How to replace the WCF URL reservation with a restricted reservation

This article describes how to delete the Windows Communication Foundation (WCF) URL reservation in Windows Server 2008 or in Windows Vista. This article also describes how to re-create the reservation by using a discretionary access control list (DACL).

The concept of the URL reservation for shared listeners was introduced to restrict the number of users who can receive messages on each part of the HTTP namespace. A reservation consists of the following elements:

• A URL template on which the reservation applies
• A DACL to restrict the number of users
• Flags that indicate whether the reservation is for permission to listen or to delegate control of the namespace

A shared HTTP listener can be started only if there is a DACL on that address that enables the listening process. The lack of a reservation denies access to everyone.

As part of the default operating system configuration, WCF creates a globally available reservation for port 80. This reservation enables all users to write applications that can use dual HTTP binding for duplex communication. However, because the DACL on this reservation applies to everyone, the administrator cannot explicitly enable or disable access to the WCF listener URL.

Note In Windows Server 2008 or in Windows Vista, you can view all the HTTP URL reservations in a Command Prompt window. To do this, type the following command at the command prompt:

Note You must be an administrator to perform the following procedures.

Delete the WCF URL reservation

To delete the WCF URL reservation, follow these steps:

1. Click Start
   , point to All Programs, click Accessories, right-click Command Prompt, and then click Run as Administrator.
   
   
   If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.
2. At the command prompt, type the following command:
   netsh http delete urlacl url=http://+:80/Temporary_Listen_Addresses/

If the reservation is deleted successfully, you receive the following message:

Replace the WCF URL reservation with a restricted reservation

To replace the WCF URL reservation with a restricted reservation, follow these steps:

1. Delete the current WCF URL reservation. To do this, follow these steps:
   1. Click Start
      , point to All Programs, click Accessories, right-click Command Prompt, and then click Run as Administrator.
      
      
      If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.
   2. At the command prompt, type the following command:
      netsh http delete urlacl url=http://+:80/Temporary_Listen_Addresses/
   If the reservation is deleted successfully, you receive the following message:
   URL reservation successfully deleted
2. Create a new security group. To do this, follow these steps:
   1. Click Start
      , point to All Programs, click Accessories, right-click Command Prompt, and then click Run as Administrator.
      
      
      If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.
   2. Click System Tools, click Local Users and Groups, right click the Groups folder, and then click New Group.
   3. Type the desired Group Name, Description, and other details about the new security group.
   4. Click Create.
3. Create the restricted reservation. To do this, follow these steps:
   1. Click Start
      , point to All Programs, click Accessories, right click Command Prompt, and then click Run as Administrator.
      
      
      If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.
   2. At the command prompt, type the following command:
      netsh http add urlacl url=http://+:80/Temporary_Listen_Addresses/ user="<machine name>\<security group name>"
   If the reservation is added successfully, you receive the following message:
   URL reservation successfully added