ASP.NET and COM registry access denied

Discussion in 'ASP .Net Security' started by Bill, Jul 13, 2004.

  1. Bill

    Bill Guest

    I've seen many posts on the web about this topic, and I still haven't
    found an answer that works for me. I have an ASP.NET page written in
    C# that instantiates a COM object that attempts to access a registry
    key. The object fails, but it is a third party component and all the
    vendor can tell me is to "make sure there are no security restrictions
    on the registry" and they gave me a registry key. I've given the
    aspnet account access to this key by using regedt32. Additionally, my
    web.config file is set to Forms authentication, IIS is set to use
    Anonymous Access, and the <processmodel> username in machine.config is
    set to "machine". I can get it to work by setting the username in the
    machine.config file to "system", but I've been told that doing so
    opens a major security hole. This is a public web application so using
    a Windows account is not an option. Does anyone have any ideas on how
    I can get this working?

    Thanks. I appreciate the help.
    Bill, Jul 13, 2004
    #1
    1. Advertising

  2. Bill

    John Sivilla Guest

    If you are using a COM component, you can set a specific user account as its identity. You can then give this user access to the registry key. To set the identity you can either do it programmatically in your code, but since it is a third party component you can set the identity in the Component Services snap-in in the MMC. Just right click the component's package and choose the identity tab to get there.

    hope this helps,
    John

    "Bill" wrote:

    > I've seen many posts on the web about this topic, and I still haven't
    > found an answer that works for me. I have an ASP.NET page written in
    > C# that instantiates a COM object that attempts to access a registry
    > key. The object fails, but it is a third party component and all the
    > vendor can tell me is to "make sure there are no security restrictions
    > on the registry" and they gave me a registry key. I've given the
    > aspnet account access to this key by using regedt32. Additionally, my
    > web.config file is set to Forms authentication, IIS is set to use
    > Anonymous Access, and the <processmodel> username in machine.config is
    > set to "machine". I can get it to work by setting the username in the
    > machine.config file to "system", but I've been told that doing so
    > opens a major security hole. This is a public web application so using
    > a Windows account is not an option. Does anyone have any ideas on how
    > I can get this working?
    >
    > Thanks. I appreciate the help.
    >
    John Sivilla, Jul 14, 2004
    #2
    1. Advertising

  3. Bill

    Bill Shipman Guest

    Thanks for your quick response.

    I looked in Component Services, but the third party tool isn't there.
    It's possible that it isn't a COM object, and it is only a regular dll
    assembly. In this case, is there a similar way of doing this?



    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Bill Shipman, Jul 14, 2004
    #3
  4. Bill

    John Sivilla Guest

    Hi Bill,

    In that case, if you are calling the component from an asp.net application is it running with whatever identity the asp.net application is running. If you say that user has access to the registry key, and it is still not working, then there is some kind of access denied error occuring somewhere on your system, which may or may not be related to the registry key.

    When I get these kinds of problems, I use a utility that has saved me countless hours or debug time. It is called Filemon and it lists all accesses in real time. If there is a access denied error it will log it for you with all the info you need to correct the problem. The best thing about it is that it is free. Go to http://www.sysinternals.com and search for the latest version of Filemon, install it, and run it and try to find out where exactly the access problem occurrs.

    hope this will help you,
    John


    "Bill Shipman" wrote:

    > Thanks for your quick response.
    >
    > I looked in Component Services, but the third party tool isn't there.
    > It's possible that it isn't a COM object, and it is only a regular dll
    > assembly. In this case, is there a similar way of doing this?
    >
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    > Don't just participate in USENET...get rewarded for it!
    >
    John Sivilla, Jul 15, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrea Mondello

    access to system registry denied

    Andrea Mondello, Jul 1, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    498
    Kairi Zikpin
    Jul 1, 2003
  2. HK
    Replies:
    1
    Views:
    3,602
    Cowboy \(Gregory A. Beamer\)
    Apr 1, 2004
  3. Jenna
    Replies:
    2
    Views:
    4,174
    Jenna
    Jul 27, 2004
  4. Dominick Baier [DevelopMentor]

    Access to the registry key HKEY_CLASSES_ROOT\EntSrvcTest1_direct.Global is denied

    Dominick Baier [DevelopMentor], Sep 15, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    718
    Dominick Baier [DevelopMentor]
    Sep 15, 2005
  5. Adrian Dev
    Replies:
    0
    Views:
    227
    Adrian Dev
    May 21, 2006
Loading...

Share This Page