Ask a Question related to ASP.NET Web Services, Design and Development.
-
Nikolay Petrov #1
Can't read/write to Registry
Why I always get 'Requested registry access is not allowed' when i try to
Read/Write to Windows Registry from ASP service. I use ASP NET account?
Also granted full permissions to required Registry keys.
What is the problem?
TIA
Nikolay Petrov Guest
-
Cannot write to Windows Registry (VB .NET)
I cannot write to windows registry using ASP .NET account. I have made a key in HKEY_LOCAL_MACHINE\Software and granted full access to ASP .NET... -
How to read the windows registry?
I can successfully open the 'WScript.Shell' COM object but cannot seem to access the 'HKEY_CURRENT_CONFIG' root system. I am trying to read the... -
Unable to write to Windows Registry using XML Web Service
Hiya, at this very moment I'm trying to write an XML Web Service for reading and writing configuration/registry settings. But for some reason I... -
can flash write to registry?
i'm not certain, but i believe that distributing a .REG file (text file with registry modification instructions in it) and running it in the flash... -
File system get auto change from read-write to read-oly
I have a very strange file system with OS Redhat 7.2 The file system is read-write, but some how it randomly changes to read-only at any time.... -
Nikolay Petrov #2 Can't read/write to Registry
Why I always get 'Requested registry access is not allowed' when i try to
Read/Write to Windows Registry from ASP service. I use ASP NET account?
Also granted full permissions to required Registry keys.
What is the problem?
TIA
Nikolay Petrov Guest
-
Daniel Fisher\(lennybacon\) #3 Re: Can't read/write to Registry
Your code is in the CodeGroup Internet/Intranet cause it's ASP.NET - that
blocks the access.
--
Daniel Fisher(lennybacon)
MCP ASP.NET C#
Blog: [url]http://www.lennybacon.com/[/url]
"Nikolay Petrov" <johntup2_nospam_@mail.bg> wrote in message
news:e4IrHCYzEHA.3820@TK2MSFTNGP11.phx.gbl...> Why I always get 'Requested registry access is not allowed' when i try to
> Read/Write to Windows Registry from ASP service. I use ASP NET account?
> Also granted full permissions to required Registry keys.
> What is the problem?
>
> TIA
>
Daniel Fisher\(lennybacon\) Guest
-
Daniel Fisher\(lennybacon\) #4 Re: Can't read/write to Registry
Your code is in the CodeGroup Internet/Intranet cause it's ASP.NET - that
blocks the access.
--
Daniel Fisher(lennybacon)
MCP ASP.NET C#
Blog: [url]http://www.lennybacon.com/[/url]
"Nikolay Petrov" <johntup2_nospam_@mail.bg> wrote in message
news:e4IrHCYzEHA.3820@TK2MSFTNGP11.phx.gbl...> Why I always get 'Requested registry access is not allowed' when i try to
> Read/Write to Windows Registry from ASP service. I use ASP NET account?
> Also granted full permissions to required Registry keys.
> What is the problem?
>
> TIA
>
Daniel Fisher\(lennybacon\) Guest
-
Nikolay Petrov #5 Re: Can't read/write to Registry
I hear about Code Groups for first time. What are they?
Any workaround to my prob?
"Daniel Fisher(lennybacon)" <info@(removethis)lennybacon.com> wrote in
message news:%231jSgJYzEHA.2316@TK2MSFTNGP15.phx.gbl...> Your code is in the CodeGroup Internet/Intranet cause it's ASP.NET - that
> blocks the access.
>
> --
> Daniel Fisher(lennybacon)
> MCP ASP.NET C#
> Blog: [url]http://www.lennybacon.com/[/url]
>
>
> "Nikolay Petrov" <johntup2_nospam_@mail.bg> wrote in message
> news:e4IrHCYzEHA.3820@TK2MSFTNGP11.phx.gbl...>>> Why I always get 'Requested registry access is not allowed' when i try to
>> Read/Write to Windows Registry from ASP service. I use ASP NET account?
>> Also granted full permissions to required Registry keys.
>> What is the problem?
>>
>> TIA
>>
>
Nikolay Petrov Guest
-
Nikolay Petrov #6 Re: Can't read/write to Registry
I hear about Code Groups for first time. What are they?
Any workaround to my prob?
"Daniel Fisher(lennybacon)" <info@(removethis)lennybacon.com> wrote in
message news:%231jSgJYzEHA.2316@TK2MSFTNGP15.phx.gbl...> Your code is in the CodeGroup Internet/Intranet cause it's ASP.NET - that
> blocks the access.
