Last post Mar 24, 2007 02:29 PM by securesign
Mar 17, 2007 07:16 AM|lagu2653|LINK
I made a web part that reads a URL from the registry (C# and ASP.NET). The system administrator gave the user ASPNET administrator rights but I still get the error "Requested registry access is not allowed." If don't read from the registry the web
part works. We're using WSS 2.0.
This C#-line reads the registry implicitly:
TeamFoundationServer tfs = TeamFoundationServerFactory.GetServer(server, teamFoundationCredential);
Mar 17, 2007 12:20 PM|OWScott|LINK
Are you running IIS6? If so, it is probably the application pool identity user that you need to assign to that registry key. By default it's NETWORK SERVICE. If you have asp.net impersonation turned on, it will be the anonymous or signed in user that
needs permission instead.
You can run regmon from www.sysinternals.com to find out for sure which user is denied permission. Run it and reproduce the issue, then search for the word "denied" in the results.
My guess is that you could give the NETWORK SERVICE user reads permissions and it will work.
Further on this. It may be that the server is running in partial trust, in which case it's a code access security (CAS) issue instead of a permissions issue. If it doesn't work after looking into these ideas, post the actual error message and we can tell
you what the actual cause is.
Mar 19, 2007 10:29 AM|Steve@Planet|LINK
Here's some more useful info on the subject:
Mar 24, 2007 02:29 PM|securesign|LINK
First make sure that the the application pool identity user is the Network Service Account,if so then allow the Network Service Account Read Access to the preceding registry key
You need to use an administrator account with permission to alter the registry security to perform the following steps:
1. On the taskbar, click Start, and then click Run. Type regedit in the Open box, and then click OK.
2. Expand the outline list in the left panel to locate the desired folder icon at the preceding registry path.
3. Right-click the desired folder, and then click Permissions.
4. In the Permission for Servers dialog box, click the Add button.
5. In the Select Users, Computers, or Groups dialog box, type NETWORK SERVICE in the text box, and then click Check Names. The Network Service name will be underlined; this indicates that it is a valid security principal. Click OK.
6. In the Permissions for Servers dialog box, click the Network Service user name from the list, and in the Permissions for NETWORK SERVICE section, click Advanced.
7. In the Advanced Security Settings for Servers dialog box, click Network Service, and then click Edit.
8. In the Permission Entry for Servers dialog box, select the Set Value and Create Subkey check boxes in the Allow column to permit read access. Click OK several times until the Permissions dialog box closes.
NOTE: If you have another user instead of the Network Service account on the application pool identity, Then give this account read permission on your registery (folder).
for more Information: