Getting started

The simplest way to get started with self-host is to create a new console app and install the Microsoft.Owin.SelfHost nuget package. The ReadMe.txt included in that package has the code you need to get started.

Configuring the system

Most HTTP servers on Windows rely on the underlying Http.Sys kernel mode driver to listen for requests and do initial processing. If you're using IIS then you can use the IIS management UI to configure everything. However, if you're using a selfhost server like HttpListener then you need to configure Http.Sys yourself using NetSh.exe from an admin command prompt. There are two common items you may need to configure: reserving uri prefixes so you don't have to run your application as administrator, and assigning SSL certificates.

NetSh.exe is not an easy tool to use for most beginners. The bare minimum needed to reserve a uri prefix is "netsh http add urlacl url=http://+:8080/ user=Users". Assigning an SSL certificate looks like "netsh http add sslcert ipport= certhash=MyCertHash_Here appid={00000000-0000-0000-0000-000000000000}". Removing or updating entries is similarly difficult.

Here are instructions for configuring several scenarios:

A good GUI tool for NetSh operations would simplify this setup for selfhost developers and administrators. While there is nothing in box, I did find the following 3rd party tools online.

This application includes UI for listing and configuring SSL certificates and options, prefix reservations, and certificate trust lists. It runs as administrator by default, so you can always edit the configuration. Everything worked fine for me, and I even discovered a few config options I didn't know where available in NetSh.exe.

This app is named after NetSh.exe's predecessor httpcfg.exe. It also runs as admin by default, and allows listing or configuring SSL certs and uri prefixes. This tool has a more refined UI than HttpSysManager and exposes a few more configuration options, but otherwise it provides similar functionality. It could not create a new CTL, but could still assign existing ones. I couldn't figure out what the Listeners tab was for though.

MakeCert.exe is the recommended tool for generating self-signed SSL certificates for testing, but it's not any easier to use than NetSh.exe. Here are some 3rd party UI tools can be used to generate self-signed SSL certificates:

Last edited Nov 20, 2013 at 7:28 PM by Tratcher, version 1


rpetz Feb 18, 2015 at 6:57 PM 
I've built a NetSH library in C# to make it easier to get things done in c#. It provides a fluent API to access all of the NetSH Http context, allowing you to query information out of it in code as well as allowing you to add/delete information.

This project will launch a command line window silently in the background and execute the appropriate commands, using whatever elevation the current application is running under.

For example, the following will add in the UrlAcl value and a certificate for the examples given in this article:
NetSH.CMD.Http.Add.UrlAcl("https://+:8080/", "Users");
NetSH.CMD.Http.Add.SSLCert("", "MyCertHash", "AppId");

As another example, if you want to validate that a port isn't already taken with another certificate before attempting to register it:

var portIsTaken = NetSH.CMD.Http.Show.SSLCert("").ResponseObject.Any();

This allows you to then handle this case in code correctly.

Project site:

It's available on NuGet as well:
Install-Package SharpNetSH