I hit this problem as soon as I tried writing a self-hosting service using HTTP transport. Due to User Account Control (UAC) security in Vista and Windows 7, if a host application is not running under an elevated account and is trying to host a WCF service with HTTP bindings, it will throw an AddressAccessDeniedException.
This is because listening at a particular HTTP address is reserved for accounts with
administrator permissions and by default, applications on Vista and Windows 7 run with standard user permissions for improved security. To solve this problem, the built-in Administrator account (which owns the entire HTTP namespace) must change a portion of the namespace reservation for a specified user account. This can be done using the netsh command.
Run cmd.exe as Administrator (otherwise the command will fail) and type the following replacing <port>, <DOMAIN> and <user> with the required values. The + is a wildcard for any URL, but you must give an explicit port number in the range 1024-65535 to avoid conflicts with reserved values.
netsh http add urlacl url=http://+:<port>/ user=<DOMAIN>\<user>
An application running under the specified user account will now be able to listen for HTTP traffic on that port. Obviously this issue doesn’t apply to services which only expose endpoints with TCP bindings, or running on Windows XP.