Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Launch server without administrator rights
XPTCorentin
#1 Posted : Thursday, July 7, 2016 9:49:16 AM(UTC)
Groups: Member
Joined: 7/7/2016(UTC)
Posts: 2

Hi everybody,

I have a problem with a Cassini Server I use in a .NET application.
If I don't run application as Administrator, Cassini server doesn't start, with the following error :

Error : Need to run as administrator/elevated to test whether HttpListener can listen to "http://*:8081/".

I start Cassini server like that :

_appEntry = Metabase.GetWebAppEntry(_appGuid);
_appEntry.AppType = ApplicationType.AspNetOrStaticHtml;
_appEntry.ApplicationName = "WBTManagerOffline";
_appEntry.ApplicationDescription = "";
_appEntry.PhysicalDirectory = _appPath;
_appEntry.DefaultDocument = "default.aspx";
_appEntry.VirtualDirectory = "/";
_appEntry.ListenAddresses.Clear();
//ListenAddress listenAddress = new ListenAddress((ushort)_appPort);
ListenAddress listenAddress = new ListenAddress("http://localhost:"+_appPort.ToString()+"/");
_appEntry.ListenAddresses.Add(listenAddress);
//Metabase.RegisterApplication(RuntimeVersion.AspNet_1_2or3x, true, true, ProcessIdentity.LocalSystem, _appEntry);
//Metabase.RegisterApplication(RuntimeVersion.AspNet_1_2or3x, true, true, ProcessIdentity.NetworkService, _appEntry);
Metabase.RegisterApplication(RuntimeVersion.AspNet_4, true, true, ProcessIdentity.NetworkService, _appEntry);
return (Metabase.WaitForAppToStart(_appGuid, nLoadDelay));

Should I do something to launch this without aving administrator rights ???

Thanks a lot,
Corentin
Ultidev Team
#2 Posted : Friday, July 8, 2016 1:06:15 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi,

Admin privileges are required in order to expose the computer to inbound http traffic. That's not an accident, that's by design because regular non-admin users should not be able to do things that have potentially serious security implications.

We hope this explanation helps.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
XPTCorentin
#3 Posted : Monday, July 11, 2016 2:33:06 AM(UTC)
Groups: Member
Joined: 7/7/2016(UTC)
Posts: 2

My application has to be installed on multiple stations in a "learning room" and then to be launched by students to access html local contents. It could also be installed by administrators on the student's computer.
If installation will be made by users with administration rights, it is not the case of the students. So, if I can't run the server without admin rights ... I can't run my application.
Ultidev Team
#4 Posted : Tuesday, July 12, 2016 1:47:01 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi,

UWS would have to be installed in admin mode. After that, UWS Interactive Host can be started by regular users with no admin rights. When UWS Interactive Host is running, applications it hosts can be reached only from the same computer, and not from another machine. An easy way to start UWS Interactive Host running an existing ASP.NET application is to right-click the folder with the application and then "Run as UWS app.." menu item, as shown on the attached screenshot.

Best regards,
UltiDev Team.
Ultidev Team attached the following image(s):
Ultidev Team attached the following image(s): UWS Interactive folder right-click starter.png
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
liline
#5 Posted : Wednesday, August 31, 2016 5:39:30 AM(UTC)
Groups: Member
Joined: 8/31/2016(UTC)
Posts: 8
Location: france

Thanks: 2 times
Ultidev Team;13708 wrote:
Hi,

UWS would have to be installed in admin mode. After that, UWS Interactive Host can be started by regular users with no admin rights. When UWS Interactive Host is running, applications it hosts can be reached only from the same computer, and not from another machine. An easy way to start UWS Interactive Host running an existing ASP.NET application is to right-click the folder with the application and then "Run as UWS app.." menu item, as shown on the attached screenshot.

Best regards,
UltiDev Team.


Hello, i encountred the same problem as XPTCorentin,
i would like to know if we can work arround this by adding a reserved url
suc as:

netsh http add urlacl url=http://+:8080/ user=Everyone

However, i have some doubts about user value and would to know if it is possible to set "ASP 4.0 app"

any suggestion please? it's an emergency case.. :(
Ultidev Team
#6 Posted : Wednesday, August 31, 2016 9:07:44 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi,

Inability to register a listener by non-admin user to process request coming from the outside is a security feature. We are pretty sure that the netsh command launched from non-admin user account will fail - exactly because non-admin users should not able to open the system up to the outside world. (Also, "C:\Program Files (x86)\UltiDev\Web Server\UWS.RegApp.exe" does more than what netsh does to register an application.)

Only admins can install listeners opening the system to the outside world. Therefore, assuming you install UWS as a part of your product installation, since the installer normally requires administrator privileges, installation time is the best time to install the UWS and register your web application at the same time.

