RE: "Requested registry access is not allowed." and performance co

Hi Luke.

I switched the aspnet_wp.exe user from ASPNET to administrator and re-tried
the code. There were no exceptions (i.e. no Win32Exception with message ==
"invalid handle").

There were also no ACCESS DENIED reported by regmon or filemon with the
aspnet_wp.exe user being ASPNET or administrator.

There are a few BUFFER OVERFLOW results from some of the performance counter
registry entries though, with either user.
--
http://www.peterRitchie.com/


"Peter Ritchie" wrote:

Hi Steven. Thanks for the reply. Had a server-down situation, so it took me
a couple of days to get back to this...

After some inspection with RegMon it would appear that the ASPNET account
also needs full control over HKLM\System\CurrentControlSet\Services. I tried
several advanced permissions options, like "this key only" and "Set Value"
and "Create Subkey"; but could only get it to work if I can the ASPNET
account full control over HKLM\System\CurrentControlSet\Services--which
doesn't give me a warm-and-fuzzy.

Doing that gets rid of the "Requested registry access is not allowed"
exception text. The process gets further, by creating the
Performance-counter--related sub-keys in
HKLM\System\CurrentControlSet\Services; but,
PerformanceCounterCategory.Create now raises a Win32Exception with Message
property equal to "The handle is invalid" or ErrorCode == 0x80004005.

--
http://www.peterRitchie.com/


"Steven Cheng[MSFT]" wrote:

Hi Peter,

Thank you for posting here.

From your description, you're dynamically creating
PerformanceCounter/Category in your ASP.NET webservice's code, however,
you're euncountering smoe security exception against the registry accessing
at runtime, correct?

Based on my experience, there does exists some issues regarding on the
ASP.NET idenitity doesn't have sufficient permission for accessing certain
registry entry. For your scenario, your ASP.NET application is running on
XP box, by default the ASP.NET process idenitity is the machine\ASPNET
account, however, I'm wondering whether you've used any other security
related setting in IIS or ASP.NET such as impersonation which could change
the default process idenitity of ASP.NET. You can verify this in your web
application, and here is a kb article introduce the ASP.NET process
identity:

#Process and request identity in ASP.NET
http://support.microsoft.com/?id=317012

Also, since the security exception is still complaining about the registry,
I suggest you use the regmon tool to trace the registry accessing failure,
this tool is very good at capturing reigstry access problem:

http://www.sysinternals.com/utilities/regmon.html

BTW, to help make the troubleshooting simplifed, I suggest you keep your
ASP.NET application running as "Fulltrust" mode(this is the default mode if
you haven't explicitly change the Trust level in your machine.config or
web.config).

Hope this helps.

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.



Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights
.

Relevant Pages

  • Re: Access denied. Program not recognizing administrator privileges.
    ... If the program is successful in creating the files it needs, I would run RegMon again, and watch for registry Writes, specifically, that fail. ... > user profile with administrator privileges apart from "Administrator" which ... If I was able to install the program, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: inactive title bar and font size
    ... >What to modify in the registry to change the font type and size for the ... >have administrator privileges. ... >settings don't remain when user logs on, I guess the registry needs to ... Find out what registry key is changed by using Regmon from ...
    (microsoft.public.windowsxp.network_web)
  • RE: SecurityException for registry access while opening SQL Connection
    ... It seems that it is a permission issue of the ASPNET account. ... 1.Add the account as a SQL Server Login. ... Registry Monitor logs all calls the to registry. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Services for netware 5.03 SP2
    ... As I meantioned I was troubleshooting with regmon to see if the correct keys ... In short the MigrateDirOnly registry option does not work. ... Set this value to 1 to migrate only the directory structure ... Microsoft Online Partner Support ...
    (microsoft.public.windows.server.migration)
  • Re: Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET
    ... Your code run's as "ASPNET" and uses ASPNET's access token when connecting ... > ManagementObject(new ManagementPath( ... > Shell Name Explorer.exe in Registry not found in process ...
    (microsoft.public.dotnet.languages.csharp)