Security Exception when accessing the registry

Discussion in 'ASP .Net Security' started by Jason, Sep 6, 2006.

  1. Jason

    Jason Guest

    Hello everyone,

    I've got a security issue that I can't find a solution to and was hoping
    someone could point me in the right direction.

    I'm trying to open a registry key for read only access with
    Registry.LocalMachine.OpenSubKey but I'm getting this security exception
    "The application attempted to perform an operation not allowed by the
    security policy. To grant this application the required permission please
    contact your system administrator or change the application's trust level in
    the configuration file."

    I'm using ASPNet 2.0, Windows 2000 and IIS 5. The ASP.NET application
    requests no authentication, runs as ASPNET and the builtin group Users has
    read access to this key.

    I understand that ASPNet 2.0 web apps have full trust? Is this true? (Not
    in my case I suppose!) I haven't changed machine.config yet. The process
    model tag is
    <processModel autoConfig="true" />

    What should I be looking for to check the web app has the correct
    permissions please? I have used this with ASP.Net 1.1 and never had any
    security issues.

    Cheers for any help you can provide,

    Jason, Sep 6, 2006
    1. Advertisements

  2. Hi Jason,

    By default, ASP.NET 1.1 and 2.0 Web applications and Web services run with
    Full trust. It should work correctly if your web application is only
    requesting read-only access to the registry.

    I think your machine-level web.config might have changed the trust level
    from default "Full" to a lower level.

    If you need customized trust level to meet your specific requirement, you
    can refer to following MSDN library to create your own trust level:

    #How to: Use Code Access Security in ASP.NET 2.0

    I hope this helps. Please feel free to post here if anything is unclear.

    Walter Wang (, remove 'online.')
    Microsoft Online Community Support

    Get notification to my posts through email? Please refer to

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Walter Wang [MSFT], Sep 6, 2006
    1. Advertisements

  3. Jason

    Jason Guest

    Cheers Walter.

    I was looking in machine.config for the trusts but I should have been
    looking in web.config. I didn't relase that this had been added to the
    framework's system dir. When this project is over, I've got to take a
    proper look at security with .Net 2.

    Jason, Sep 6, 2006
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. HK
    Cowboy \(Gregory A. Beamer\)
    Apr 1, 2004
  2. Replies:
  3. Andre M. Maier
    Andre M. Maier
    Dec 3, 2003
  4. Leny
    Feb 1, 2005
  5. Collin Miller
    Roger Pack
    Jul 9, 2010

Share This Page