|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Registry Permission AttributesI've got an app I need to modifiy that's written in C# VS2005/.NET 2.0 which is dsigned to ONLY run when the logged in user has administrator privileges. At one point it needs to delete a HKLM\Software\... registry value if it has, in fact, created it. So there is a method that deletes this registry key. The method has the following RegistryPermission attribute.... [RegistryPermissionAttribute(SecurityAction.PermitOnly, Read=@"HKEY_LOCAL_MACHINE\Software\My Company Name"] This all works just fine on WinXP, but throws an exception under WinVista Build: 5384 "Request for the permission of type 'System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKey Token=b77a5c561934e089' failed." Has something changed in WinVista that would be expected to cause this or is this a bug in WinVista and what can I do to work around it? I'm NOT allowed to move the setting to HKCU\Software\My Company Name" since other programs rely upon it being there and they will NOT be changing to run under WinVista. TIA, -- John C. Bowman Software Engineer Thermo Electron Scientific Instruments Div. <Remove this before reply> john.bow***@thermo.com Hi Again,
I forgot to mention the method in question also has the following attribute as well: [RegistryPermissionAttribute(SecurityAction.PermitOnly, Write=@"HKEY_LOCAL_MACHINE\Software\My Company Name"] So it expects to be able to bot h read and write to this location. John Show quoteHide quote "John Bowman john.bow***@thermo.com>" <<Remove this before reply> wrote in message news:OfBXE212GHA.1300@TK2MSFTNGP05.phx.gbl... > Hi All, > > I've got an app I need to modifiy that's written in C# VS2005/.NET 2.0 > which is dsigned to ONLY run when the logged in user has administrator > privileges. At one point it needs to delete a HKLM\Software\... registry > value if it has, in fact, created it. So there is a method that deletes > this registry key. The method has the following RegistryPermission > attribute.... > > [RegistryPermissionAttribute(SecurityAction.PermitOnly, > Read=@"HKEY_LOCAL_MACHINE\Software\My Company Name"] > > This all works just fine on WinXP, but throws an exception under WinVista > Build: 5384 > > "Request for the permission of type > 'System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, > Culture=neutral, PublicKey Token=b77a5c561934e089' failed." > > Has something changed in WinVista that would be expected to cause this or > is this a bug in WinVista and what can I do to work around it? I'm NOT > allowed to move the setting to HKCU\Software\My Company Name" since other > programs rely upon it being there and they will NOT be changing to run > under WinVista. > > TIA, > > -- > John C. Bowman > Software Engineer > Thermo Electron Scientific Instruments Div. > <Remove this before reply> john.bow***@thermo.com > Could you please provide the full exception details (including call stack
listing) as returned by the exception's ToString method? Also, is the problem occurring when your code attempts to read or write the registry value or at some other point? Show quoteHide quote "John Bowman john.bow***@thermo.com>" <<Remove this before reply> wrote in message news:OfBXE212GHA.1300@TK2MSFTNGP05.phx.gbl... > Hi All, > > I've got an app I need to modifiy that's written in C# VS2005/.NET 2.0 > which is dsigned to ONLY run when the logged in user has administrator > privileges. At one point it needs to delete a HKLM\Software\... registry > value if it has, in fact, created it. So there is a method that deletes > this registry key. The method has the following RegistryPermission > attribute.... > > [RegistryPermissionAttribute(SecurityAction.PermitOnly, > Read=@"HKEY_LOCAL_MACHINE\Software\My Company Name"] > > This all works just fine on WinXP, but throws an exception under WinVista > Build: 5384 > > "Request for the permission of type > 'System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, > Culture=neutral, PublicKey Token=b77a5c561934e089' failed." > > Has something changed in WinVista that would be expected to cause this or > is this a bug in WinVista and what can I do to work around it? I'm NOT > allowed to move the setting to HKCU\Software\My Company Name" since other > programs rely upon it being there and they will NOT be changing to run > under WinVista. > > TIA, > > -- > John C. Bowman > Software Engineer > Thermo Electron Scientific Instruments Div. > <Remove this before reply> john.bow***@thermo.com > Nicole,
Thanks for the response. As I said in my original post, the exception is ONLY thrown when the reg value is deleted under WinVsita, WinXP works fine, even though the user MUST be an administrator in order to run run the app at all. Furthermore, this app created the reg value. Reading is fine. It turns out I inadvertanly posted the wrong exception info. Here's the correct exception details: Details: Object reference not set to an instance of an object. StackTrace: at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args, Boolean synchronous) at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args) at BackgroundWinNM.CBackgroundWin.CompleteSelfDiscoveryCB(ApplicationException eApp) at BackgroundWinNM.CBackgroundWin.PerformSelfDiscovery(Object TargetSelfDiscovCompleteCB) at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) John Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:1B3F7F2C-9D8C-4AF4-89EB-8C38FB38C486@microsoft.com... > Could you please provide the full exception details (including call stack > listing) as returned by the exception's ToString method? Also, is the > problem occurring when your code attempts to read or write the registry > value or at some other point? > > > > "John Bowman john.bow***@thermo.com>" <<Remove this before reply> wrote in > message news:OfBXE212GHA.1300@TK2MSFTNGP05.phx.gbl... >> Hi All, >> >> I've got an app I need to modifiy that's written