Asp .net core httpsys exception - Access Denied

Question

I'am having trouble to find the right permission to give to a domain service account to be able to run my api (as a Windows Service).

I'm propbably missing something, so any help would appreciated :)

I registered the proper url with netsh. I can run the service with my user account (which is admin like). I am able to run the service if I listen to http://localhost:28000/public/v1/ but not with port localhost:80 or anything else than localhost. I added my service account in the Administrators group, same error.

I'm working on virtual machine running Windows Server 2016 Standard. A domain is configured and I am the only computer on the domain.

Thanks

Here is the full stack trace:

info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0] User profile is available. Using 'C:\Users_esbapi\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest. info: Microsoft.AspNetCore.Server.HttpSys.HttpSysListener[0] Start info: Microsoft.AspNetCore.Server.HttpSys.HttpSysListener[0] Listening on prefix: http://localhost:80/public/v1/ fail: Microsoft.AspNetCore.Server.HttpSys.HttpSysListener[0] Start Microsoft.AspNetCore.Server.HttpSys.HttpSysException (0x80004005): Access is denied at Microsoft.AspNetCore.Server.HttpSys.UrlGroup.RegisterPrefix(String uriPrefix, Int32 contextId) at Microsoft.AspNetCore.Server.HttpSys.UrlPrefixCollection.RegisterAllPrefixes(UrlGroup urlGroup) at Microsoft.AspNetCore.Server.HttpSys.HttpSysListener.Start()

Unhandled Exception: Microsoft.AspNetCore.Server.HttpSys.HttpSysException: Access is denied at Microsoft.AspNetCore.Server.HttpSys.UrlGroup.RegisterPrefix(String uriPrefix, Int32 contextId) at Microsoft.AspNetCore.Server.HttpSys.UrlPrefixCollection.RegisterAllPrefixes(UrlGroup urlGroup) at Microsoft.AspNetCore.Server.HttpSys.HttpSysListener.Start() at Microsoft.AspNetCore.Server.HttpSys.MessagePump.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken) at Microsoft.AspNetCore.Hosting.Internal.WebHost.d__26.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Hosting.WebHostExtensions.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Hosting.WebHostExtensions.d__4.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
at EventsServiceHost.StartConsole() in EventsServiceHost.cs:line 22
at Program.Main(String[] args) in Program.cs:line 38

Answer 1

Here is a reply in case someone else comes across the issue.

netsh http add urlacl url=https://DNSALIAS:PORT/ user=DOMAIN\SERVICEACCOUNT

This assumes:

• You have created a DNS entry pointing to the host where the service is running
• PORT has been bound to the host DNS entry
• Service account was created in AD

If the service is already bound to another port, you will need to first issue a delete command

netsh http delete urlacl url=https://DNSALIAS:PORT/

Also make sure your service account has permissions to write log files in the environment where this will be running.