[ mipko @ 10.01.2007. 14:10 ] @
Pozdrav,

Pisem moju prvu .NET aplikaciju i naleteo sam na security problem. Aplikacija treba da radi sa registry-em na remote masini.

RegistryKey rk = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, RemoteMachine.Text);
rk.OpenSubKey("Software\\XXX", RegistryKeyPermissionCheck);

i dobijem Requested registry access is not allowed.

Jasno mi je da je u pitanju security. Kako da ovo resim? Znaci zelim da postavim neki dacl, sacl ili da se impersonalizujem i da mogu da koristim sve iz subkey-a XXX.

hvala unapred
Mipko
[ bobanM @ 10.01.2007. 14:50 ] @
Pozdrav,

da li si u web.config stavio

<identity impersonate="true" userName="Admin" password="pass" />

Postoji i druga varijanta preko Advanced API-ja (LogonUser, ImpersonateLoggedOnUser). Pogledaj na netu primere.
[ dusty @ 10.01.2007. 14:54 ] @
Tja, koliko je meni poznato nikako. Remote registry, kada je ukljucen dozvoljava, samo po koji hive (zaboravio sam koji ali mislim da je samo HCU) bez obzira koja prava imas dodeljena. Ispravite me.
[ bobanM @ 10.01.2007. 15:23 ] @
Citat:

Remote registry, kada je ukljucen dozvoljava, samo po koji hive (zaboravio sam koji ali mislim da je samo HCU) bez obzira koja prava imas dodeljena

Mislim da nisi u pravu.

Citat:

ClassesRoot Represents - HKEY_CLASSES_ROOT base key on another computer. This value can be passed to the OpenRemoteBaseKey method, to open this node remotely.
CurrentConfig Represents the HKEY_CURRENT_CONFIG base key on another computer. This value can be passed to the OpenRemoteBaseKey method, to open this node remotely.
CurrentUser Represents the HKEY_CURRENT_USER base key on another computer. This value can be passed to the OpenRemoteBaseKey method, to open this node remotely.
DynData Represents the HKEY_DYN_DATA base key on another computer. This value can be passed to the OpenRemoteBaseKey method, to open this node remotely.
LocalMachine Represents the HKEY_LOCAL_MACHINE base key on another computer. This value can be passed to the OpenRemoteBaseKey method, to open this node remotely.
PerformanceData Represents the HKEY_PERFORMANCE_DATA base key on another computer. This value can be passed to the OpenRemoteBaseKey method, to open this node remotely.
Users Represents the HKEY_USERS base key on another computer. This value can be passed to the OpenRemoteBaseKey method, to open this node remotely.


E sad je samo pitanje prava.
Koliko je meni poznato mora se dodeliti na remote masini u registry

Code:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ 
SecurePipeServers\winreg

i to za konkretnog user-a

[ mipko @ 10.01.2007. 23:11 ] @
ImpersonateLoggedOnUser je odradio posao.

Naime, cilj mi je bio da korisnik ako ne uspe da otvori hive, da mu se ponudi dialog za uname i pwd za tu masinu pa da unese korisncko ime i pwd accounta koji imaju pravo to da rade. Sad sve radi.
Mnogo hvala BobanM

pozdrav
Mipko