"Requested registry access is not allowed" and Web Service call

Discussion in 'ASP .Net Security' started by Clint, Dec 13, 2004.

  1. Clint

    Clint Guest

    Hey all -

    I'm having a really confusing problem concerning a web service. Right
    now, I have an application that needs to call a web service that does
    nothing but return "true" (this will obviously change once the
    program's fully built to actually do something, but for testing, it
    works).

    The only code I added to the service is below:
    [WebMethod (EnableSession=true)]
    public bool PerformHandshake(string hashedValue)
    {
    return true;
    }

    Whenever this method is called from my desktop app (running as me, a
    local admin), it works fine. When I call the web service as a
    restricted account (by impersonating using
    System.Security.Principal.WindowsIdentity.Impersonate()), I get the
    following large exception:

    General Information
    *****
    Additional Info:
    ExceptionManager.MachineName: <<My machine name>>
    ExceptionManager.TimeStamp: 12/13/2004 9:44:23 AM
    ExceptionManager.FullName:
    Microsoft.ApplicationBlocks.ExceptionManagement,
    Version=1.0.1760.29811, Culture=neutral, PublicKeyToken=null
    ExceptionManager.AppDomainName: Journals.exe
    ExceptionManager.ThreadIdentity:
    ExceptionManager.WindowsIdentity: <<correct domain\correct user
    account>>

    1) Exception Information
    *****
    Exception Type: System.Configuration.ConfigurationException
    Message: Exception in configuration section handler
    (c:\windows\microsoft.net\framework\v1.1.4322\Config\machine.config
    line 74)
    BareMessage: Exception in configuration section handler
    Filename:
    c:\windows\microsoft.net\framework\v1.1.4322\Config\machine.config
    Line: 74
    TargetSite: System.Object
    EvaluateRecursive(System.Configuration.IConfigurationSectionHandler,
    System.Object, System.String[], Int32, System.Xml.XmlTextReader)
    HelpLink: NULL
    Source: System

    StackTrace Information
    *****
    at
    System.Configuration.ConfigurationRecord.EvaluateRecursive(IConfigurationSectionHandler
    factory, Object config, String[] keys, Int32 iKey, XmlTextReader
    reader)
    at
    System.Configuration.ConfigurationRecord.EvaluateRecursive(IConfigurationSectionHandler
    factory, Object config, String[] keys, Int32 iKey, XmlTextReader
    reader)
    at System.Configuration.ConfigurationRecord.Evaluate(String
    configKey)
    at System.Configuration.ConfigurationRecord.ResolveConfig(String
    configKey)
    at System.Configuration.ConfigurationRecord.GetConfig(String
    configKey)
    at System.Configuration.ConfigurationRecord.ResolveConfig(String
    configKey)
    at System.Configuration.ConfigurationRecord.GetConfig(String
    configKey)
    at
    System.Configuration.DefaultConfigurationSystem.System.Configuration.IConfigurationSystem.GetConfig(String
    configKey)
    at System.Configuration.ConfigurationSettings.GetConfig(String
    sectionName)
    at System.Net.GlobalProxySelection.get_SelectInternal()
    at System.Net.HttpWebRequest..ctor(Uri uri)
    at System.Net.HttpRequestCreator.Create(Uri Uri)
    at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
    at System.Net.WebRequest.Create(Uri requestUri)
    at System.Web.Services.Protocols.WebClientProtocol.GetWebRequest(Uri
    uri)
    at
    System.Web.Services.Protocols.HttpWebClientProtocol.GetWebRequest(Uri
    uri)
    at
    System.Web.Services.Protocols.SoapHttpClientProtocol.GetWebRequest(Uri
    uri)
    at
    System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
    methodName, Object[] parameters)
    at Journals.BAL.<svr>.FSConnect.PerformHandshake(String hashedValue)
    in C:\Visual Studio Projects\C# Projects\Journal Automation
    System\Journals.BAL\Web References\<svr>\Reference.cs:line 38
    at Journals.BAL.Posting.PostJournalSet(Int32 JournalSet_ID, String
    NewOwnerUserName, String Comment) in c:\visual studio projects\c#
    projects\journal automation system\journals.bal2\posting.cs:line 298
    at Journals.Common.Posting.transfer_TransferOk(Object sender,
    TransferOkEventArgs e) in c:\visual studio projects\c# projects\journal
    automation system\journals\common\posting.cs:line 174
    at Journals.frmTransferOwnership.OnTransferOk(TransferOkEventArgs e)
    in c:\visual studio projects\c# projects\journal automation
    system\journals\forms\frmtransferownership.cs:line 46
    at Journals.frmTransferOwnership.btnSend_Click(Object sender,
    EventArgs e) in c:\visual studio projects\c# projects\journal
    automation system\journals\forms\frmtransferownership.cs:line 276
    at System.Windows.Forms.Control.OnClick(EventArgs e)
    at System.Windows.Forms.Button.OnClick(EventArgs e)
    at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
    at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons
    button, Int32 clicks)
    at System.Windows.Forms.Control.WndProc(Message& m)
    at System.Windows.Forms.ButtonBase.WndProc(Message& m)
    at System.Windows.Forms.Button.WndProc(Message& m)
    at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
    at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
    at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32
    msg, IntPtr wparam, IntPtr lparam)

