I am hosting Kestrel (.Net 8) as a Windows Service using https and loading a certificate from the local machine store. If I run the service as local system everything works and I can hit a swagger endpoint. When I run as a specified local user, the log files show Kestrel successfully starting up but I am unable to hit the swagger endpoint. If I make the user a local admin, then it starts working - in the sense that I can now hit that endpoint.
My question is why? What groups/permissions etc must my local user have in order for me to be able to see this endpoint? In this instance, I am logged onto the machine and going to a localhost endpoint.