Registry Error "Access to the Registry Key HKEY_LOCAL..\. is denie

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am attempting to write an encrypted password to the Registry, from a VB
ASP.Net App and similarly read it in a Webservice .

I have tried the RegistryPermissions code etc from the MSDN help,
Dim f As New
RegistryPermission(RegistryPermissionAccess.AllAccess, _
"HKEY_LOCAL_MACHINE\SOFTWARE\")
f.Assert()
?? how does one tie this up to the RegistryKey class?? if at all.

but .. the error persists.
(
I am currently trying to develop this on my DevMachine, (Administrator
rights etc), though this will need to be deployed to a Windows 2000 server or
similar.

Lost (......yet again !) ..
Anybody...?
TIA

Code is as follows

Dim subkey As RegistryKey =
Registry.LocalMachine.CreateSubKey("SOFTWARE\UCT-SPLUS\DbPwd")

which is where the error occurs.. thereafter one assumes the setValue will
work.

subkey.SetValue("DBPwd", sPwdValue)
 
Neal said:
I am attempting to write an encrypted password to the Registry, from a VB
ASP.Net App and similarly read it in a Webservice .
Click to expand...

A web service/app generally logs in as the user IUSER_MACHINENAME.
I have tried the RegistryPermissions code etc from the MSDN help,
Dim f As New
RegistryPermission(RegistryPermissionAccess.AllAccess, _
"HKEY_LOCAL_MACHINE\SOFTWARE\")
f.Assert()
?? how does one tie this up to the RegistryKey class?? if at all.
Click to expand...

It means that the code is requesting permission to access that registry key.
However, just because the code is trusted enough to access said registry
key, does not mean that the user is. Basically the permissions you have are
the intersection of the code and user permissions. Your code has the
relevant CAS (code access security) permissions, but IUSER_MACHINENAME does
not. Therefore, you get the permission denied error. In order for this to
work, but the code and the user must have the relevant permissions.

Generally the HKEY_LOCAL_MACHINE\SOFTWARE\ can only be written to by an
Administrator, and for very good security reasons. Should this key really be
getting stored there? Keep in mind that most (hopefully all) administrators
will not allow IIS to have Administrator privileges, and convincing
administrators to open up registry access to IIS will be tricky.
 
Ok, well not ok.
I tried it with HKEY _CURRENT_USER,... and still the same result.
"Access to the Registry Key .... is denied

(It is my own machine, I have Admin rights....)
3 days wasted...trying to get something supposedly simple right, which took
me all of 5 minutes in Delphi (and I've only had 3 months experience
there..!!)

and then I suppose this will all be revisited upon deploying it to the
Production Server.

Seriously Frustrated

SO... NOW WHERE TO ???

Heres the code..
'//I try and create the subkey "UCT-SPLUS" in HKEY_CURRENT_USER\Software

ie
Try
Dim f As New
RegistryPermission(RegistryPermissionAccess.AllAccess, _
"HKEY_CURRENT_USER\Software")
f.AddPathList(RegistryPermissionAccess.Write,
"HKEY_CURRENT_USER\Software\UCT-SPLUS")
f.Assert()

Dim subkey As RegistryKey =
Registry.CurrentUser.CreateSubKey("Software\UCT-SPLUS\DbPwd")
subkey.SetValue("DBPwd", sPwdValue)
Catch ER As Exception
Throw New Exception("Error writing to Registry : " & ER.Message)
End Try


TIA
Neal

Sean Hederman said:
Neal said:
I am attempting to write an encrypted password to the Registry, from a VB
ASP.Net App and similarly read it in a Webservice .
Click to expand...

A web service/app generally logs in as the user IUSER_MACHINENAME.
I have tried the RegistryPermissions code etc from the MSDN help,
Dim f As New
RegistryPermission(RegistryPermissionAccess.AllAccess, _
"HKEY_LOCAL_MACHINE\SOFTWARE\")
f.Assert()
?? how does one tie this up to the RegistryKey class?? if at all.
Click to expand...

It means that the code is requesting permission to access that registry key.
However, just because the code is trusted enough to access said registry
key, does not mean that the user is. Basically the permissions you have are
the intersection of the code and user permissions. Your code has the
relevant CAS (code access security) permissions, but IUSER_MACHINENAME does
not. Therefore, you get the permission denied error. In order for this to
work, but the code and the user must have the relevant permissions.

Generally the HKEY_LOCAL_MACHINE\SOFTWARE\ can only be written to by an
Administrator, and for very good security reasons. Should this key really be
getting stored there? Keep in mind that most (hopefully all) administrators
will not allow IIS to have Administrator privileges, and convincing
administrators to open up registry access to IIS will be tricky.
Click to expand...
 