    2) Exception Information
    *****
    Exception Type: System.Security.SecurityException
    PermissionType: NULL
    PermissionState: NULL
    GrantedSet: NULL
    RefusedSet: NULL
    Message: Requested registry access is not allowed.
    TargetSite: Microsoft.Win32.RegistryKey OpenSubKey(System.String,
    Boolean)
    HelpLink: NULL
    Source: mscorlib

    StackTrace Information
    *****
    at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean
    writable)
    at Microsoft.Win32.RegistryKey.OpenSubKey(String name)
    at System.Net.ProxyRegBlob.ReadRegSettings()
    at System.Net.ProxyRegBlob.ReadRegSettings()
    at System.Net.ProxyRegBlob.GetIEProxy()
    at System.Net.Configuration.DefaultProxyHandler.Create(Object
    parent, Object configContext, XmlNode section)
    at
    System.Configuration.ConfigurationRecord.EvaluateRecursive(IConfigurationSectionHandler
    factory, Object config, String[] keys, Int32 iKey, XmlTextReader
    reader)

    **************************************************************

    Now, the exception that stands out is the Registry exception ... but
    nowhere in my application am I accessing the registry.

    Does anyone have any ideas as to what might be happening, and how to
    resolve it?

    Thanks!
    Clint
     
    Clint, Dec 13, 2004
    #1
    1. Advertising

  2. Clint,

    Take a look at the following key in your machine.config file:
    configuration\system.net\defaultProxy\proxy. It is most likely set to use
    the system default proxy. If this is the case, the proxy settings will be
    read out of the following registry key:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings\Connections.

    When you impersonate, the HKCU hive will not be populated with the data for
    the impersonated user. Instead, the hive remains as previously populated
    for the logged on user. In your case, the impersonated user would appear
    not to have permissions to read the necessary subkey from HKCU.

    You should not need to modify your machine.config file in order to work
    around the problem. Instead, you should be able to override the
    defaultProxy setting via your application's config file.