in C# VS2005/.NET 2.0 >> which is dsigned to ONLY run when the logged in user has administrator >> privileges. At one point it needs to delete a HKLM\Software\... registry >> value if it has, in fact, created it. So there is a method that deletes >> this registry key. The method has the following RegistryPermission >> attribute.... >> >> [RegistryPermissionAttribute(SecurityAction.PermitOnly, >> Read=@"HKEY_LOCAL_MACHINE\Software\My Company Name"] >> >> This all works just fine on WinXP, but throws an exception under WinVista >> Build: 5384 >> >> "Request for the permission of type >> 'System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, >> Culture=neutral, PublicKey Token=b77a5c561934e089' failed." >> >> Has something changed in WinVista that would be expected to cause this or >> is this a bug in WinVista and what can I do to work around it? I'm NOT >> allowed to move the setting to HKCU\Software\My Company Name" since other >> programs rely upon it being there and they will NOT be changing to run >> under WinVista. >> >> TIA, >> >> -- >> John C. Bowman >> Software Engineer >> Thermo Electron Scientific Instruments Div. >> <Remove this before reply> john.bow***@thermo.com >> > It sounds like a Windows Vista limited user (LUA) issue. Even though the
current user is an admin, you don't have all the admin SIDs and privileges in your token by default. This is more secure by default, as it prevents the administrator's account from getting hijacked by bad code, but it makes using the actual privileges of the admin account harder. That's probably why this is failing. In order for the app to actually run with the administrator privileges, I believe you need to create a manifest file for the app that will instruct it to run with the full token. There is an older article from Keith Brown here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/leastprivlh.asp and you'll probably find some additional resources that are newer with a few additional searches. Joe K. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "John Bowman john.bow***@thermo.com>" <<Remove this before reply> wrote in message news:uFjNu5x4GHA.5012@TK2MSFTNGP03.phx.gbl... > Nicole, > > Thanks for the response. As I said in my original post, the exception is > ONLY thrown when the reg value is deleted under WinVsita, WinXP works > fine, even though the user MUST be an administrator in order to run run > the app at all. Furthermore, this app created the reg value. Reading is > fine. It turns out I inadvertanly posted the wrong exception info. Here's > the correct exception details: > > Details: > Object reference not set to an instance of an object. > > StackTrace: > at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate > method, Object[] args, Boolean synchronous) > at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args) > at > BackgroundWinNM.CBackgroundWin.CompleteSelfDiscoveryCB(ApplicationException > eApp) > at BackgroundWinNM.CBackgroundWin.PerformSelfDiscovery(Object > TargetSelfDiscovCompleteCB) > at System.Threading.ThreadHelper.ThreadStart_Context(Object state) > at System.Threading.ExecutionContext.runTryCode(Object userData) > at > System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode > code, CleanupCode backoutCode, Object userData) > at System.Threading.ExecutionContext.RunInternal(ExecutionContext > executionContext, ContextCallback callback, Object state) > at System.Threading.ExecutionContext.Run(ExecutionContext > executionContext, ContextCallback callback, Object state) > at System.Threading.ThreadHelper.ThreadStart(Object obj) > > > John > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:1B3F7F2C-9D8C-4AF4-89EB-8C38FB38C486@microsoft.com... >> Could you please provide the full exception details (including call stack >> listing) as returned by the exception's ToString method? Also, is the >> problem occurring when your code attempts to read or write the registry >> value or at some other point? >> >> >> >> "John Bowman john.bow***@thermo.com>" <<Remove this before reply> wrote >> in message news:OfBXE212GHA.1300@TK2MSFTNGP05.phx.gbl... >>> Hi All, >>> >>> I've got an app I need to modifiy that's written in C# VS2005/.NET 2.0 >>> which is dsigned to ONLY run when the logged in user has administrator >>> privileges. At one point it needs to delete a HKLM\Software\... registry >>> value if it has, in fact, created it. So there is a method that deletes >>> this registry key. The method has the following RegistryPermission >>> attribute.... >>> >>> [RegistryPermissionAttribute(SecurityAction.PermitOnly, >>> Read=@"HKEY_LOCAL_MACHINE\Software\My Company Name"] >>> >>> This all works just fine on WinXP, but throws an exception under >>> WinVista Build: 5384 >>> >>> "Request for the permission of type >>> 'System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, >>> Culture=neutral, PublicKey Token=b77a5c561934e089' failed." >>> >>> Has something changed in WinVista that would be expected to cause this >>> or is this a bug in WinVista and what can I do to work around it? I'm >>> NOT allowed to move the setting to HKCU\Software\My Company Name" since >>> other programs rely upon it being there and they will NOT be changing to >>> run under WinVista. >>> >>> TIA, >>> >>> -- >>> John C. Bowman >>> Software Engineer >>> Thermo Electron Scientific Instruments Div. >>> <Remove this before reply> john.bow***@thermo.com >>> >> > > 
Other interesting topics
GET the real content of a .p7m file with CAPICOM
IIS 6.0 Bug? SecurityExcepion inside DLL linked in an HTML tag OBJECT Saving config file - System.UnauthorizedAccessException Active Directory User Creation Issues Remoting IPCChannel security with Service Data Acess aplication block __How to use it on server without Microsoft Visual Studio 2003 Help-Please!!! PKI in .net Program Events over remoting and security problem, related/not related, I don't know |
|||||||||||||||||||||||
