如何检查是否允许用户读取/写入特定的注册表项? [英] How do I check whether a user is allowed to read / write a particular registry key?

问题描述

有人知道我如何以编程方式检查(使用C#)我的程序是否能够读取/写入特定的注册表项(特别是:"SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run")?

Does anybody know how I can programmatically check (using C#) whether my program will be able to read / write a particular registry key (specifically: "SOFTWARE\Microsoft\Windows\CurrentVersion\Run")?

我问是因为我的程序可以选择启用或禁用启动时运行"行为.如果不允许当前用户更改注册表，我想禁用此选项.是否始终允许当前用户写入该密钥，或者是否已将其锁定?如果是后者，我该如何检查?

I am asking because my program has the option to enable or disable the 'run at startup' behaviour. I want to disable this option if the current user is not allowed to make changes to the registry. Is this key always allowed to be written by the current user, or is there the possibility that it has been locked down? If the latter, how do I check this?

我已经看到了几种冲突的检查注册表权限的方法-但基本上，在尝试读取特定键之前，我找不到找到特定键的方法.我宁愿在访问密钥之前执行检查，而不是尝试访问它并收到异常.

I have seen several conflicting ways of checking registry permissions - but basically I can't find a way to check a specific key before I try to read it. I would rather perform the check before accessing the key than trying to access it and receive an exception.

非常感谢您的帮助.

汤姆

推荐答案

RegistryPermission 类控制reg密钥周围的安全权限.要检查您是否具有对权限的写权限，请按以下方式使用它:

The RegistryPermission class governs the security permissions around reg keys. To check if you may have write access to a permission you use it in the following manner:

RegistryPermission perm1 = new RegistryPermission(RegistryPermissionAccess.Write, @"SOFTWARE\Microsoft\Windows\CurrentVersion\Run");

然后，您将在try/catch中使用"Demand"方法，并在失败(引发安全异常)时返回.成功后，您将继续执行更新.尽管这并不是您想要的，但要在访问之前先检查权限，这是一种公认​​的方式，可确保您拥有对按键进行操作之前所需的权限.以完全结构化的方式，这相当于:

You would then use the "Demand" method in a try/catch and return on failure (the raising of a security exception). On success you'd carry on and perform your update. Although this isn't quite what you want, a check on permissions before access, it is the accepted way of ensuring you have the permissions you need before you operate on the keys. In a fully structured manner this would equate to:

try
{
    RegistryPermission perm1 = new RegistryPermission(RegistryPermissionAccess.Write, @"SOFTWARE\Microsoft\Windows\CurrentVersion\Run");
    perm1.Demand();
}
catch (System.Security.SecurityException ex)
{
    return;
}

//Do your reg updates here

编辑:考虑到我在评论中提到的内容，这是用于权限检查的RegistryPermission类的扩展方法:

Thinking on what I mentioned in the comment, here are extension methods to the RegistryPermission class for permission checks:

using System.Security.Permissions;
using System.Security;

public static class RegistryExtensions
{
    public static bool HavePermissionsOnKey(this RegistryPermission reg, RegistryPermissionAccess accessLevel, string key)
    {
        try
        {
            RegistryPermission r = new RegistryPermission(accessLevel, key);
            r.Demand();
            return true;
        }
        catch (SecurityException)
        {
            return false;
        }
    }

    public static bool CanWriteKey(this RegistryPermission reg, string key)
    {
        try
        {
            RegistryPermission r = new RegistryPermission(RegistryPermissionAccess.Write, key);
            r.Demand();
            return true;
        }
        catch (SecurityException)
        {
            return false;
        }
    }

    public static bool CanReadKey(this RegistryPermission reg, string key)
    {
        try
        {
            RegistryPermission r = new RegistryPermission(RegistryPermissionAccess.Read, key);
            r.Demand();
            return true;
        }
        catch (SecurityException)
        {
            return false;
        }
    }
}

这篇关于如何检查是否允许用户读取/写入特定的注册表项?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！