binding WCF service with general user. 
    On the contrary, the nettcp address is protected by the firewall. You could try to host the nettcp binding in Console application with general user. if your service is not working, try to close the firewall(private network,public network). Here is my example, wish it is useful to you.
    Server(IP:10.157.18.9, User:VABQIA928VM\Test)

    class Program
        {
            static void Main(string[] args)
            {
                Uri uri = new Uri("net.tcp://localhost:8837");
                NetTcpBinding binding = new NetTcpBinding();
                using (ServiceHost sh=new ServiceHost(typeof(MyServive),uri))
                {
                    sh.AddServiceEndpoint(typeof(IService), binding, "");
                    ServiceMetadataBehavior smb;
                    smb = sh.Description.Behaviors.Find<ServiceMetadataBehavior>();
                    if (smb==null)
                    {
                        smb = new ServiceMetadataBehavior();
                        sh.Description.Behaviors.Add(smb);
                    }
                    Binding mexbinding = MetadataExchangeBindings.CreateMexTcpBinding();
                    sh.AddServiceEndpoint(typeof(IMetadataExchange), mexbinding, "mex");
    
    
                    sh.Opened += delegate
                    {
                        Console.WriteLine("service is ready now");
                    };
                    sh.Closed += delegate
                    {
                        Console.WriteLine("Service is closed now");
                    };
                    sh.Open();
    
                    Console.ReadLine();
                    sh.Close();
                }
            }
        }
        [ServiceContract]
        interface IService
        {
            [OperationContract]
            string SayHello();
        }
        class MyServive : IService
        {
            public string SayHello()
            {
                return $"Hello, busy world {DateTime.Now.ToShortDateString()}";
            }
    }
    

    Client.

    var result = new ServiceReference1.ServiceClient();
                result.ClientCredentials.Windows.ClientCredential.UserName = "test";
                result.ClientCredentials.Windows.ClientCredential.Password = "123456";
    
                Console.WriteLine(result.SayHello());
                Console.ReadLine();
    

        

    App.config

    <system.serviceModel>
            <bindings>
                <netTcpBinding>
                    <binding name="NetTcpBinding_IService" />
                </netTcpBinding>
            </bindings>
            <client>
                <endpoint address="net.tcp://10.157.18.9:8837/" binding="netTcpBinding"
                    bindingConfiguration="NetTcpBinding_IService" contract="ServiceReference1.IService"
                    name="NetTcpBinding_IService">
                    <identity>
                        <userPrincipalName value="VABQIA928VM\Test" />
                    </identity>
                </endpoint>
            </client>
    </system.serviceModel>

    Result.

    Besides, http/http service address is protected by access control, and we use the following command to enable the port for the general user.
    https://docs.microsoft.com/en-us/windows/desktop/Http/add-urlacl
    Feel free to contact me if there is anything I can help with.
    Best Regards
    Abraham

    Tuesday, March 5, 2019 7:22 AM
    Moderator
  • @ Qlan

    I thought it was bad etiquette that you yourself mark your own post as a 'proposed answer'. 

    Wednesday, March 6, 2019 5:21 AM