I've been having difficulties accessing some (but not all) registry keys from my web service. I therefore assumed (and confirmed with some research) that there are some security restrictions on accessing the registry. Is there some code or change in the configuration I need to do specifically in my C#.Net application?
Specifically, I am trying to read and write the values of the PageSetup under "Software\Microsoft\Internet Explorer\PageSetup"
You could use System.Security.Principal.WindowsIdentity.GetCurrent() to create a web methods that returns the name of the current user (most likely the special ASP_NET user) and then increase the privilegies of the user (or change the security settings of the key you want to edit from regedit so that the user under which your process is running is able to read the portion of the registry
On the other hand, if I am right and, and you want to edit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup, and your goal is not to change the information in that key for the ASP_NET user then would need to authenticate to your webservice using an account that is available in the server machine, for that, you will need to configure you webservice to use windows authentication in Web.config:
<system.web>
...
<authentication mode="Windows"/>
<identity impersonate="true"/>
...
</system.web>
Then you obtain the authenticated user's Windows token:
IIdentity WinId= HttpContext.Current.User.Identity;
WindowsIdentity wi = (WindowsIdentity)WinId;
and finally you use the authenticated user's Windows token to temporarily impersonate the original user and remove the impersonation token from the current thread when you are finished impersonating.
// Temporarily impersonate the original user.
WindowsImpersonationContext wic = wi.Impersonate();
try
{
// Access resources while impersonating.
}
finally
{
// Revert impersonation.
wic.Undo();
}
That way, when you asked for WindowsIdentity.GetCurrent() you would get the name of the windows account user to authenticate (this is called temporarily impersonate the authenticated user). And you would have access to the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup of the user you used to authenticate
More info on windows authentication and impersonation here: http://msdn.microsoft.com/en-us/library/ff647405.aspx
After impersonation of the user HKEY_CURRENT_USER will be not changed. You should use RegOpenCurrentUser after impersonation of the user and RegCloseKey.
Alternatively you get the user's SID and read registry from HKEY_USERS:
WindowsIdentity wi = HttpContext.Current.User.Identity as WindowsIdentity;
if (windowsIdentity != null) {
SecurityIdentifier si = wi.User;
RegistryKey key = Registry.Users.OpenSubKey (si.Value +
@"\Software\Microsoft\Internet Explorer\PageSetup");
// get some values which you need like
string top_margine = key.GetValue ("margin_top");
key.Close();
}