从 Web 服务访问注册表

发布于 2024-09-24 13:24:36 字数 185 浏览 0 评论 0 原文

我在从网络服务访问某些（但不是全部）注册表项时遇到困难。因此，我假设（并通过一些研究证实）访问注册表存在一些安全限制。我需要在 C#.Net 应用程序中专门执行一些代码或配置更改吗？

具体来说，我正在尝试读取和写入“Software\Microsoft\Internet Explorer\PageSetup”下的 PageSetup 的值

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

月下客 2024-10-01 13:24:36

模拟用户后，HKEY_CURRENT_USER 将不会更改。您应该在模拟用户并 RegCloseKey。

或者，您可以获取用户的 SID 并从 HKEY_USERS 读取注册表：

WindowsIdentity wi = HttpContext.Current.User.Identity as WindowsIdentity;
if (windowsIdentity != null) {
    SecurityIdentifier si = wi.User;
    RegistryKey key = Registry.Users.OpenSubKey (si.Value +
                            @"\Software\Microsoft\Internet Explorer\PageSetup");
    // get some values which you need like
    string top_margine = key.GetValue ("margin_top");
    key.Close();
}

After impersonation of the user HKEY_CURRENT_USER will be not changed. You should use RegOpenCurrentUser after impersonation of the user and RegCloseKey.

Alternatively you get the user's SID and read registry from HKEY_USERS:

WindowsIdentity wi = HttpContext.Current.User.Identity as WindowsIdentity;
if (windowsIdentity != null) {
    SecurityIdentifier si = wi.User;
    RegistryKey key = Registry.Users.OpenSubKey (si.Value +
                            @"\Software\Microsoft\Internet Explorer\PageSetup");
    // get some values which you need like
    string top_margine = key.GetValue ("margin_top");
    key.Close();
}

回复收藏 0 原文

眼泪也成诗 2024-10-01 13:24:36

您可以使用 System.Security.Principal.WindowsIdentity.GetCurrent() 创建一个 Web 方法，该方法返回当前用户的名称（很可能是特殊的 ASP_NET 用户），然后增加该用户的权限（或更改该用户的安全设置）您想要从 regedit 编辑的键，以便运行您的进程的用户能够读取注册表的部分

另一方面，如果我是对的，并且您想要编辑 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup，您的目标不是更改 ASP_NET 用户该密钥中的信息，然后需要使用服务器计算机中可用的帐户对您的 Web 服务进行身份验证，为此，您需要将 Web 服务配置为在 Web.config 中使用 Windows 身份验证：

; ... <身份验证模式=“Windows”/> <身份模拟=“true”/> ...

然后获取经过身份验证的用户的 Windows 令牌：


IIdentity WinId= HttpContext.Current.User.Identity;
WindowsIdentity wi = (WindowsIdentity)WinId;

最后，使用经过身份验证的用户的 Windows 令牌临时模拟原始用户，并在模拟完成后从当前线程中删除模拟令牌。


// Temporarily impersonate the original user.
WindowsImpersonationContext wic = wi.Impersonate();
try
{
  // Access resources while impersonating.
}
finally
{
  // Revert impersonation.
  wic.Undo();
}

这样，当您请求 WindowsIdentity.GetCurrent() 时，您将获得要进行身份验证的 Windows 帐户用户的名称（这称为暂时模拟经过身份验证的用户）。并且您可以访问用于进行身份验证的用户的 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup

有关 Windows 身份验证和模拟的更多信息，请访问：http://msdn.microsoft.com/en-us/library/ff647405.aspx

You could use System.Security.Principal.WindowsIdentity.GetCurrent() to create a web methods that returns the name of the current user (most likely the special ASP_NET user) and then increase the privilegies of the user (or change the security settings of the key you want to edit from regedit so that the user under which your process is running is able to read the portion of the registry

On the other hand, if I am right and, and you want to edit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup, and your goal is not to change the information in that key for the ASP_NET user then would need to authenticate to your webservice using an account that is available in the server machine, for that, you will need to configure you webservice to use windows authentication in Web.config:

<system.web> ... <authentication mode="Windows"/> <identity impersonate="true"/> ... </system.web>

Then you obtain the authenticated user's Windows token:


IIdentity WinId= HttpContext.Current.User.Identity;
WindowsIdentity wi = (WindowsIdentity)WinId;

and finally you use the authenticated user's Windows token to temporarily impersonate the original user and remove the impersonation token from the current thread when you are finished impersonating.


// Temporarily impersonate the original user.
WindowsImpersonationContext wic = wi.Impersonate();
try
{
  // Access resources while impersonating.
}
finally
{
  // Revert impersonation.
  wic.Undo();
}

That way, when you asked for WindowsIdentity.GetCurrent() you would get the name of the windows account user to authenticate (this is called temporarily impersonate the authenticated user). And you would have access to the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup of the user you used to authenticate

More info on windows authentication and impersonation here: http://msdn.microsoft.com/en-us/library/ff647405.aspx

回复收藏 0 原文

~没有更多了~