>
> --
> Daniel Fisher(lennybacon)
> MCP ASP.NET C#
> Blog: [url]http://www.lennybacon.com/[/url]
>
>
> "Nikolay Petrov" <johntup2_nospam_@mail.bg> wrote in message
> news:e4IrHCYzEHA.3820@TK2MSFTNGP11.phx.gbl...>>> Why I always get 'Requested registry access is not allowed' when i try to
>> Read/Write to Windows Registry from ASP service. I use ASP NET account?
>> Also granted full permissions to required Registry keys.
>> What is the problem?
>>
>> TIA
>>
>
Nikolay Petrov Guest
-
Dan Rogers #7 Re: Can't read/write to Registry
Hi,
In general you don't want a web exposed method to read/write from the
registry. The potential for bottlenecking around the registry access is
high, and registry access is considered too slow for transactional updates.
The code access group for internet facing code creates a sand box that
protects the system from exposure to attacks thru the internet. Disabling
this protection is not recommended.
If you need to make periodic adjustments of this type, you may wish to
create a COM+ component (no transactions) that updates the registry key and
runs as a different machine account. This is the simplest way to
circumvent the protections without turning them off. If you do decide that
you need this functionality to be driven from a web facing request, I
advise you to never expose this to an unprotected (firewalled, intranet)
environment, and strongly recommend that this not be considered
"production" quality design.
Best regards
Dan Rogers
Microsoft Corporation
--------------------<#1jSgJYzEHA.2316@TK2MSFTNGP15.phx.gbl>>From: "Nikolay Petrov" <johntup2_nospam_@mail.bg>
>References: <e4IrHCYzEHA.3820@TK2MSFTNGP11.phx.gbl>microsoft.public.dotnet.framework.aspnet,microsoft .public.dotnet.framework.a>Subject: Re: Can't read/write to Registry
>Date: Thu, 18 Nov 2004 20:23:56 +0200
>Lines: 28
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>X-RFC2646: Format=Flowed; Response
>Message-ID: <#CInfvZzEHA.924@TK2MSFTNGP10.phx.gbl>
>Newsgroups:
spnet.security,microsoft.public.dotnet.framework.a spnet.webservices,microsof
t.public.dotnet.framework.webservices,microsoft.pu blic.dotnet.securitycpmsftngxa10.phx.gbl!TK2MSFTFEED02.phx.gbl!TK2MSFT NGP08.phx.gbl!TK2MSFTNGP10>NNTP-Posting-Host: 212.95.179.134
>Path:
..phx.gblmicrosoft.public.dotnet.framework.aspnet.security: 12329>Xref: cpmsftngxa10.phx.gbl
microsoft.public.dotnet.framework.aspnet.webservic es:26690
microsoft.public.dotnet.framework.webservices:7541
microsoft.public.dotnet.security:8221
microsoft.public.dotnet.framework.aspnet:277133that>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservic es
>
>I hear about Code Groups for first time. What are they?
>Any workaround to my prob?
>
>
>"Daniel Fisher(lennybacon)" <info@(removethis)lennybacon.com> wrote in
>message news:%231jSgJYzEHA.2316@TK2MSFTNGP15.phx.gbl...>> Your code is in the CodeGroup Internet/Intranet cause it's ASP.NET -to>> blocks the access.
>>
>> --
>> Daniel Fisher(lennybacon)
>> MCP ASP.NET C#
>> Blog: [url]http://www.lennybacon.com/[/url]
>>
>>
>> "Nikolay Petrov" <johntup2_nospam_@mail.bg> wrote in message
>> news:e4IrHCYzEHA.3820@TK2MSFTNGP11.phx.gbl...>>> Why I always get 'Requested registry access is not allowed' when i try>>>>>> Read/Write to Windows Registry from ASP service. I use ASP NET account?
>>> Also granted full permissions to required Registry keys.
>>> What is the problem?
>>>
>>> TIA
>>>
>>
>
>Dan Rogers Guest
-
Dan Rogers #8 Re: Can't read/write to Registry
Hi,
In general you don't want a web exposed method to read/write from the
registry. The potential for bottlenecking around the registry access is
high, and registry access is considered too slow for transactional updates.
The code access group for internet facing code creates a sand box that
protects the system from exposure to attacks thru the internet. Disabling
this protection is not recommended.
