I'm writing a Web Service and I would like to add performance counter data
for monitoring performance of the Web Service's operations over time and load.
The problem is, I get the "Requested registry access is not allowed."
SecurityException when I try and create the performance counter category via
PerformanceCounterCategory.Create().
I understand the login used to run the Web Service does not have access to
the registry keys PerformanceCounterCategory is trying to access. The only
similar references I could find involve EventLog registry entries (KB 329291)
or granting access to PerfLib registry key. But adding ASPNET to the PerfLib
key doesn't help.
I'm not fond of having the category and the counters persist beyond the life
of the web service (they don't make sense when it's not running) so, I'd
rather not go the route of creating an Installer assembly and using
EventLogInstaller as part of an installation process, as one of the options
described in KB 329291.
I'd also like to avoid having to grant full trust to any assemblies. The
one option is to create a APTC FullTrust assembly to do the category creation
and counter incrementing; but, that complicates installation more than I'd
like.
Is it possible to simply grant a user rights to a set of registry entries to
get around this, or is there another solution besides the above, or is one of
the above the "recommended" solution for this issue?
-- http://www.peterRitchie.com/ 7  12036 
Hi Peter,
Thank you for posting here.
From your description, you're dynamically creating
PerformanceCounter/Category in your ASP.NET webservice's code, however,
you're euncountering smoe security exception against the registry accessing
at runtime, correct?
Based on my experience, there does exists some issues regarding on the
ASP.NET idenitity doesn't have sufficient permission for accessing certain
registry entry. For your scenario, your ASP.NET application is running on
XP box, by default the ASP.NET process idenitity is the machine\ASPNET
account, however, I'm wondering whether you've used any other security
related setting in IIS or ASP.NET such as impersonation which could change
the default process idenitity of ASP.NET. You can verify this in your web
application, and here is a kb article introduce the ASP.NET process
identity:
#Process and request identity in ASP.NET http://support.microsoft.com/?id=317012
Also, since the security exception is still complaining about the registry,
I suggest you use the regmon tool to trace the registry accessing failure,
this tool is very good at capturing reigstry access problem: http://www.sysinternals.com/utilities/regmon.html
BTW, to help make the troubleshooting simplifed, I suggest you keep your
ASP.NET application running as "Fulltrust" mode(this is the default mode if
you haven't explicitly change the Trust level in your machine.config or
web.config).
Hope this helps.
Regards,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hi Steven. Thanks for the reply. Had a server-down situation, so it took me
a couple of days to get back to this...
After some inspection with RegMon it would appear that the ASPNET account
also needs full control over HKLM\System\CurrentControlSet\Services. I tried
several advanced permissions options, like "this key only" and "Set Value"
and "Create Subkey"; but could only get it to work if I can the ASPNET
account full control over HKLM\System\CurrentControlSet\Services--which
doesn't give me a warm-and-fuzzy.
Doing that gets rid of the "Requested registry access is not allowed"
exception text. The process gets further, by creating the
Performance-counter--related sub-keys in
HKLM\System\CurrentControlSet\Services; but,
PerformanceCounterCategory.Create now raises a Win32Exception with Message
property equal to "The handle is invalid" or ErrorCode == 0x80004005.
-- http://www.peterRitchie.com/
"Steven Cheng[MSFT]" wrote: Hi Peter,
Thank you for posting here.
From your description, you're dynamically creating
PerformanceCounter/Category in your ASP.NET webservice's code, however,
you're euncountering smoe security exception against the registry accessing
at runtime, correct?
Based on my experience, there does exists some issues regarding on the
ASP.NET idenitity doesn't have sufficient permission for accessing certain
registry entry. For your scenario, your ASP.NET application is running on
XP box, by default the ASP.NET process idenitity is the machine\ASPNET
account, however, I'm wondering whether you've used any other security
related setting in IIS or ASP.NET such as impersonation which could change
the default process idenitity of ASP.NET. You can verify this in your web
application, and here is a kb article introduce the ASP.NET process
identity:
#Process and request identity in ASP.NET
http://support.microsoft.com/?id=317012
Also, since the security exception is still complaining about the registry,
I suggest you use the regmon tool to trace the registry accessing failure,
this tool is very good at capturing reigstry access problem:
http://www.sysinternals.com/utilities/regmon.html
BTW, to help make the troubleshooting simplifed, I suggest you keep your
ASP.NET application running as "Fulltrust" mode(this is the default mode if
you haven't explicitly change the Trust level in your machine.config or
web.config).
Hope this helps.
Regards,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights
Hello,
When get the exception "The handle is invalid", are there any Access Denied
in the regmon log? You may also monitor it with another utility named
"Filemon" ( same from www.systeminternal.com), which can monitor access on
files I/O.
Also, to confirm it is a security issue, you may try run your applicaiton
in full trust and under a local administrator account; if this can make it
work, than change them back and monitor it with filemon®mon. They may
help us find something.
Reagrds,
Luke Zhang
Microsoft Online Community Lead
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
I believe there was no access denied entries in the Regmon log; I'll
double-check and repost if there were some.
I'll try with an admin account (an application performing the same action
running in the admin account works fine); but, my guess is it will work fine.
I'll spark up filemon with regmon and run some tests and let you know.
Thanks,
-- http://www.peterRitchie.com/
"Luke Zhang [MSFT]" wrote: Hello,
When get the exception "The handle is invalid", are there any Access Denied
in the regmon log? You may also monitor it with another utility named
"Filemon" ( same from www.systeminternal.com), which can monitor access on
files I/O.
