I have an assembly written in C# with a COM interface. This assemby is hosted in COM+ as a COM+ service running in dllhost.exe. I am using an Interactive User Identity, which means that the dllhost.exe process is started with the user that Activates the COM object. The user that starts the dllhost.exe object is and Administrator and has elevated permissions (Vista), and when I check the security in the C# COM object running on dllhost.exe I can confirm that the user is part of the Administrative group. This is the code I am using to check the users permissions:
if (!(new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)))
throw (new SecurityException(String.Format("Administrative permissions required to call the RegisterProvider method in {0}", Assembly.GetExecutingAssembly().FullName)));
When I use the CreateSubKey of the RegistryKey class within the COM object there are no exceptions thrown. However, there no entries are written to the registry (I am checking with regedit.exe) The code works fine in Windows XP, so I know that the results I expect should be there.
Two questions:
1) Does the code above check that the WindowsIdentity.GetCurrent()) has elevated permissions at the time it is executed, or does it just check that the user is in the Administrator role in the security context of the computer.
2) Is there a know issue with writing to the registry from COM+ as an impersonated user in Vista. I would expect a Security Exception if there was a permission issue, however I don't expect the code to execute without a runtime error and never actually complete the writes.
More Notes:
1) If I change the identity of the COM+ configuration to use Service or Network User then I do get a runtime error when trying to access the registry. Which I should since neither of these users have access to the key locations that I an using.
Thanks in advance.