Check registry permission without exception
I have a code like this
try
{
RegistryKey regKey = Registry.LocalMachine.CreateSubKey("SOFTWARE\\xxxx\\yyyyy");
// more code
}
catch
{
}
code>
I don't like the use of an empty catch block. But this is useful because if the user does not have access to the registry, nothing needs to be done.
This piece of code gets called many times and aside from bad practice I think it has poor performance.
I was looking for a way to check the registry permissions before trying to access it, but the only way I found this was to check the exception with
RegistryPermission.Demand()
and check for the exception. So it doesn't give me any advantage in the original approach.
ΒΏIs there a way to check the permissions of the registry without artificial throwing or checking for exceptions?
Edit:
Well, it looks like the preferred .NET way of doing this is trying to access the resource and check for exceptions. In the article, Yannick pointed out how difficult it is to deal with the Windows security model by manually looking for the desired access. So what I'm going to do is modify this code a bit, so it only checks once for an access (catching exception) and stores that information instead of constantly throwing exceptions. This has the disadvantage that if the user changes security settings on the fly, the code will prevent access to the registry. However, this is preferable if there is no simple and clean way to check access.
source to share
Since you are creating a new key, shouldn't you just check parental permissions once?
Edit: I'm not sure if there are any managed ways, but you can try CheckAccess () in Stdprov.dll: http://msdn.microsoft.com/en-us/library/aa384911%28VS.85%29.aspx
Edit2: have you tried http://msdn.microsoft.com/en-us/library/1w66447a.aspx ?
Edit3:
26) Checking access in .NET
In Part 2, we went through the access checks using the Win32 API AccessCheck. Unfortunately, there doesn't seem to be an equivalent managed function that can perform a task. It is not recommended for you to perform access checks in .NET. Instead, you should use role-based security to perform access validation for you (this is what ReadSD does. Before ReadSD writes a security descriptor, you need to check if you are allowed to change the security descriptor. This makes reading the security descriptor and calling GenericPrincipal.IsInRole for check group membership). This only works if your objects are for role-based security. This does not work with objects provided with safety handles.
If you needed to perform an access check on a protected handle (a registry key in our case), you wouldn't use AccessCheck to do this (even in Win32). The correct method is to open the registry key, and if the security descriptor is denied access, you will get an "access denied" exception.
In simple access checks, you can be able to perform access checks yourself using role-based imperative security (Figure 38):
source to share