I'm using self-hosted Web API, via HttpServiceHost.
When I ask it to listen on http://localhost:4445, it actually tries to listen on http://+:4445. That's a wildcard in HTTP.sys terminology, which means it's trying to listen to remote connections as well. This then requires admin rights, or a pre-granted
ACL via netsh.
I get the same problem for http://127.0.0.1:4445.
Is there a way to get Web API to not translate my request for a local listener into a wildcard?
(Personally, I think this is a security bug. If I ask for a local listener, it should be local. If I want to listen to remote connections, I'll ask for it.)