Here's the link to application registration documentation for more information:
http://ultidev.com/Forum...ations-Demystified.aspx

Please let us know if this is not clarifies the issue.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
liline
#7 Posted : Friday, September 9, 2016 12:12:47 PM(UTC)
Groups: Member
Joined: 8/31/2016(UTC)
Posts: 8
Location: france

Thanks: 2 times
Hello,
Thanks for your answer,

Could you please give me more details about this suggestions "installation time is the best time to install the UWS and register your web application at the same time."

Actually i generate the installable using ".nsi" file with NSIS,

my package contains:
simple application: includes UWS.dll, parameters (url web site, language, port number) where the registration of my webApplication is doing via UWS Configuration .NET API

WebApplication: the website a want to register and host on cassini server

How could i "replace" the registration witch happens DURONG THE EXECUTION VIA THE API (after installation)..by Registration DURING INSTALLATION? (i use .nsi file)
Ultidev Team
#8 Posted : Friday, September 9, 2016 7:58:50 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi,

This document provides information on how to bundle UWS with your installation package. It does not have NSIS-baed example, but has a few others, including InstallShield and VS Setup Project.

Please note that it's not enough to bundles UWS dlls with your application. You have to ship UWS MSI package unbroken and launch its installation as a prerequisite, before installation of your application begins. This way, when your application starts installing, UWS is already there, and UWS command line and API registration facilities are in place and can be used in post-installation steps of your installer (still running as admin and therefore capable of registering an outside world-facing web application.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
liline
#9 Posted : Monday, September 12, 2016 11:02:25 AM(UTC)
Groups: Member
Joined: 8/31/2016(UTC)
Posts: 8
Location: france

Thanks: 2 times
Ultidev Team;13762 wrote:
Hi,

This document provides information on how to bundle UWS with your installation package. It does not have NSIS-baed example, but has a few others, including InstallShield and VS Setup Project.

Please note that it's not enough to bundles UWS dlls with your application. You have to ship UWS MSI package unbroken and launch its installation as a prerequisite, before installation of your application begins. This way, when your application starts installing, UWS is already there, and UWS command line and API registration facilities are in place and can be used in post-installation steps of your installer (still running as admin and therefore capable of registering an outside world-facing web application.

Best regards,
UltiDev Team.


It seems that is working on my computer, i effectively used ExecWait 'msiexec /passive /i $INSTDIR\UltiDev.WebServer.msi'as prerecquisite on .nsi file
also, i have used the latest ltiDev.WebServer.msi

Thanks!
Ultidev Team
#12 Posted : Monday, September 12, 2016 12:28:33 PM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Great!

We are happy we were able help you find a solution.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
liline
#10 Posted : Tuesday, September 13, 2016 3:17:26 AM(UTC)
Groups: Member
Joined: 8/31/2016(UTC)
Posts: 8
Location: france

Thanks: 2 times
liline;13766 wrote:
Ultidev Team;13762 wrote:
Hi,

This document provides information on how to bundle UWS with your installation package. It does not have NSIS-baed example, but has a few others, including InstallShield and VS Setup Project.

Please note that it's not enough to bundles UWS dlls with your application. You have to ship UWS MSI package unbroken and launch its installation as a prerequisite, before installation of your application begins. This way, when your application starts installing, UWS is already there, and UWS command line and API registration facilities are in place and can be used in post-installation steps of your installer (still running as admin and therefore capable of registering an outside world-facing web application.

Best regards,
UltiDev Team.


It seems that is working on my computer, i effectively used ExecWait 'msiexec /passive /i $INSTDIR\UltiDev.WebServer.msi'as prerecquisite on .nsi file
also, i have used the latest ltiDev.WebServer.msi

Thanks!


Today i tried to install it on another computer , it doesnt start without administrator provileges...
do you see something wrong, how to explain that it works on my machine ans not on the other....
may be the other machine has already UltiDev.WebServer installed and it's not the newest version.

..By the way, what do you mean by "UWS MSI package unbroken"?

in the other machine, when launching with "non administrator privilege" i have these exceptions:


While Error 5. HttpDeleteServiceConfiguration (URLACL) failed.: LastError = 0 (0x0)

while Error 5. HttpDeleteServiceConfiguration (URLACL) failed.: LastError = 0 (0x0)

Ihave already thought about SystemUtilites.AclFolder()
Liline
Ultidev Team
#13 Posted : Tuesday, September 13, 2016 8:18:34 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi, Liline,

When you say "it doesnt start without administrator privileges", what is "it"? If it's UltiDev.WebServer.msi or MSIEXEC.EXE, then that's by design - those do require administrative privileges and there is no (and should be no) way around it because installing a web server on a system potentially opens it up to hacker attacks.

Best regards,
UltiDev Team.

Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
liline
#14 Posted : Tuesday, September 13, 2016 8:41:07 AM(UTC)
Groups: Member
Joined: 8/31/2016(UTC)
Posts: 8
Location: france

Thanks: 2 times
Ultidev Team;13771 wrote:
Hi, Liline,

When you say "it doesnt start without administrator privileges", what is "it"? If it's UltiDev.WebServer.msi or MSIEXEC.EXE, then that's by design - those do require administrative privileges and there is no (and should be no) way around it because installing a web server on a system potentially opens it up to hacker attacks.

Best regards,
UltiDev Team.



Hi,

in my NSI file i have:

RequestExecutionLevel admin

ExecWait 'msiexec /passive /i $INSTDIR\UltiDev.WebServer.msi'

and the installation step is done with administrator level

After the installation (witch is done with administrator privileges), the execution of the resulted .exe doesnt register the application ,

what i want is how launch "exe" (after admin installation), without admin privileges,

Also, i saw that the function "UWS.Configuration.Metabase.RegisterApplication" requires administrator privileges and we can alternatively, use SystemUtilites.AclFolder() methods to grant Network Service user access to small subset of the app folders

i tried : SystemUtilites.AclFolder(_appPath, System.Security.AccessControl.FileSystemRights.Modify, System.Security.Principal.WellKnownSidType.NetworkServiceSid);
Metabase.RegisterApplication(RuntimeVersion.AspNet_4, true, true, ProcessIdentity.NetworkService, _appEntry);

Could you please tell me if there is something wrong..? it's not about UltiDev.WebServer.msi or MSIEXEC.EXE but the final exe witch is resulted from the NSIS installation (this installation is donne with admin privilege of cours)


Thanks
Ultidev Team
#15 Posted : Wednesday, September 14, 2016 11:57:30 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Liline,

We would like to clarify something. Installation of UWS, of your application, and registration of your app with UWS, should be done during installation while it's running as administrator. When you say "After the installation ... the execution of the resulted .exe doesnt register the application", it seems to indicate that you are attempting to register an application after the installation, while it should be a part of the installation process, like an installation custom step. Registration of an application should be executed from within the scope of an installer running as administrator.

Also, you won't need low-level functions to ACL folders or running netsh. All you need to do is to run UWS.RegApp.exe as a custom step, at the end of your application installation while it's still running under administrative privileges.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
1 user thanked Ultidev Team for this useful post.
liline on 9/22/2016(UTC)
liline
#17 Posted : Friday, September 16, 2016 7:52:59 AM(UTC)
Groups: Member
Joined: 8/31/2016(UTC)
Posts: 8
Location: france

Thanks: 2 times

Hello,

-Effectively, the installation of UWS is done in the same time with installation of my application,
but it was not the case for registration , witch is done after the installation and when the application is executed.

-Now, i did a correction:
On NSIS file, i have added registration:
;Install UWS
ExecWait 'msiexec /a "$INSTDIR\UltiDev.WebServer.msi"'
;Register application
ExecWait '"$PROGRAMFILES\UltiDev\Web Server\UWS.RegApp.exe" /r /AppId={2af8ee75-5d3a-42d4-9072-dfbd4526dfb9} /path:"$INSTDIR\web" /ddoc:default.aspx /appname:"TestApplication" /clr:4 /vpath:"/"'

i'm testing.
i will keep you in touch,
thanks!

Ultidev Team
#19 Posted : Friday, September 16, 2016 8:25:53 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Sounds good, Liline,

Please let us know how it worked out.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
1 user thanked Ultidev Team for this useful post.
liline on 9/21/2016(UTC)
liline
#21 Posted : Thursday, September 22, 2016 8:38:47 AM(UTC)
Groups: Member
Joined: 8/31/2016(UTC)
Posts: 8
Location: france

Thanks: 2 times
liline;13782 wrote:
Ultidev Team;13779 wrote:
Sounds good, Liline,

Please let us know how it worked out.

Best regards,
UltiDev Team.


Hi,

The good news is that's running without administrator privileges (beacause the registration is done during the installation), it's tested on many machines

The bad one is: in my website i have a web service call, wich doesnt respond..., i'm looking for the reason

Liline



Perfect, it's resolved, because i had to force from 32bits to 64 bits :)
FORCE32BITON64:true

Thanks.

Liline
Guest
#25 Posted : Monday, December 26, 2016 5:46:45 AM(UTC)
Groups:

Message was deleted by a Moderator.
Guest
#26 Posted : Monday, January 8, 2018 9:02:33 PM(UTC)
Groups:

Message was deleted by a Moderator.
Guest
#27 Posted : Wednesday, February 28, 2018 9:10:28 PM(UTC)
Groups:

Message was deleted by a Moderator.
Rss Feed  Atom Feed
Users browsing this topic
Guest (10)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You can vote in polls in this forum.