SecurityException with PerformanceCounter on remote server in .NET 2.0

G

Geoff McElhanon

I have been struggling with a security issue that occurs under .NET
2.0, but does not occur under .NET 1.1. Essentially I am trying to
open up a performance counter on a remote server and monitor its value.
In .NET 1.1 this worked fine, however under .NET 2.0 it fails when I
am not an administrator on the remote server.

To provide a lean demonstration of the issue, I created the following
class:

============================

using System;
using System.Diagnostics;
using System.Threading;

namespace ConsoleApplication3
{
class Class1
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main(string[] args)
{
try
{
string machineName = null;

// Was exactly 1 argument was passed?
if (args.Length != 1)
{
// Prompt for machine name
Console.Write("Please enter a machine name: ");
machineName = Console.ReadLine();
}
else
{
// Use command line argument
machineName = args[0];
}

// Get the performance counter
PerformanceCounter c = new PerformanceCounter("Processor", "%
Processor Time", "_Total", machineName);

// Display counter value once every second for 5 seconds
for (int i = 0; i < 5; i++)
{
Console.WriteLine(c.RawValue);
Thread.Sleep(1000);
}
}
catch (Exception ex)
{
Console.WriteLine("==============");
Console.WriteLine(ex);
Console.WriteLine("==============");
}
finally
{
Console.WriteLine();
Console.WriteLine("Hit ENTER to quit application.");
Console.ReadLine();
}
}
}
}

============================

I then created a batch file that compiles this file under both .NET 1.1
and .NET 2.0:

c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
/out:CounterTest11.exe /t:exe Class1.cs
c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
/out:CounterTest20.exe /t:exe Class1.cs


Now, when I run either version against a server on which I am an
administrator, I get the following output:
--------
C:\Projects\ConsoleApplication3>CounterTest20.exe
Please enter a machine name: speck
6708935078125
6708945000000
6708954921875
6708964609375
6708974687500

Hit ENTER to quit application.
--------

When I run the .NET 1.1 version against a server on which I am only a
member of the "Performance Monitoring" group, I get the following
results:
--------
C:\Projects\ConsoleApplication3>CounterTest11.exe
Please enter a machine name: bonnie
114549931445312
114549938945312
114549946445312
114549954023437
114549961523437

Hit ENTER to quit application.
--------

But when I run the .NET 2.0 version against the same server, I get the
following:
--------
C:\Projects\ConsoleApplication3>CounterTest20.exe
Please enter a machine name: bonnie
==============
System.Security.SecurityException: Requested registry access is not
allowed.
at System.ThrowHelper.ThrowSecurityException(ExceptionResource
resource)
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean
writable)
at Microsoft.Win32.RegistryKey.OpenSubKey(String name)
at
System.Diagnostics.PerformanceCounterLib.FindCustomCategory(String
categor
y, PerformanceCounterCategoryType& categoryType)
at System.Diagnostics.PerformanceCounterLib.GetCategoryType(String
machine, S
tring category)
at System.Diagnostics.PerformanceCounter.Initialize()
at System.Diagnostics.PerformanceCounter..ctor(String categoryName,
String co
unterName, String instanceName, String machineName)
at ConsoleApplication3.Class1.Main(String[] args)
The Zone of the assembly that failed was:
MyComputer
==============

Hit ENTER to quit application.

Now, I posted this earlier to another forum but the only suggestion was
that I was not running with Full Trust. I am launching the application
locally, and so I don't understand how I could not be running under
Full Trust. I poked around in the .NET 2.0 configuration tool, but
could not come up with any ideas.

Any insight into this problem would be very much appreciated!


Geoff McElhanon
 
W

Willy Denoyette [MVP]

V2 uses WMI to collect performance information from the remote perfmon
(through the remote registry), that means that the impersonated user
(remote) must be a member of the (remote)administrators alias, only
administrators are allowed to read perf data.

