472,964 Members | 2,568 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,964 software developers and data experts.

"Requested registry access is not allowed." and performance counte

I'm writing a Web Service and I would like to add performance counter data
for monitoring performance of the Web Service's operations over time and load.

The problem is, I get the "Requested registry access is not allowed."
SecurityException when I try and create the performance counter category via
PerformanceCounterCategory.Create().

I understand the login used to run the Web Service does not have access to
the registry keys PerformanceCounterCategory is trying to access. The only
similar references I could find involve EventLog registry entries (KB 329291)
or granting access to PerfLib registry key. But adding ASPNET to the PerfLib
key doesn't help.

I'm not fond of having the category and the counters persist beyond the life
of the web service (they don't make sense when it's not running) so, I'd
rather not go the route of creating an Installer assembly and using
EventLogInstaller as part of an installation process, as one of the options
described in KB 329291.

I'd also like to avoid having to grant full trust to any assemblies. The
one option is to create a APTC FullTrust assembly to do the category creation
and counter incrementing; but, that complicates installation more than I'd
like.

Is it possible to simply grant a user rights to a set of registry entries to
get around this, or is there another solution besides the above, or is one of
the above the "recommended" solution for this issue?

--
http://www.peterRitchie.com/

Jun 15 '06 #1
7 11970
Hi Peter,

Thank you for posting here.

From your description, you're dynamically creating
PerformanceCounter/Category in your ASP.NET webservice's code, however,
you're euncountering smoe security exception against the registry accessing
at runtime, correct?

Based on my experience, there does exists some issues regarding on the
ASP.NET idenitity doesn't have sufficient permission for accessing certain
registry entry. For your scenario, your ASP.NET application is running on
XP box, by default the ASP.NET process idenitity is the machine\ASPNET
account, however, I'm wondering whether you've used any other security
related setting in IIS or ASP.NET such as impersonation which could change
the default process idenitity of ASP.NET. You can verify this in your web
application, and here is a kb article introduce the ASP.NET process
identity:

#Process and request identity in ASP.NET
http://support.microsoft.com/?id=317012

Also, since the security exception is still complaining about the registry,
I suggest you use the regmon tool to trace the registry accessing failure,
this tool is very good at capturing reigstry access problem:

http://www.sysinternals.com/utilities/regmon.html

BTW, to help make the troubleshooting simplifed, I suggest you keep your
ASP.NET application running as "Fulltrust" mode(this is the default mode if
you haven't explicitly change the Trust level in your machine.config or
web.config).

Hope this helps.

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Jun 16 '06 #2
Hi Steven. Thanks for the reply. Had a server-down situation, so it took me
a couple of days to get back to this...

After some inspection with RegMon it would appear that the ASPNET account
also needs full control over HKLM\System\CurrentControlSet\Services. I tried
several advanced permissions options, like "this key only" and "Set Value"
and "Create Subkey"; but could only get it to work if I can the ASPNET
account full control over HKLM\System\CurrentControlSet\Services--which
doesn't give me a warm-and-fuzzy.

Doing that gets rid of the "Requested registry access is not allowed"
exception text. The process gets further, by creating the
Performance-counter--related sub-keys in
HKLM\System\CurrentControlSet\Services; but,
PerformanceCounterCategory.Create now raises a Win32Exception with Message
property equal to "The handle is invalid" or ErrorCode == 0x80004005.

--
http://www.peterRitchie.com/
"Steven Cheng[MSFT]" wrote:
Hi Peter,

Thank you for posting here.

From your description, you're dynamically creating
PerformanceCounter/Category in your ASP.NET webservice's code, however,
you're euncountering smoe security exception against the registry accessing
at runtime, correct?

Based on my experience, there does exists some issues regarding on the
ASP.NET idenitity doesn't have sufficient permission for accessing certain
registry entry. For your scenario, your ASP.NET application is running on
XP box, by default the ASP.NET process idenitity is the machine\ASPNET
account, however, I'm wondering whether you've used any other security
related setting in IIS or ASP.NET such as impersonation which could change
the default process idenitity of ASP.NET. You can verify this in your web
application, and here is a kb article introduce the ASP.NET process
identity:

#Process and request identity in ASP.NET
http://support.microsoft.com/?id=317012

Also, since the security exception is still complaining about the registry,
I suggest you use the regmon tool to trace the registry accessing failure,
this tool is very good at capturing reigstry access problem:

http://www.sysinternals.com/utilities/regmon.html

BTW, to help make the troubleshooting simplifed, I suggest you keep your
ASP.NET application running as "Fulltrust" mode(this is the default mode if
you haven't explicitly change the Trust level in your machine.config or
web.config).

Hope this helps.

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights

Jun 21 '06 #3
Hello,

When get the exception "The handle is invalid", are there any Access Denied
in the regmon log? You may also monitor it with another utility named
"Filemon" ( same from www.systeminternal.com), which can monitor access on
files I/O.

Also, to confirm it is a security issue, you may try run your applicaiton
in full trust and under a local administrator account; if this can make it
work, than change them back and monitor it with filemon&regmon. They may
help us find something.

Reagrds,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Jun 22 '06 #4
I believe there was no access denied entries in the Regmon log; I'll
double-check and repost if there were some.

I'll try with an admin account (an application performing the same action
running in the admin account works fine); but, my guess is it will work fine.
I'll spark up filemon with regmon and run some tests and let you know.

Thanks,
--
http://www.peterRitchie.com/
"Luke Zhang [MSFT]" wrote:
Hello,

When get the exception "The handle is invalid", are there any Access Denied
in the regmon log? You may also monitor it with another utility named
"Filemon" ( same from www.systeminternal.com), which can monitor access on
files I/O.

