Raf's laboratory Raffaele Rialdi personal website

When you need to publish a WCF or WWS service or an application that must listen on http, you must reserve an http namespace.

Since Windows 2003 there is a new Http handler in kernel mode that handle/route the request to applications. This way you can listen to a single address/port couple from multiple applications, even if this is normally forbidden in tcp/ip.

Http.sys does the trick and handles in kernel mode all the request and route them to the appropriate application using the host headers to map a request. This means that you need two things:

1. Create a configuration record that declare the shape of the url to map
2. Assign the appropriate ACL so that only the process who has an appropriate token can request the mapping to itself. Without ACL a malware could map an endpoint to itself and this is certainly to avoid.

HttpNamespace is a Win32 utility that does these two things. In order to be pleasantly used during a setup "custom action", I decided its features:

• Minimum dependencies. The utility does not require .NET Framework. It depends from httpapi.dll and the Visual C++ runtime version 9.
• Small size: only 32K
• Runs in the GUI subsystem. The utility can be run from a console and dynamically attach the console if found. Otherwise it runs without opening the annoying console.
• The utility can be used from a normal user in readonly mode. To add or delete configuration records, the utility requires administrative privileges, otherwise an error is displayed ("The request could not be processed").
• The utility obviously have to use the syntax described here to record a namespace.
• The permission assigned for User or Group is "eXecute" (hardcoded). AFAIK this is sufficient for most applications.

>httpnamespace

>

HttpNamespace v1.0 Copyright(c) Raffaele Rialdi, 2007-2009

Blog: http://blogs.ugidotnet.org/raffaele  -  http://www.iamraf.net/tools

Utility to View, Add or Remove configuration records

for the HTTP Server API configuration store

You are free to copy and redistribuite this utility

but not to modify or patch it

Usage:

HttpNamespace                   View records

HttpNamespace -u Url            Remove record for the specified Url

HttpNamespace -a Url User       Add a record and grant eXecute to User or Group

Url format help:  http://msdn2.microsoft.com/en-us/library/aa364687.aspx

http://+:8731/Design_Time_Addresses/

        NT AUTHORITY\INTERACTIVE        GENERIC_EXECUTE

.....

Why another utility? Because in Windows 2003 there was no preinstalled utility to do this configuration. Furthermore from Vista and beyond the utility correctly changed to netsh, as you can see from Nicholas 'WCF guru'.