Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / September 2006

Tip: Looking for answers? Try searching our database.

Registry Permission Attributes

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
John Bowman - 18 Sep 2006 21:03 GMT
Hi All,

I've got an app I need to modifiy that's written in C# VS2005/.NET 2.0 which
is dsigned to ONLY run when the logged in user has administrator privileges.
At one point it needs to delete a HKLM\Software\... registry value if it
has, in fact, created it. So there is a method that deletes this registry
key. The method has the following RegistryPermission attribute....

[RegistryPermissionAttribute(SecurityAction.PermitOnly,
Read=@"HKEY_LOCAL_MACHINE\Software\My Company Name"]

This all works just fine on WinXP, but throws an exception under WinVista
Build: 5384

"Request for the permission of type
'System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKey Token=b77a5c561934e089' failed."

Has something changed in WinVista that would be expected to cause this or is
this a bug in WinVista and what can I do to work around it? I'm NOT allowed
to move the setting to HKCU\Software\My Company Name" since other programs
rely upon it being there and they will NOT be changing to run under
WinVista.

TIA,

Signature

John C. Bowman
Software Engineer
Thermo Electron Scientific Instruments Div.
<Remove this before reply> john.bowman@thermo.com

Reply to this Message
John Bowman - 18 Sep 2006 21:08 GMT
Hi Again,

I forgot to mention the method in question also has the following attribute
as well:

[RegistryPermissionAttribute(SecurityAction.PermitOnly,
Write=@"HKEY_LOCAL_MACHINE\Software\My Company Name"]

So it expects to be able to bot h read and write to this location.

John

> Hi All,
>
[quoted text clipped - 22 lines]
>
> TIA,
Reply to this Message
Nicole Calinoiu - 24 Sep 2006 23:49 GMT
Could you please provide the full exception details (including call stack
listing) as returned by the exception's ToString method?  Also, is the
problem occurring when your code attempts to read or write the registry
value or at some other point?

> Hi All,
>
[quoted text clipped - 22 lines]
>
> TIA,
Reply to this Message
John Bowman - 28 Sep 2006 17:52 GMT
Nicole,

Thanks for the response. As I said in my original post, the exception is
ONLY thrown when the reg value is deleted under WinVsita, WinXP works fine,
even though the user MUST be an administrator in order to run run the app at
all. Furthermore, this app created the reg value. Reading is fine. It turns
out I inadvertanly posted the wrong exception info. Here's the correct
exception details:

Details:
Object reference not set to an instance of an object.

StackTrace:
  at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate
method, Object[] args, Boolean synchronous)
  at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
  at
BackgroundWinNM.CBackgroundWin.CompleteSelfDiscoveryCB(ApplicationException
eApp)
  at BackgroundWinNM.CBackgroundWin.PerformSelfDiscovery(Object
TargetSelfDiscovCompleteCB)
  at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
  at System.Threading.ExecutionContext.runTryCode(Object userData)
  at
System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode
code, CleanupCode backoutCode, Object userData)
  at System.Threading.ExecutionContext.RunInternal(ExecutionContext
executionContext, ContextCallback callback, Object state)
  at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state)
  at System.Threading.ThreadHelper.ThreadStart(Object obj)

John

> Could you please provide the full exception details (including call stack
> listing) as returned by the exception's ToString method?  Also, is the
[quoted text clipped - 27 lines]
>>
>> TIA,
Reply to this Message
Joe Kaplan - 28 Sep 2006 22:46 GMT
It sounds like a Windows Vista limited user (LUA) issue.  Even though the
current user is an admin, you don't have all the admin SIDs and privileges
in your token by default.  This is more secure by default, as it prevents
the administrator's account from getting hijacked by bad code, but it makes
using the actual privileges of the admin account harder.  That's probably
why this is failing.

In order for the app to actually run with the administrator privileges, I
believe you need to create a manifest file for the app that will instruct it
to run with the full token.

There is an older article from Keith Brown here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/lea
stprivlh.asp

and you'll probably find some additional resources that are newer with a few
additional searches.

Joe K.

Signature

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

> Nicole,
>
[quoted text clipped - 61 lines]
>>>
>>> TIA,
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.