Willy.

|I have been struggling with a security issue that occurs under .NET
| 2.0, but does not occur under .NET 1.1. Essentially I am trying to
| open up a performance counter on a remote server and monitor its value.
| In .NET 1.1 this worked fine, however under .NET 2.0 it fails when I
| am not an administrator on the remote server.
|
| To provide a lean demonstration of the issue, I created the following
| class:
|
| ============================
|
| using System;
| using System.Diagnostics;
| using System.Threading;
|
| namespace ConsoleApplication3
| {
| class Class1
| {
| /// <summary>
| /// The main entry point for the application.
| /// </summary>
| [STAThread]
| static void Main(string[] args)
| {
| try
| {
| string machineName = null;
|
| // Was exactly 1 argument was passed?
| if (args.Length != 1)
| {
| // Prompt for machine name
| Console.Write("Please enter a machine name: ");
| machineName = Console.ReadLine();
| }
| else
| {
| // Use command line argument
| machineName = args[0];
| }
|
| // Get the performance counter
| PerformanceCounter c = new PerformanceCounter("Processor", "%
| Processor Time", "_Total", machineName);
|
| // Display counter value once every second for 5 seconds
| for (int i = 0; i < 5; i++)
| {
| Console.WriteLine(c.RawValue);
| Thread.Sleep(1000);
| }
| }
| catch (Exception ex)
| {
| Console.WriteLine("==============");
| Console.WriteLine(ex);
| Console.WriteLine("==============");
| }
| finally
| {
| Console.WriteLine();
| Console.WriteLine("Hit ENTER to quit application.");
| Console.ReadLine();
| }
| }
| }
| }
|
| ============================
|
| I then created a batch file that compiles this file under both .NET 1.1
| and .NET 2.0:
|
| c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
| /out:CounterTest11.exe /t:exe Class1.cs
| c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
| /out:CounterTest20.exe /t:exe Class1.cs
|
|
| Now, when I run either version against a server on which I am an
| administrator, I get the following output:
| --------
| C:\Projects\ConsoleApplication3>CounterTest20.exe
| Please enter a machine name: speck
| 6708935078125
| 6708945000000
| 6708954921875
| 6708964609375
| 6708974687500
|
| Hit ENTER to quit application.
| --------
|
| When I run the .NET 1.1 version against a server on which I am only a
| member of the "Performance Monitoring" group, I get the following
| results:
| --------
| C:\Projects\ConsoleApplication3>CounterTest11.exe
| Please enter a machine name: bonnie
| 114549931445312
| 114549938945312
| 114549946445312
| 114549954023437
| 114549961523437
|
| Hit ENTER to quit application.
| --------
|
| But when I run the .NET 2.0 version against the same server, I get the
| following:
| --------
| C:\Projects\ConsoleApplication3>CounterTest20.exe
| Please enter a machine name: bonnie
| ==============
| System.Security.SecurityException: Requested registry access is not
| allowed.
| at System.ThrowHelper.ThrowSecurityException(ExceptionResource
| resource)
| at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean
| writable)
| at Microsoft.Win32.RegistryKey.OpenSubKey(String name)
| at
| System.Diagnostics.PerformanceCounterLib.FindCustomCategory(String
| categor
| y, PerformanceCounterCategoryType& categoryType)
| at System.Diagnostics.PerformanceCounterLib.GetCategoryType(String
| machine, S
| tring category)
| at System.Diagnostics.PerformanceCounter.Initialize()
| at System.Diagnostics.PerformanceCounter..ctor(String categoryName,
| String co
| unterName, String instanceName, String machineName)
| at ConsoleApplication3.Class1.Main(String[] args)
| The Zone of the assembly that failed was:
| MyComputer
| ==============
|
| Hit ENTER to quit application.
|
| Now, I posted this earlier to another forum but the only suggestion was
| that I was not running with Full Trust. I am launching the application
| locally, and so I don't understand how I could not be running under
| Full Trust. I poked around in the .NET 2.0 configuration tool, but
| could not come up with any ideas.
|
| Any insight into this problem would be very much appreciated!
|
|
| Geoff McElhanon
|
 
W

Willy Denoyette [MVP]

I would never use the PerformanceCounter class to access remote systems when
not running in a domain realm, much better is to use System.Management
clases (WMI wrappers) to access management objects like performance
counters. Note that even in this case you need to enable remote access to
the WMI service namespace.
Willy.


| Thank you, oh bearer of bad news. :-(
|
| But seriously... thank you.
|
| Willy Denoyette [MVP] wrote:
| > V2 uses WMI to collect performance information from the remote perfmon
| > (through the remote registry), that means that the impersonated user
| > (remote) must be a member of the (remote)administrators alias, only
| > administrators are allowed to read perf data.
| >
| > Willy.
| >
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top