ASP.NET and COM registry access denied

[Bill]

I've seen many posts on the web about this topic, and I still haven't
found an answer that works for me. I have an ASP.NET page written in
C# that instantiates a COM object that attempts to access a registry
key. The object fails, but it is a third party component and all the
vendor can tell me is to "make sure there are no security restrictions
on the registry" and they gave me a registry key. I've given the
aspnet account access to this key by using regedt32. Additionally, my
web.config file is set to Forms authentication, IIS is set to use
Anonymous Access, and the <processmodel> username in machine.config is
set to "machine". I can get it to work by setting the username in the
machine.config file to "system", but I've been told that doing so
opens a major security hole. This is a public web application so using
a Windows account is not an option. Does anyone have any ideas on how
I can get this working?

Thanks. I appreciate the help.

 

[John Sivilla]

If you are using a COM component, you can set a specific user account as its identity. You can then give this user access to the registry key. To set the identity you can either do it programmatically in your code, but since it is a third party component you can set the identity in the Component Services snap-in in the MMC. Just right click the component's package and choose the identity tab to get there.

hope this helps,
John

 

[Bill Shipman]

Thanks for your quick response.

I looked in Component Services, but the third party tool isn't there.
It's possible that it isn't a COM object, and it is only a regular dll
assembly. In this case, is there a similar way of doing this?

 

[John Sivilla]

Hi Bill,

In that case, if you are calling the component from an asp.net application is it running with whatever identity the asp.net application is running. If you say that user has access to the registry key, and it is still not working, then there is some kind of access denied error occuring somewhere on your system, which may or may not be related to the registry key.

When I get these kinds of problems, I use a utility that has saved me countless hours or debug time. It is called Filemon and it lists all accesses in real time. If there is a access denied error it will log it for you with all the info you need to correct the problem. The best thing about it is that it is free. Go to http://www.sysinternals.com and search for the latest version of Filemon, install it, and run it and try to find out where exactly the access problem occurrs.

hope this will help you,
John