Also, to confirm it is a security issue, you may try run your applicaiton
in full trust and under a local administrator account; if this can make it
work, than change them back and monitor it with filemonĀ®mon. They may
help us find something.
Reagrds,
Luke Zhang
Microsoft Online Community Lead
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
(This posting is provided "AS IS", with no warranties, and confers no
rights
Thank you for the reply. I will be here and wait for your update.
Regards,
Luke Zhang
Microsoft Online Community Lead
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hi Luke.
I switched the aspnet_wp.exe user from ASPNET to administrator and re-tried
the code. There were no exceptions (i.e. no Win32Exception with message ==
"invalid handle").
There were also no ACCESS DENIED reported by regmon or filemon with the
aspnet_wp.exe user being ASPNET or administrator.
There are a few BUFFER OVERFLOW results from some of the performance counter
registry entries though, with either user.
-- http://www.peterRitchie.com/
"Peter Ritchie" wrote: Hi Steven. Thanks for the reply. Had a server-down situation, so it took me
a couple of days to get back to this...
After some inspection with RegMon it would appear that the ASPNET account
also needs full control over HKLM\System\CurrentControlSet\Services. I tried
several advanced permissions options, like "this key only" and "Set Value"
and "Create Subkey"; but could only get it to work if I can the ASPNET
account full control over HKLM\System\CurrentControlSet\Services--which
doesn't give me a warm-and-fuzzy.
Doing that gets rid of the "Requested registry access is not allowed"
exception text. The process gets further, by creating the
Performance-counter--related sub-keys in
HKLM\System\CurrentControlSet\Services; but,
PerformanceCounterCategory.Create now raises a Win32Exception with Message
property equal to "The handle is invalid" or ErrorCode == 0x80004005.
--
http://www.peterRitchie.com/
"Steven Cheng[MSFT]" wrote:
Hi Peter,
Thank you for posting here.
From your description, you're dynamically creating
PerformanceCounter/Category in your ASP.NET webservice's code, however,
you're euncountering smoe security exception against the registry accessing
at runtime, correct?
Based on my experience, there does exists some issues regarding on the
ASP.NET idenitity doesn't have sufficient permission for accessing certain
registry entry. For your scenario, your ASP.NET application is running on
XP box, by default the ASP.NET process idenitity is the machine\ASPNET
account, however, I'm wondering whether you've used any other security
related setting in IIS or ASP.NET such as impersonation which could change
the default process idenitity of ASP.NET. You can verify this in your web
application, and here is a kb article introduce the ASP.NET process
identity:
#Process and request identity in ASP.NET
http://support.microsoft.com/?id=317012
Also, since the security exception is still complaining about the registry,
I suggest you use the regmon tool to trace the registry accessing failure,
this tool is very good at capturing reigstry access problem:
http://www.sysinternals.com/utilities/regmon.html
BTW, to help make the troubleshooting simplifed, I suggest you keep your
ASP.NET application running as "Fulltrust" mode(this is the default mode if
you haven't explicitly change the Trust level in your machine.config or
web.config).
Hope this helps.
Regards,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights
Hi Peter,
Thank you for the information. So, it is still a permission issue since the
error disppeared after you change the identity. If you change it back and
moniter with regmon & Filemon, can you get some Access denied error in the
log file?
Additionally, ccan you explain more abou the error "BUFFER OVERFLOW"? how
did you find it?
Regards,
Luke Zhang
Microsoft Online Community Lead
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Clint |
last post by:
Hey all -
I'm having a really confusing problem concerning a web service. Right
now, I have an application that needs to call a web service that does
nothing but return "true" (this will...
|
by: Craig Santoli |
last post by:
"... to ASPNet as attempted from C:\WINNT\System32\WBEM\WinMgmt.exe."
This error keeps appearing in the Windows 2000 Server Event Viewer.
Any ideas on what's causing this or how to prevent it?...
|
by: HK |
last post by:
I am exceuting the following command in C#
using Microsoft.Win32;
RegistryKey key = Registry.LocalMachine.OpenSubKey(KeyName);
I keep getting the exception "Requested registry access is not...
|
by: bfprog |
last post by:
Using IBM iSeries client access OLEDB provider to connect to DB2 on AS/400,
but cannot create connection using .NET web app. Using following code:
Dim cnTest As New...
|
by: LP |
last post by:
Hi,
My webservice is currently deployed on WIndows 2000 server and runs pretty
fine. I am trying to run my webservice on a Windows 2003 server. My
webservice tries to write to a eventlog. The...
|
by: Michael Fay in SB |
last post by:
I built my application with Access 2003 and made a distribution using
the Microsoft Office Access 2003 Developer Extensions.
(I also install Jet 8 as a follow-on action at the end of the...
|
by: Michael Fay in SB |
last post by:
A month ago I posted:
"I built my application with Access 2003 and made a distribution using
the Microsoft Office Access 2003 Developer Extensions.
(I also install Jet 8 as a follow-on action at...
|
by: Flinker |
last post by:
When attempting to read the System event log on a remote system, I receive a
"Requested registry access is not allowed" exception. I temporary added
myself as an administrator to the remote system...
|
by: swatitalati |
last post by:
Hello
when i invoke a method of web service i m getting error like Server was unable to process request. --> Requested registry access is not allowed.
syntex for invoking method is as below
...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