Also, to confirm it is a security issue, you may try run your applicaiton
in full trust and under a local administrator account; if this can make it
work, than change them back and monitor it with filemonĀ®mon. They may
help us find something.

Reagrds,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights

Jun 22 '06 #5
Thank you for the reply. I will be here and wait for your update.

Regards,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Jun 23 '06 #6
Hi Luke.

I switched the aspnet_wp.exe user from ASPNET to administrator and re-tried
the code. There were no exceptions (i.e. no Win32Exception with message ==
"invalid handle").

There were also no ACCESS DENIED reported by regmon or filemon with the
aspnet_wp.exe user being ASPNET or administrator.

There are a few BUFFER OVERFLOW results from some of the performance counter
registry entries though, with either user.
--
http://www.peterRitchie.com/
"Peter Ritchie" wrote:
Hi Steven. Thanks for the reply. Had a server-down situation, so it took me
a couple of days to get back to this...

After some inspection with RegMon it would appear that the ASPNET account
also needs full control over HKLM\System\CurrentControlSet\Services. I tried
several advanced permissions options, like "this key only" and "Set Value"
and "Create Subkey"; but could only get it to work if I can the ASPNET
account full control over HKLM\System\CurrentControlSet\Services--which
doesn't give me a warm-and-fuzzy.

Doing that gets rid of the "Requested registry access is not allowed"
exception text. The process gets further, by creating the
Performance-counter--related sub-keys in
HKLM\System\CurrentControlSet\Services; but,
PerformanceCounterCategory.Create now raises a Win32Exception with Message
property equal to "The handle is invalid" or ErrorCode == 0x80004005.

--
http://www.peterRitchie.com/
"Steven Cheng[MSFT]" wrote:
Hi Peter,

Thank you for posting here.

From your description, you're dynamically creating
PerformanceCounter/Category in your ASP.NET webservice's code, however,
you're euncountering smoe security exception against the registry accessing
at runtime, correct?

Based on my experience, there does exists some issues regarding on the
ASP.NET idenitity doesn't have sufficient permission for accessing certain
registry entry. For your scenario, your ASP.NET application is running on
XP box, by default the ASP.NET process idenitity is the machine\ASPNET
account, however, I'm wondering whether you've used any other security
related setting in IIS or ASP.NET such as impersonation which could change
the default process idenitity of ASP.NET. You can verify this in your web
application, and here is a kb article introduce the ASP.NET process
identity:

#Process and request identity in ASP.NET
http://support.microsoft.com/?id=317012

Also, since the security exception is still complaining about the registry,
I suggest you use the regmon tool to trace the registry accessing failure,
this tool is very good at capturing reigstry access problem:

http://www.sysinternals.com/utilities/regmon.html

BTW, to help make the troubleshooting simplifed, I suggest you keep your
ASP.NET application running as "Fulltrust" mode(this is the default mode if
you haven't explicitly change the Trust level in your machine.config or
web.config).

Hope this helps.

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights

Jun 23 '06 #7
Hi Peter,

Thank you for the information. So, it is still a permission issue since the
error disppeared after you change the identity. If you change it back and
moniter with regmon & Filemon, can you get some Access denied error in the
log file?

Additionally, ccan you explain more abou the error "BUFFER OVERFLOW"? how
did you find it?

Regards,

Luke Zhang
Microsoft Online Community Lead

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Jun 26 '06 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
by: Clint | last post by:
Hey all - I'm having a really confusing problem concerning a web service. Right now, I have an application that needs to call a web service that does nothing but return "true" (this will...
2
by: Craig Santoli | last post by:
"... to ASPNet as attempted from C:\WINNT\System32\WBEM\WinMgmt.exe." This error keeps appearing in the Windows 2000 Server Event Viewer. Any ideas on what's causing this or how to prevent it?...
1
by: HK | last post by:
I am exceuting the following command in C# using Microsoft.Win32; RegistryKey key = Registry.LocalMachine.OpenSubKey(KeyName); I keep getting the exception "Requested registry access is not...
3
by: bfprog | last post by:
Using IBM iSeries client access OLEDB provider to connect to DB2 on AS/400, but cannot create connection using .NET web app. Using following code: Dim cnTest As New...
4
by: LP | last post by:
Hi, My webservice is currently deployed on WIndows 2000 server and runs pretty fine. I am trying to run my webservice on a Windows 2003 server. My webservice tries to write to a eventlog. The...
0
by: Michael Fay in SB | last post by:
I built my application with Access 2003 and made a distribution using the Microsoft Office Access 2003 Developer Extensions. (I also install Jet 8 as a follow-on action at the end of the...
0
by: Michael Fay in SB | last post by:
A month ago I posted: "I built my application with Access 2003 and made a distribution using the Microsoft Office Access 2003 Developer Extensions. (I also install Jet 8 as a follow-on action at...
0
by: Flinker | last post by:
When attempting to read the System event log on a remote system, I receive a "Requested registry access is not allowed" exception. I temporary added myself as an administrator to the remote system...
0
by: swatitalati | last post by:
Hello when i invoke a method of web service i m getting error like Server was unable to process request. --> Requested registry access is not allowed. syntex for invoking method is as below ...
0
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
2
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
0
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
0
tracyyun
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
4
NeoPa
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
3
NeoPa
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
1
by: Teri B | last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course. 0ne-to-many. One course many roles. Then I created a report based on the Course form and...
0
NeoPa
by: NeoPa | last post by:
Introduction For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
2
by: GKJR | last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.