YOU have access rights, but IUSR_MachineName doesn't. Since it's running in
IIS, that's the user it logs in with.

Neal said:
Ok, well not ok.
I tried it with HKEY _CURRENT_USER,... and still the same result.
"Access to the Registry Key .... is denied

(It is my own machine, I have Admin rights....)
3 days wasted...trying to get something supposedly simple right, which
took
me all of 5 minutes in Delphi (and I've only had 3 months experience
there..!!)

and then I suppose this will all be revisited upon deploying it to the
Production Server.

Seriously Frustrated

SO... NOW WHERE TO ???

Heres the code..
'//I try and create the subkey "UCT-SPLUS" in HKEY_CURRENT_USER\Software

ie
Try
Dim f As New
RegistryPermission(RegistryPermissionAccess.AllAccess, _
"HKEY_CURRENT_USER\Software")
f.AddPathList(RegistryPermissionAccess.Write,
"HKEY_CURRENT_USER\Software\UCT-SPLUS")
f.Assert()

Dim subkey As RegistryKey =
Registry.CurrentUser.CreateSubKey("Software\UCT-SPLUS\DbPwd")
subkey.SetValue("DBPwd", sPwdValue)
Catch ER As Exception
Throw New Exception("Error writing to Registry : " &
ER.Message)
End Try


TIA
Neal
Click to expand...
 
Ok, then
where and/or how do I set this "IUSER_MACHINENAME" 's permissions.

or

If registry is such an issue, and web.config is no place to store a Password
(to a SQL dbase), having no real security...
is it possible to Write to the Web.config file from the application (read is
fine), and set the requisite appsettings key programmatically with the
encrypted password ??
and if it is possible, how do i do that, (i've been the route of encrypted
files and that currently seems the only and somewhat inelegant wat to do
it..also ..pathing and defaults per OS make that slightly problematic.

TIA



Neal said:
Ok, well not ok.
I tried it with HKEY _CURRENT_USER,... and still the same result.
"Access to the Registry Key .... is denied

(It is my own machine, I have Admin rights....)
3 days wasted...trying to get something supposedly simple right, which took
me all of 5 minutes in Delphi (and I've only had 3 months experience
there..!!)

and then I suppose this will all be revisited upon deploying it to the
Production Server.

Seriously Frustrated

SO... NOW WHERE TO ???

Heres the code..
'//I try and create the subkey "UCT-SPLUS" in HKEY_CURRENT_USER\Software

ie
Try
Dim f As New
RegistryPermission(RegistryPermissionAccess.AllAccess, _
"HKEY_CURRENT_USER\Software")
f.AddPathList(RegistryPermissionAccess.Write,
"HKEY_CURRENT_USER\Software\UCT-SPLUS")
f.Assert()

Dim subkey As RegistryKey =
Registry.CurrentUser.CreateSubKey("Software\UCT-SPLUS\DbPwd")
subkey.SetValue("DBPwd", sPwdValue)
Catch ER As Exception
Throw New Exception("Error writing to Registry : " & ER.Message)
End Try


TIA
Neal
Click to expand...
 
Neal said:
Ok, then
where and/or how do I set this "IUSER_MACHINENAME" 's permissions.
Click to expand...

If you open up the Registry Editor, navigate to the required key,
right-click and select "Permissions", it'll come up with the standard
Windows security editor.
or

If registry is such an issue, and web.config is no place to store a
Password
(to a SQL dbase), having no real security...
Click to expand...

The web.config is fine, as long as you encrypt the password.
is it possible to Write to the Web.config file from the application (read
is
fine), and set the requisite appsettings key programmatically with the
encrypted password ??
Click to expand...

No, again the IUSER_MACHINENAME does not have write access to web.config,
although it can read it using AppSettingsReader for example.
and if it is possible, how do i do that, (i've been the route of encrypted
files and that currently seems the only and somewhat inelegant wat to do
it..also ..pathing and defaults per OS make that slightly problematic.
Click to expand...

Have a look at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT07.asp.

Also, have you considered using Windows Authentication to your database?
This would free you from having to store the password, since the
IUSER_MACHINENAME would automatically be authenticated.
 
Thanks..!!

Sean Hederman said:
If you open up the Registry Editor, navigate to the required key,
right-click and select "Permissions", it'll come up with the standard
Windows security editor.


The web.config is fine, as long as you encrypt the password.


No, again the IUSER_MACHINENAME does not have write access to web.config,
although it can read it using AppSettingsReader for example.


Have a look at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT07.asp.

Also, have you considered using Windows Authentication to your database?
This would free you from having to store the password, since the
IUSER_MACHINENAME would automatically be authenticated.
Click to expand...
 
Back
Top