    HTH,
    Nicole



    "Clint" <> wrote in message
    news:...
    > Hey all -
    >
    > I'm having a really confusing problem concerning a web service. Right
    > now, I have an application that needs to call a web service that does
    > nothing but return "true" (this will obviously change once the
    > program's fully built to actually do something, but for testing, it
    > works).
    >
    > The only code I added to the service is below:
    > [WebMethod (EnableSession=true)]
    > public bool PerformHandshake(string hashedValue)
    > {
    > return true;
    > }
    >
    > Whenever this method is called from my desktop app (running as me, a
    > local admin), it works fine. When I call the web service as a
    > restricted account (by impersonating using
    > System.Security.Principal.WindowsIdentity.Impersonate()), I get the
    > following large exception:
    >
    > General Information
    > *****
    > Additional Info:
    > ExceptionManager.MachineName: <<My machine name>>
    > ExceptionManager.TimeStamp: 12/13/2004 9:44:23 AM
    > ExceptionManager.FullName:
    > Microsoft.ApplicationBlocks.ExceptionManagement,
    > Version=1.0.1760.29811, Culture=neutral, PublicKeyToken=null
    > ExceptionManager.AppDomainName: Journals.exe
    > ExceptionManager.ThreadIdentity:
    > ExceptionManager.WindowsIdentity: <<correct domain\correct user
    > account>>
    >
    > 1) Exception Information
    > *****
    > Exception Type: System.Configuration.ConfigurationException
    > Message: Exception in configuration section handler
    > (c:\windows\microsoft.net\framework\v1.1.4322\Config\machine.config
    > line 74)
    > BareMessage: Exception in configuration section handler
    > Filename:
    > c:\windows\microsoft.net\framework\v1.1.4322\Config\machine.config
    > Line: 74
    > TargetSite: System.Object
    > EvaluateRecursive(System.Configuration.IConfigurationSectionHandler,
    > System.Object, System.String[], Int32, System.Xml.XmlTextReader)
    > HelpLink: NULL
    > Source: System
    >
    > StackTrace Information
    > *****
    > at
    > System.Configuration.ConfigurationRecord.EvaluateRecursive(IConfigurationSectionHandler
    > factory, Object config, String[] keys, Int32 iKey, XmlTextReader
    > reader)
    > at
    > System.Configuration.ConfigurationRecord.EvaluateRecursive(IConfigurationSectionHandler
    > factory, Object config, String[] keys, Int32 iKey, XmlTextReader
    > reader)
    > at System.Configuration.ConfigurationRecord.Evaluate(String
    > configKey)
    > at System.Configuration.ConfigurationRecord.ResolveConfig(String
    > configKey)
    > at System.Configuration.ConfigurationRecord.GetConfig(String
    > configKey)
    > at System.Configuration.ConfigurationRecord.ResolveConfig(String
    > configKey)
    > at System.Configuration.ConfigurationRecord.GetConfig(String
    > configKey)
    > at
    > System.Configuration.DefaultConfigurationSystem.System.Configuration.IConfigurationSystem.GetConfig(String
    > configKey)
    > at System.Configuration.ConfigurationSettings.GetConfig(String
    > sectionName)
    > at System.Net.GlobalProxySelection.get_SelectInternal()
    > at System.Net.HttpWebRequest..ctor(Uri uri)
    > at System.Net.HttpRequestCreator.Create(Uri Uri)
    > at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase)
    > at System.Net.WebRequest.Create(Uri requestUri)
    > at System.Web.Services.Protocols.WebClientProtocol.GetWebRequest(Uri
    > uri)
    > at
    > System.Web.Services.Protocols.HttpWebClientProtocol.GetWebRequest(Uri
    > uri)
    > at
    > System.Web.Services.Protocols.SoapHttpClientProtocol.GetWebRequest(Uri
    > uri)
    > at
    > System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
    > methodName, Object[] parameters)
    > at Journals.BAL.<svr>.FSConnect.PerformHandshake(String hashedValue)
    > in C:\Visual Studio Projects\C# Projects\Journal Automation
    > System\Journals.BAL\Web References\<svr>\Reference.cs:line 38
    > at Journals.BAL.Posting.PostJournalSet(Int32 JournalSet_ID, String
    > NewOwnerUserName, String Comment) in c:\visual studio projects\c#
    > projects\journal automation system\journals.bal2\posting.cs:line 298
    > at Journals.Common.Posting.transfer_TransferOk(Object sender,
    > TransferOkEventArgs e) in c:\visual studio projects\c# projects\journal
    > automation system\journals\common\posting.cs:line 174
    > at Journals.frmTransferOwnership.OnTransferOk(TransferOkEventArgs e)
    > in c:\visual studio projects\c# projects\journal automation
    > system\journals\forms\frmtransferownership.cs:line 46
    > at Journals.frmTransferOwnership.btnSend_Click(Object sender,
    > EventArgs e) in c:\visual studio projects\c# projects\journal
    > automation system\journals\forms\frmtransferownership.cs:line 276
    > at System.Windows.Forms.Control.OnClick(EventArgs e)
    > at System.Windows.Forms.Button.OnClick(EventArgs e)
    > at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
    > at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons
    > button, Int32 clicks)
    > at System.Windows.Forms.Control.WndProc(Message& m)
    > at System.Windows.Forms.ButtonBase.WndProc(Message& m)
    > at System.Windows.Forms.Button.WndProc(Message& m)
    > at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
    > at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
    > at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32
    > msg, IntPtr wparam, IntPtr lparam)
    >
    > 2) Exception Information
    > *****
    > Exception Type: System.Security.SecurityException
    > PermissionType: NULL
    > PermissionState: NULL
    > GrantedSet: NULL
    > RefusedSet: NULL
    > Message: Requested registry access is not allowed.
    > TargetSite: Microsoft.Win32.RegistryKey OpenSubKey(System.String,
    > Boolean)
    > HelpLink: NULL
    > Source: mscorlib
    >
    > StackTrace Information
    > *****
    > at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean
    > writable)
    > at Microsoft.Win32.RegistryKey.OpenSubKey(String name)
    > at System.Net.ProxyRegBlob.ReadRegSettings()
    > at System.Net.ProxyRegBlob.ReadRegSettings()
    > at System.Net.ProxyRegBlob.GetIEProxy()
    > at System.Net.Configuration.DefaultProxyHandler.Create(Object
    > parent, Object configContext, XmlNode section)
    > at
    > System.Configuration.ConfigurationRecord.EvaluateRecursive(IConfigurationSectionHandler
    > factory, Object config, String[] keys, Int32 iKey, XmlTextReader
    > reader)
    >
    > **************************************************************
    >
    > Now, the exception that stands out is the Registry exception ... but
    > nowhere in my application am I accessing the registry.
    >
    > Does anyone have any ideas as to what might be happening, and how to
    > resolve it?
    >
    > Thanks!
    > Clint
    >
     