If you need to make periodic adjustments of this type, you may wish to
create a COM+ component (no transactions) that updates the registry key and
runs as a different machine account. This is the simplest way to
circumvent the protections without turning them off. If you do decide that
you need this functionality to be driven from a web facing request, I
advise you to never expose this to an unprotected (firewalled, intranet)
environment, and strongly recommend that this not be considered
"production" quality design.
Best regards
Dan Rogers
Microsoft Corporation
--------------------<#1jSgJYzEHA.2316@TK2MSFTNGP15.phx.gbl>>From: "Nikolay Petrov" <johntup2_nospam_@mail.bg>
>References: <e4IrHCYzEHA.3820@TK2MSFTNGP11.phx.gbl>microsoft.public.dotnet.framework.aspnet,microsoft .public.dotnet.framework.a>Subject: Re: Can't read/write to Registry
>Date: Thu, 18 Nov 2004 20:23:56 +0200
>Lines: 28
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>X-RFC2646: Format=Flowed; Response
>Message-ID: <#CInfvZzEHA.924@TK2MSFTNGP10.phx.gbl>
>Newsgroups:
spnet.security,microsoft.public.dotnet.framework.a spnet.webservices,microsof
t.public.dotnet.framework.webservices,microsoft.pu blic.dotnet.securitycpmsftngxa10.phx.gbl!TK2MSFTFEED02.phx.gbl!TK2MSFT NGP08.phx.gbl!TK2MSFTNGP10>NNTP-Posting-Host: 212.95.179.134
>Path:
.phx.gblmicrosoft.public.dotnet.framework.aspnet.security: 12329>Xref: cpmsftngxa10.phx.gbl
microsoft.public.dotnet.framework.aspnet.webservic es:26690
microsoft.public.dotnet.framework.webservices:7541
microsoft.public.dotnet.security:8221
microsoft.public.dotnet.framework.aspnet:277133that>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservic es
>
>I hear about Code Groups for first time. What are they?
>Any workaround to my prob?
>
>
>"Daniel Fisher(lennybacon)" <info@(removethis)lennybacon.com> wrote in
>message news:%231jSgJYzEHA.2316@TK2MSFTNGP15.phx.gbl...>> Your code is in the CodeGroup Internet/Intranet cause it's ASP.NET -to>> blocks the access.
>>
>> --
>> Daniel Fisher(lennybacon)
>> MCP ASP.NET C#
>> Blog: [url]http://www.lennybacon.com/[/url]
>>
>>
>> "Nikolay Petrov" <johntup2_nospam_@mail.bg> wrote in message
>> news:e4IrHCYzEHA.3820@TK2MSFTNGP11.phx.gbl...>>> Why I always get 'Requested registry access is not allowed' when i try>>>>>> Read/Write to Windows Registry from ASP service. I use ASP NET account?
>>> Also granted full permissions to required Registry keys.
>>> What is the problem?
>>>
>>> TIA
>>>
>>
>
>
---------------
Posted using Community Server NewsReader, Alpha
Learn more at [url]www.communityserver.org[/url]
Dan Rogers Guest
-
Frank #9 RE: Can't read/write to Registry
I'm trying to create an application log from Visual Studio and ran into the
'Requested registry access is not allowed' error.
I'm not sure how much of this is required, but it got things working:
- Using the WIndows User Account manager I added ASPNET to the power users
group.
- In the registry at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\Application I
did rt. mouse | permissions | Advanced | selected Power Users | Edit |
selected Set Value and Create Subkey | save everything
- In C:\Windows\Microsoft.NET\Framework\v1.1.4322\CONFI G\mmachine.config
modified the identify impersonate element to <identity impersonate="true"
userName="myAdminUser" password="myAdminPswd"/>
Given all the various 'solutions' I've read and how many work/don't its
pretty clear that when MS just turned on all their security they exposed an
utter mess. It is pretty clear that it is horribly designed and documented.
It also seems pretty clear that as I have to disable/modify security in
various places to get thigns working (including MS apps) that I'm just
opening the holes back up. The replies from the MS people make it clear that
they don't understand it much better. What a mess!
Frank Guest
-
Frank #10 RE: Can't read/write to Registry
I'm trying to create an application log from Visual Studio and ran into the
'Requested registry access is not allowed' error.
I'm not sure how much of this is required, but it got things working:
- Using the WIndows User Account manager I added ASPNET to the power users
group.
