We were getting the following error trying to deploy a new WCF service because the domain account which runs the service was not a local admin on the server on which it was installed:
Service cannot be started. System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:8000/ourservice/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details).
The easy fix would have been to add the user as a local admin, but that's not the most security way to resolve the issue.
On a Windows Server 2008 and later box one could run the following command which should resolve the issue:
netsh http add urlacl url=http://+:PORTNUM/ user=DOMAIN\USERNAME
Since this particular application server didn't run 2008/2008R2 we had to use the httpcfg.exe
program from the SUPPORT folder on the Windows Server 2003 installation media. This program requires one to specify a SID for the user who will run the service. A quick PowerShell command helps gather this information:
([wmi]"win32_userAccount.Domain='NETBIOSDOMAIN',name='USERNAME'").sid
This command will return the Security Identifier for your service account user. which should be in the form:
S-1-5-21-111231111-999991543-123445314-99999
Then run:
httpcfg set urlacl -u http://+:8000/yourservice/ -a D:(A;;GX;;;SVC_ACCT_SID)
Replace the SVC_ACCT_SID
with the SID that the PowerShell command returned.
That should be all you need. Your WCF service should now start without errors.
Good luck,
Flux.