Neal
Thu Mar 10 07:47:10 CST 2005
Thanks..!!
"Sean Hederman" wrote:
> "Neal" <Neal@discussions.microsoft.com> wrote in message
> news:AABFE5D2-D837-46E4-9F8C-3141578F2414@microsoft.com...
> > Ok, then
> > where and/or how do I set this "IUSER_MACHINENAME" 's permissions.
>
> If you open up the Registry Editor, navigate to the required key,
> right-click and select "Permissions", it'll come up with the standard
> Windows security editor.
>
> > or
> >
> > If registry is such an issue, and web.config is no place to store a
> > Password
> > (to a SQL dbase), having no real security...
>
> The web.config is fine, as long as you encrypt the password.
>
> > is it possible to Write to the Web.config file from the application (read
> > is
> > fine), and set the requisite appsettings key programmatically with the
> > encrypted password ??
>
> No, again the IUSER_MACHINENAME does not have write access to web.config,
> although it can read it using AppSettingsReader for example.
>
> > and if it is possible, how do i do that, (i've been the route of encrypted
> > files and that currently seems the only and somewhat inelegant wat to do
> > it..also ..pathing and defaults per OS make that slightly problematic.
>
> Have a look at
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT07.asp.
>
> Also, have you considered using Windows Authentication to your database?
> This would free you from having to store the password, since the
> IUSER_MACHINENAME would automatically be authenticated.
>
> >
> > TIA
> >
> >
> >
> > "Neal" wrote:
> >
> >> Ok, well not ok.
> >> I tried it with HKEY _CURRENT_USER,... and still the same result.
> >> "Access to the Registry Key .... is denied
> >>
> >> (It is my own machine, I have Admin rights....)
> >> 3 days wasted...trying to get something supposedly simple right, which
> >> took
> >> me all of 5 minutes in Delphi (and I've only had 3 months experience
> >> there..!!)
> >>
> >> and then I suppose this will all be revisited upon deploying it to the
> >> Production Server.
> >>
> >> Seriously Frustrated
> >>
> >> SO... NOW WHERE TO ???
> >>
> >> Heres the code..
> >> '//I try and create the subkey "UCT-SPLUS" in HKEY_CURRENT_USER\Software
> >>
> >> ie
> >> Try
> >> Dim f As New
> >> RegistryPermission(RegistryPermissionAccess.AllAccess, _
> >> "HKEY_CURRENT_USER\Software")
> >> f.AddPathList(RegistryPermissionAccess.Write,
> >> "HKEY_CURRENT_USER\Software\UCT-SPLUS")
> >> f.Assert()
> >>
> >> Dim subkey As RegistryKey =
> >> Registry.CurrentUser.CreateSubKey("Software\UCT-SPLUS\DbPwd")
> >> subkey.SetValue("DBPwd", sPwdValue)
> >> Catch ER As Exception
> >> Throw New Exception("Error writing to Registry : " &
> >> ER.Message)
> >> End Try
> >>
> >>
> >> TIA
> >> Neal
> >>
> >> "Sean Hederman" wrote:
> >>
> >> > "Neal" <Neal@discussions.microsoft.com> wrote in message
> >> > news:BAF0A2E3-2558-45D3-8CE4-821AAEB3812F@microsoft.com...
> >> > >I am attempting to write an encrypted password to the Registry, from a
> >> > >VB
> >> > > ASP.Net App and similarly read it in a Webservice .
> >> >
> >> > A web service/app generally logs in as the user IUSER_MACHINENAME.
> >> >
> >> > > I have tried the RegistryPermissions code etc from the MSDN help,
> >> > > Dim f As New
> >> > > RegistryPermission(RegistryPermissionAccess.AllAccess, _
> >> > > "HKEY_LOCAL_MACHINE\SOFTWARE\")
> >> > > f.Assert()
> >> > > ?? how does one tie this up to the RegistryKey class?? if at all.
> >> >
> >> > It means that the code is requesting permission to access that registry
> >> > key.
> >> > However, just because the code is trusted enough to access said
> >> > registry
> >> > key, does not mean that the user is. Basically the permissions you have
> >> > are
> >> > the intersection of the code and user permissions. Your code has the
> >> > relevant CAS (code access security) permissions, but IUSER_MACHINENAME
> >> > does
> >> > not. Therefore, you get the permission denied error. In order for this
> >> > to
> >> > work, but the code and the user must have the relevant permissions.
> >> >
> >> > Generally the HKEY_LOCAL_MACHINE\SOFTWARE\ can only be written to by an
> >> > Administrator, and for very good security reasons. Should this key
> >> > really be
> >> > getting stored there? Keep in mind that most (hopefully all)
> >> > administrators
> >> > will not allow IIS to have Administrator privileges, and convincing
> >> > administrators to open up registry access to IIS will be tricky.
> >> >
> >> > > but .. the error persists.
> >> > > (
> >> > > I am currently trying to develop this on my DevMachine,
> >> > > (Administrator
> >> > > rights etc), though this will need to be deployed to a Windows 2000
> >> > > server
> >> > > or
> >> > > similar.
> >> > >
> >> > > Lost (......yet again !) ..
> >> > > Anybody...?
> >> > > TIA
> >> > >
> >> > > Code is as follows
> >> > >
> >> > > Dim subkey As RegistryKey =
> >> > > Registry.LocalMachine.CreateSubKey("SOFTWARE\UCT-SPLUS\DbPwd")
> >> > >
> >> > > which is where the error occurs.. thereafter one assumes the setValue
> >> > > will
> >> > > work.
> >> > >
> >> > > subkey.SetValue("DBPwd", sPwdValue)
> >> > >
> >> > >
> >> > > --
> >> > > Neal Rogers
> >> > > University of Cape Town
> >> >
> >> >
> >> >
>
>
>