    Nicole Calinoiu, Dec 14, 2004
    #2
    1. Advertising

  3. Clint

    Clint Guest

    Hi Nicole -

    That sounds exactly like whats going on. I added the following to my
    App.config file:

    <configuration>
    <system.net>
    <defaultProxy>
    <proxy
    usesystemdefault="false"
    proxyaddress="http://proxyserver:80"
    bypassonlocal="true"
    />
    </defaultProxy>
    </system.net>
    </configuration>

    And still managed to get the same error. Now, I know
    http://proxyserver:80 won't work as it doesn't exist, but I figured a
    separate message would've appeared. It almost seems as if the new
    settings aren't overriding those in Machine.config.
    Any ideas?
    Thanks!
    Clint
     
    Clint, Dec 14, 2004
    #3
  4. Clint

    Clint Guest

    Hi Nicole -

    That sounds exactly like whats going on. I added the following to my
    App.config file:

    <configuration>
    <system.net>
    <defaultProxy>
    <proxy
    usesystemdefault="false"
    proxyaddress="http://proxyserver:80"
    bypassonlocal="true"
    />
    </defaultProxy>
    </system.net>
    </configuration>

    And still managed to get the same error. Now, I know
    http://proxyserver:80 won't work as it doesn't exist, but I figured a
    separate message would've appeared. It almost seems as if the new
    settings aren't overriding those in Machine.config.
    Any ideas?
    Thanks!
    Clint
     
    Clint, Dec 15, 2004
    #4
  5. If overriding via app.config isn't working, you might want to try "manually"
    setting the Proxy property of the HttpWebRequest that is used to call the
    web service. According to the docs, reading of the proxy settings from the
    config file will only occur for an HttpWebRequest that has not yet had its
    Proxy property set when submission of the request is first attempted.

