检查注册表许可而不抛出异常 [英] Check registry permission without throwing exception
问题描述
我有这样一段代码
try
{
RegistryKey regKey = Registry.LocalMachine.CreateSubKey(SOFTWARE\\\xxxx\\\yyyyy);
//更多代码
}
catch
{
}
我不喜欢使用空的catch块。但是,这很有用,因为如果用户没有访问注册表的权限,则不应该做任何事情。
这段代码被多次调用,除了不好的做法之外,我认为它的性能不佳。
我一直在寻找一种方法来检查注册表权限,然后再尝试访问该注册表权限,但是我找到的唯一方法是使用
$ b $检查异常b
RegistryPermission.Demand()
并检查异常。所以,这不利于初始的方法。
¿有没有办法检查注册表访问权限而不人为地抛出或不必检查异常? / p>
编辑:
嗯,看起来像.NET的首选方式是尝试访问资源,检查异常。 Yannick指出的文章显示了处理Windows安全模型的复杂程度,手动寻找所需的访问。
那么我要做的是重新设计这个代码,所以它只检查一次访问(捕获异常)并保留这些信息,而不是不断地抛出异常。
这有一个缺点,如果用户即时更改安全设置,代码将一直拒绝访问注册表。但是,如果没有简单而干净的方式来检查访问权限,那么这是首选的。
新密钥,你不应该只是检查一下父母的权限?
编辑:我不确定是否有管理方式,但是您可以在Stdprov中尝试CheckAccess()。 dll: http://msdn.microsoft.com/ en-us / library / aa384911%28VS.85%29.aspx
Edit2:你尝试过 http://msdn.microsoft.com/en-us/library/1w66447a.aspx ?
编辑3:
26)访问检查.NET
在第2部分中,我们使用Win32
AccessCheck API执行
访问检查。不幸的是,
似乎不是一个等价的
管理功能,可以执行
任务。不建议您
在.NET中执行访问检查。
相反,您应该使用
基于角色的安全性为您执行
访问检查(这是
ReadSD所做的。在ReadSD写入
安全性之前描述符,如果允许您更改
安全描述符,则需要检查
。它通过
读取安全描述符,
将GenericPrincipal.IsInRole调用为
检查组成员资格)。如果您的对象设计为
基于角色的安全性,那么只有
可以工作。
如果您需要对对象执行访问检查
,一个安全
描述符(我们的注册表项),
你不会使用AccessCheck这样做
(即使在Win32)。正确的方法是
打开注册表项,如果
的安全描述符拒绝访问,
你会得到一个访问被拒绝
异常。
在简单的访问检查中,您可能需要
才能在
的基础角色安全性帮助下执行访问检查
。
38):
http://www.codeproject.com/KB/system/accessctrl3.aspx
I have a piece of code like this
try
{
RegistryKey regKey = Registry.LocalMachine.CreateSubKey("SOFTWARE\\xxxx\\yyyyy");
// more code
}
catch
{
}
I don't like the use of the empty catch block. But, it's useful because if the user don't have permissions to access the Registry, nothing should be done.
This piece of code gets called many times and, apart of a bad practice, I think it has poor performance.
I've been looking for a way to check the registry permissions before trying to access it, but the only way I've found to do it it's checking for a exception with
RegistryPermission.Demand()
and check for a exception. So, that gives me no advantage with the initial approach.
¿Is there a way to check for the Registry access permissions without artificially throwing or having to check for exceptions?
Edit:
Well, looks like the .NET preferred way of doing this is trying to access the resource and check for exceptions. The article Yannick pointed shows how complex it is to deal with the Windows security model, looking for the desired access manually. So, what I'm going to do is redesign this code a little so it only checks once for the access (catching the exception) and keeps that information, instead of constantly throwing exceptions. This has the drawback that if the user changes the security settings "on the fly", the code will keep denying access to the Registry. However, this is preferred if there isn't a simple and clean way of checking for access.
Since you are creating a new key, shouldn't you just check the parent's permissions once?
Edit: I am unsure if there are managed ways, but you could try CheckAccess() in Stdprov.dll: http://msdn.microsoft.com/en-us/library/aa384911%28VS.85%29.aspx
Edit2: Have you tried http://msdn.microsoft.com/en-us/library/1w66447a.aspx ?
Edit3:
26) Access checks in .NET
In part 2, we went through performing access checks using the Win32 AccessCheck API. Unfortunately, there doesn't seem to be an equivalent managed function that can perform the task. It's not recommended for you perform an access check in .NET. Instead, you should make use of role-based security to perform an access check for you (This is what ReadSD does. Before ReadSD writes a security descriptor, it needs to check if you are allowed to alter the security descriptor. It does this by reading the security descriptor and calling GenericPrincipal.IsInRole to check for group membership). This only works if your objects are designed for role-based security. It does not work with objects secured by security descriptors.
If you need to perform an access check on an object with a security descriptor (Registry key in our case), you wouldn't use AccessCheck to do so (even in Win32). The proper method is to open up the registry key, and if the security descriptor denies access, you will get an "access denied" exception.
In simple access checks, you may be able to perform the access check yourself with the help of an imperative role-based security (fig. 38):
http://www.codeproject.com/KB/system/accessctrl3.aspx
这篇关于检查注册表许可而不抛出异常的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
