System.UnauthorizedAccessException upon registry change

[Guest]

Hi,

I am trying to create or modify a registry key and keep getting this error:
-------------
An unhandled exception of type 'System.UnauthorizedAccessException' occurred
in mscorlib.dll

Additional information: Cannot write to the registry key.
-------------

I have given the parent key all the permissions and on the CAS side I have
given the assembly (and all those assemblies signed with my key pair) full
trust.
Still, I can't do it.

This is my first time with security...

 

[Steven Cheng[MSFT]]

Hi Juan,

As for the problem you mentioned, I'd like to confirm the following things
on your application:
1. Are you trying to create/write eventlog via the registry api?

2. Is the program you're building a winform program or asp.net web
application?

There is some unknown issues on creating/editing eventlog registry in .net
program, not sure wheher your problem is caused by that. Also, if you feel
it conventient that provide some detailed code snippet here, that'll also
be more helpful. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Guest]

It is a console application trying to modify the registry, the exact code
follows:

-----------
private const string ProgIdValue = "SYMIX.Session";
private const string VersionDependentProgId = "SYMIX.Session.1";
private const string CLSID = "{B37F5B46-4360-11D3-B1B5-00C04FF4834A}";
private const string CLSIDKey = "CLSID\\" + CLSID;
private const string ProdId = "ProgId";
private const string TypeLib = "TypeLib";

// relevant subkeys
private const string ManagedProgId = "SessionMgrLibNET.SessionManager";
private const string ManagedTypeLibPath = "TypeLib\\" + CLSID;


public void RegisterClass()
{
string path = Registry.ClassesRoot.Name + "\\" + CLSIDKey;

Console.WriteLine( "Name {0}, IsAuthenticated
{1}",Thread.CurrentPrincipal.Identity.Name,
Thread.CurrentPrincipal.Identity.IsAuthenticated);

RegistryKey key = Registry.ClassesRoot.OpenSubKey( CLSIDKey );

RegistryPermission perm = new RegistryPermission(
RegistryPermissionAccess.AllAccess, key.Name );
perm.AddPathList( RegistryPermissionAccess.Create, key.Name +
"\\TypeLibJD");
//perm.Assert();
string[] subKeys = key.GetSubKeyNames();
if( Array.IndexOf( subKeys, TypeLib ) >= -1)
{
RegistryKey typeLibKey = key.CreateSubKey( "\\TypeLibJD" );//TypeLib );
typeLibKey.SetValue( string.Empty, CLSID );
}
object val = key.GetValue( string.Empty );
key.SetValue( string.Empty, ManagedProgId );
RegistryKey subKey = key.OpenSubKey( ProdId );
val = subKey.GetValue( string.Empty );
subKey.SetValue( string.Empty, ManagedProgId );

}

 

[Steven Cheng[MSFT]]

Hi Juan,

Thanks for your followup and the detailed code. Is the exception occured
right at the following line:
if( Array.IndexOf( subKeys, TypeLib ) >= -1)
{
RegistryKey typeLibKey = key.CreateSubKey(



when you trying to create the "TypeLibJD" sub key? Also, are you logon the
machien as an Administrator user or any other account? Anyway, I'll also
do some tests on my side and will update you my results. If you have any
other findings, please also feel free to post here. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Guest]

Hi Steven,

Thanks for this help. In fact, yes, I get the exception in the line you ask
and also in this other line:

subKey.SetValue( string.Empty, ManagedProgId );

I am logon as an administrator of the domain. In fact the following code:

-----------
WindowsPrincipal wp=new WindowsPrincipal( WindowsIdentity.GetCurrent());
Console.WriteLine( "Name {0}, IsAuthenticated {1}",wp.Identity.Name,
wp.Identity.IsAuthenticated);
------------

displays Name DENTDEVELOPMENT\JuanDent, IsAuthenticated True.

I have given permission to this user to have full control to the upper level
registry keys using regedt32, to no avail.

Does this help you find the answer?

Thanks,
Juan Dent

 

[Steven Cheng[MSFT]]

Hi Juan,

Before I update you my test result, one thing you can still have a check
is whether the
"Replace permission entries on all child objects with entries shown here
that apply to child objects" option in the registry entry's advanced
permission setting is checked. IF not, you can check it so that all the sub
entries will also apply the Full permission as you set on the parent key.
Thanks.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Steven Cheng[MSFT]]

Hi Juan,

After some tests, I think the problem is likely due to the

RegistryKey key = Registry.ClassesRoot.OpenSubKey( CLSIDKey );

line, when we need to do write/modify on the key/subkey, we need to use its
override version

public RegistryKey OpenSubKey(
string name,
bool writable
);

the second param specify whether it is writable.

#RegistryKey.OpenSubKey Method (String, Boolean)
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfmicrosoftwin32regist
rykeyclassopensubkeytopic2.asp?frame=true

So you can try use this to open the certain registrykey and create sub key.
Hope helps. Thanks.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Guest]

Thank you very much Steven, you hit the target! I can now modify the registry.
Thanks!!
Juan Dent

 

[Steven Cheng[MSFT]]

You're welcome Juan,

I'm glad that my suggestions are of assistance. Also, feel free to post
here when you need help
Have a good day!

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)