Re: Registry access from ASP.NET - correction

From: Phillip Higgins (phillip-higgins_at_lycos.com)
Date: 05/14/03


Date: Wed, 14 May 2003 03:01:51 -0700


Cheers Matjaz
Your help has been much apreciated.
>-----Original Message-----
>I was reffering you to a wrong link.
>http://msdn.microsoft.com/library/en-
us/dnnetsec/html/SecNetch08.asp?frame=true
>
>Matjaz Ladava
>
>"Matjaz Ladava" <matjaz@ladava.com> wrote in message
>news:eEmmxtYGDHA.2172@TK2MSFTNGP12.phx.gbl...
>> In web.config add entry <identity
impersonate="true" />, so that your
>> application will impersonate the caller (the user, that
is authenticated
>> trough IIS). If that user has rights to access registry
then you are fine.
>> Other possibility is, to use entry <identity
impersonate="true"
>> username=".." password="..." />. This will impersonate
specific user on
>your
>> machine. To use second option, you must grant aspnet
account tgiht Act as
>> part of operation system (.NET framework eliminates
that).
>> Other options are, to grant ASPNET account (which is
created when
>framework
>> is installed) access to registry, by changing
premissions on registry
>keys)
>> Final solution would be to change ASPNET in
machine.config in processModel
>> section to an account with more privileges.
>>
>> To end this post I would redirect you to
>>
>http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnnetsec/html/openhack.asp
>> to get some more info on this subject.
>>
>> Regards
>>
>> Matjaz Ladava
>>
>> "Phillip Higgins" <phillip-higgins@lycos.com> wrote in
message
>> news:022201c31989$aff37d90$a501280a@phx.gbl...
>> > Hi all,
>> > Thanks for your fast reply post Matjaz.
>> > The application is intranet based and thus security
is not
>> > a major issue. What I am really after is code examples
>> > which will allow me to access the registry without
>> > affecting the IIS configuration for the machine as a
>> > whole: our application will run alongside other 3rd
party
>> > apps. Can I use an appropriate entry in web.config?
Better
>> > yet would be code which allows this w/o impersonation
>> > since it would allow for a "cleaner" ie less manual -
>> > install.
>> > Any help much appreciated!
>> > Regards Phil
>> >
>> >
>> >
>> >
>> > >-----Original Message-----
>> > >asp.net app runs in the context of aspnet identity
which
>> > has restricted
>> > >access to the registy. You have to use different
identity
>> > for ASP.NET
>> > >process or impersonation (to imeprsonate the caller)
or
>> > impersonation with
>> > >fixed identity to do this.
>> > >Why do you wan't to give your ASP.net application the
>> > posibility to write to
>> > >registry ? This is dangerous thing to do from
security
>> > perspective. Is this
>> > >internet orintranet app ?
>> > >
>> > >Regards
>> > >
>> > >Matjaz Ladava
>> > >
>> > >"Phillip Higgins" <phillip-higgins@lycos.com> wrote
in
>> > message
>> > >news:078601c3190d$8ad4d8a0$a501280a@phx.gbl...
>> > >> Hello there,
>> > >> I am attempting to access the registry from an
asp.net
>> > >> application and am running up against security
problems.
>> > >> Specifically I am receiving a "no access error".
How
>> > can I
>> > >> access the registry using code level access? (ie
Editing
>> > >> config files is not an option). The documentation
seems
>> > >> pretty sketchy. Any code examples / links much
>> > appreciated.
>> > >> Regards
>> > >> Phillip Higgins
>> > >
>> > >
>> > >.
>> > >
>>
>>
>
>
>.
>