- In the registry at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\Application I
did rt. mouse | permissions | Advanced | selected Power Users | Edit |
selected Set Value and Create Subkey | save everything
- In C:\Windows\Microsoft.NET\Framework\v1.1.4322\CONFI G\mmachine.config
modified the identify impersonate element to <identity impersonate="true"
userName="myAdminUser" password="myAdminPswd"/>
Given all the various 'solutions' I've read and how many work/don't its
pretty clear that when MS just turned on all their security they exposed an
utter mess. It is pretty clear that it is horribly designed and documented.
It also seems pretty clear that as I have to disable/modify security in
various places to get thigns working (including MS apps) that I'm just
opening the holes back up. The replies from the MS people make it clear that
they don't understand it much better. What a mess!
Frank Guest
-
Dan Rogers #11 RE: Can't read/write to Registry
Hi Frank,
Thanks for sharing your feelings on this. A great deal of thought went
into defining the changes that were made, and in every case where an impact
to existing behavior was made, a great deal of thought was given. In this
particular case, there is definitely a difference of opinion as to what is
a reasonable practice, from a secure application point of view.
If you were to ask my advice about "should I add my ASPNET user to the
power users group, and then change the permissions on the registry and on
the event logging service to allow an anonymous and unsecured user to
update my system's core control files", I think my answer would be "what
are you crazy?". But that's just the response I'd give to a friend or
professional colleague with whom I was comforatable enough that I know they
wouldn't interpret my reaction as a personal attack. For the remainder of
the people, my response would be "We cannot, in good faith, recommend that
anyone ever consider doing this and considering it an adequate solution."
The issues that you are opening up here are legion, but primarily
associated with taking your application out of the sand box. Other issues
will relate to perf in high volume scenarios. In general, using the
registry as a data store is a bad idea - it is best suited for system
settings that change infrequently, or for managing the local logged in
users user experience.
Other solutions for writing application log entries include using the
managed code methods that let you write application log entries, so I'm not
sure what prevented you from doing this.
Sorry if I do not project confidence in the approach you have chosen. I
respect your right to your own approach and conclusions.
Best regards
Dan Rogers
Microsoft Corporation
--------------------microsoft.public.dotnet.framework.aspnet,microsoft .public.dotnet.framework.a>Thread-Topic: Can't read/write to Registry
>thread-index: AcTZXm1l13msAgfSQSWux/x+hMkYuQ==
>X-WBNR-Posting-Host: 66.68.170.38
>From: "=?Utf-8?B?RnJhbms=?=" <Frank@discussions.microsoft.com>
>References: <e4IrHCYzEHA.3820@TK2MSFTNGP11.phx.gbl>
>Subject: RE: Can't read/write to Registry
>Date: Fri, 3 Dec 2004 09:35:05 -0800
>Lines: 26
>Message-ID: <98AEDAC1-803D-4DD6-9D83-ACFB85317895@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups:
spnet.security,microsoft.public.dotnet.framework.a spnet.webservices,microsof
t.public.dotnet.securitymicrosoft.public.dotnet.framework.aspnet.security: 12506>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGXA03.phx.gbl
>Xref: cpmsftngxa10.phx.gbl
microsoft.public.dotnet.framework.aspnet.webservic es:27020
microsoft.public.dotnet.security:8402
microsoft.public.dotnet.framework.aspnet:280768the>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservic es
>
>I'm trying to create an application log from Visual Studio and ran intousers>'Requested registry access is not allowed' error.
>
>I'm not sure how much of this is required, but it got things working:
>
> - Using the WIndows User Account manager I added ASPNET to the powerI>group.
>
> - In the registry at
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\Eventlog\Applicationan>did rt. mouse | permissions | Advanced | selected Power Users | Edit |
>selected Set Value and Create Subkey | save everything
>
> - In C:\Windows\Microsoft.NET\Framework\v1.1.4322\CONFI G\mmachine.config
>modified the identify impersonate element to <identity impersonate="true"
>userName="myAdminUser" password="myAdminPswd"/>
>
>Given all the various 'solutions' I've read and how many work/don't its
>pretty clear that when MS just turned on all their security they exposeddocumented.>utter mess. It is pretty clear that it is horribly designed andthat>It also seems pretty clear that as I have to disable/modify security in
>various places to get thigns working (including MS apps) that I'm just
>opening the holes back up. The replies from the MS people make it clear>they don't understand it much better. What a mess!
>
>
>Dan Rogers Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