    HTH,
    Nicole


    "Clint" <> wrote in message
    news:...
    > Hi Nicole -
    >
    > That sounds exactly like whats going on. I added the following to my
    > App.config file:
    >
    > <configuration>
    > <system.net>
    > <defaultProxy>
    > <proxy
    > usesystemdefault="false"
    > proxyaddress="http://proxyserver:80"
    > bypassonlocal="true"
    > />
    > </defaultProxy>
    > </system.net>
    > </configuration>
    >
    > And still managed to get the same error. Now, I know
    > http://proxyserver:80 won't work as it doesn't exist, but I figured a
    > separate message would've appeared. It almost seems as if the new
    > settings aren't overriding those in Machine.config.
    > Any ideas?
    > Thanks!
    > Clint
    >
     
    Nicole Calinoiu, Dec 15, 2004
    #5
  6. Clint

    Clint Guest

    I think I'm doing something wrong in that I tried setting the Proxy
    right after creating a new instance of my service:

    ws = new HashTest.iisvm03.Service1();
    ws.Proxy = new System.Net.WebProxy("http://foo:80", true);
    ws.CookieContainer = new System.Net.CookieContainer();
    ws.Credentials = System.Net.CredentialCache.DefaultCredentials;

    With no success - still trying to read from the registry. I did find a
    work-around, though, in that I'm not always impersonating a user in the
    application, only on remote calls. So, when my calling class fires up,
    it isn't impersonating, and I can set a private proxy field in the
    constructor and use it as needed when I do my calls. That, oddly
    enough, seems to work.

    I have no problem going that route, I'm more curious now as to what I
    was doing wrong for future reference. Either way - thanks again for
    helping me out - this has been bugging me for a while!

    Clint
     
    Clint, Dec 15, 2004
    #6
  7. That's the wrong Proxy property. The web service wrapper class generated
    for use in the client application inherits from
    System.Web.Services.Protocols.WebClientProtocol, even if not directly. You
    would need to override its virtual GetWebRequest method to set the value of
    the Proxy property for the HttpWebRequest used by the wrapper.
    Unfortunately, this change would be undone every time the auto-generated
    wrapper class is regenerated. If you have an acceptable workaround that
    doesn't compromise the security of your system, it would probably be best to
    use it.

    HTH,
    Nicole


    "Clint" <> wrote in message
    news:...
    >I think I'm doing something wrong in that I tried setting the Proxy
    > right after creating a new instance of my service:
    >
    > ws = new HashTest.iisvm03.Service1();
    > ws.Proxy = new System.Net.WebProxy("http://foo:80", true);
    > ws.CookieContainer = new System.Net.CookieContainer();
    > ws.Credentials = System.Net.CredentialCache.DefaultCredentials;
    >
    > With no success - still trying to read from the registry. I did find a
    > work-around, though, in that I'm not always impersonating a user in the
    > application, only on remote calls. So, when my calling class fires up,
    > it isn't impersonating, and I can set a private proxy field in the
    > constructor and use it as needed when I do my calls. That, oddly
    > enough, seems to work.
    >
    > I have no problem going that route, I'm more curious now as to what I
    > was doing wrong for future reference. Either way - thanks again for
    > helping me out - this has been bugging me for a while!
    >
    > Clint
    >
     
    Nicole Calinoiu, Dec 15, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gary
    Replies:
    2
    Views:
    1,267
    Jeffrey Tan[MSFT]
    Jan 17, 2004
  2. HK
    Replies:
    1
    Views:
    3,649
    Cowboy \(Gregory A. Beamer\)
    Apr 1, 2004
  3. Kovan A.
    Replies:
    0
    Views:
    1,003
    Kovan A.
    May 31, 2004
  4. =?Utf-8?B?Sm9zaCBGbGFuYWdhbg==?=

    Requested registry access is not allowed.

    =?Utf-8?B?Sm9zaCBGbGFuYWdhbg==?=, Oct 21, 2004, in forum: ASP .Net
    Replies:
    11
    Views:
    8,794
    Alex Drougov
    Nov 5, 2004
  5. Ray5531
    Replies:
    2
    Views:
    6,906
    Ray5531
    May 19, 2005
Loading...

Share This Page