检查注册表的权限，没有抛出异常 [英] Check registry permission without throwing exception

问题描述

我有一张code这样

try
{
    RegistryKey regKey = Registry.LocalMachine.CreateSubKey("SOFTWARE\\xxxx\\yyyyy");
    // more code
}
catch
{
}

我不喜欢使用空的catch块。但是，这是有用的，因为如果用户没有权限访问注册表，没有什么应该做的。

I don't like the use of the empty catch block. But, it's useful because if the user don't have permissions to access the Registry, nothing should be done.

这一块code被调用很多次，除了一个不好的做法，我认为它的性能较差。

This piece of code gets called many times and, apart of a bad practice, I think it has poor performance.

我一直在寻找一种方式试图访问前检查注册表权限，但只有这样我发现这样做它的检查与异常

I've been looking for a way to check the registry permissions before trying to access it, but the only way I've found to do it it's checking for a exception with

        RegistryPermission.Demand（）

RegistryPermission.Demand()

和检查是否有异常。所以，这使我没有什么优势与最初的做法。

and check for a exception. So, that gives me no advantage with the initial approach.

¿有没有办法来检查注册表的访问权限，而不人为投掷或有检查异常？

¿Is there a way to check for the Registry access permissions without artificially throwing or having to check for exceptions?

编辑：

嗯，貌似这样做是试图访问该资源和检查异常的.NET preferred方式。雅尼克指出该文章表明它是多么复杂，处理Windows的安全模式，寻找手动所需的访问。 所以，我什么都做的是重新设计的，而不是不断地抛出异常此codeA小，因此只检查一次访问（捕捉异常），并保存这些信息。 这样做的缺点是，如果用户改变对飞的安全设置，在code将继续拒绝访问注册表。然而，这是preferred如果没有检查访问的一个简单的，清洁的方式

Well, looks like the .NET preferred way of doing this is trying to access the resource and check for exceptions. The article Yannick pointed shows how complex it is to deal with the Windows security model, looking for the desired access manually. So, what I'm going to do is redesign this code a little so it only checks once for the access (catching the exception) and keeps that information, instead of constantly throwing exceptions. This has the drawback that if the user changes the security settings "on the fly", the code will keep denying access to the Registry. However, this is preferred if there isn't a simple and clean way of checking for access.

推荐答案

由于您要创建一个新的密钥，你不应该只检查一次家长的权限？

Since you are creating a new key, shouldn't you just check the parent's permissions once?

编辑：我不确定是否有管理办法，但你可以尝试的checkAccess（）在Stdprov.dll：的 http://msdn.microsoft.com/en-us/library/aa384911%28VS.85%29.aspx

I am unsure if there are managed ways, but you could try CheckAccess() in Stdprov.dll: http://msdn.microsoft.com/en-us/library/aa384911%28VS.85%29.aspx

EDIT2：你有没有尝试过 http://msdn.microsoft.com/en -us /库/ 1w66447a.aspx ？

Have you tried http://msdn.microsoft.com/en-us/library/1w66447a.aspx ?

EDIT3：

在.NET 26）访问检查

26) Access checks in .NET

在第二部分，我们通过表演去   使用Win32访问检查   AccessCheck的API。不幸的是，有   似乎没有成为一个等效   可以执行该被管理功能   任务。这不是为你推荐   执行.NET访问检查。   相反，你应该利用   基于角色的安全执行   您访问检查（这是   ReadSD一样。在ReadSD写入   安全描述符，它需要检查   如果你被允许改变   安全描述符。它通过执行此操作   读的安全描述符和   调用GenericPrincipal.IsInRole到   检查组成员）。这只   如果你的对象是专为工作   基于角色的安全。这不可行   与安全保护的对象   描述符。

In part 2, we went through performing access checks using the Win32 AccessCheck API. Unfortunately, there doesn't seem to be an equivalent managed function that can perform the task. It's not recommended for you perform an access check in .NET. Instead, you should make use of role-based security to perform an access check for you (This is what ReadSD does. Before ReadSD writes a security descriptor, it needs to check if you are allowed to alter the security descriptor. It does this by reading the security descriptor and calling GenericPrincipal.IsInRole to check for group membership). This only works if your objects are designed for role-based security. It does not work with objects secured by security descriptors.

如果您需要执行访问检查   将对象与安全上   描述符（在本例中注册表项）   你不会用的AccessCheck这样做   （即使在Win32中）。正确的方法是   打开注册表项，如果   安全描述符拒绝访问，   你会得到一个拒绝访问   例外。

If you need to perform an access check on an object with a security descriptor (Registry key in our case), you wouldn't use AccessCheck to do so (even in Win32). The proper method is to open up the registry key, and if the security descriptor denies access, you will get an "access denied" exception.

在简单的访问检查，你可能会   能够执行访问检查   与自己的帮助   当务之急基于角色的安全（图   38）：

In simple access checks, you may be able to perform the access check yourself with the help of an imperative role-based security (fig. 38):

HTTP：//www.$c$cproject.com/KB/系统/ accessctrl3.aspx

这篇关于检查注册表的权限，没有抛出异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！