tags:

views:

86

answers:

2
Q: 

How does RegistryPermission works?

I am trying to check if I have write access to a specific key in the registry before displaying a form that allow the user to change some settings that are written in that key.

code sanitized for clarity

public bool CanWrite()
{
    string key = @"HKEY_LOCAL_MACHINE\SOFTWARE\MyHaccpPlan, Inc.\2.0";

    try
    {
        RegistryPermission permission = new RegistryPermission(RegistryPermissionAccess.Write, key);
        permission.Demand();
        return true;
    }
    catch(SecurityException)
    {
        return false;
    }
}

I am running the application using a user that has read access only. The problem is that this function return true, even if the user don't have write access.

Later, a call like

Registry.SetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\MyHaccpPlan, Inc.\2.0", "Language", "fr-CA");

will fail with UnauthorizedAccessException.

How do I properly check for registry rights before attempting to write to it?

Edit

I don't want the current user to be able to write there. I want to use this registry entry as a flag that a feature in the software should be disabled. But if the user is an administrator, I want the software to allow the feature. The goal is that a network administrator could be able to preset the settings and that the users will be unable to change them.

But beside actually writing and waiting for it to crash, I want to check the security using the permission system offered in .NET if that is possible.

A: 

mmm you can try using a tool like Lutz Roeder's Reflector for viewing the content of the Registry.SetValue Method.

Looking a bit to it, it seems to do it with next line of code:

new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
Jhonny D. Cano -Leftware-  2009-08-31 18:50:01
This check is only made if the key is a remote key.
Pierre-Alain Vigeant  2009-08-31 19:10:35
A: 

You shouldn't rely on .NET code access security for managing access control to the registry; let alone should you have explicit checks in your code. With that approach, the user can still use the registry editor and bypass all your access checks.

Instead, you should use proper ACLs to restrict what users can write to a key.

If you want to test at run-time whether you have access to a key, you should try to open the key for writing, and catch SecurityException (in which case the user running the application has no permission to modify the key).

Martin v. Löwis  2009-08-31 22:13:59
I presume I have a hard time explaining. Depending on the client, for example, a university, the network administrator will create a key in that location, restrict access using ACLs on that registry to make sure that the students have a readonly access on that key. For other type of setup, the user will be writing its own setting in CURRENT_USER unless the setting is overriden in LOCAL_MACHINE.
Pierre-Alain Vigeant  2009-08-31 22:26:59
But yes, that's what I did, I used OpenSubKey with write access, and I dropped the RegistryPermission completly. I will flag this answer as accepted since this is what I did.
Pierre-Alain Vigeant  2009-08-31 22:28:41

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?