NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

RegistryPermission Class

This permission controls the ability to access registry keys and values. The permission distinguishes between the following three different types of registry access.

READ: Read-only access to the contents of the key or value.

WRITE: Write access to the contents of the key or value. Also allows for deletion and overwriting.

CREATE: Ability to create new keys or values.

All of these permissions are independent, meaning that rights to one don't imply rights to another. If more than one permission is desired, they can be OR'd together as shown in the code sample below. For instance, write permission does not imply read and create. Registry permission is defined in terms of canonical absolute paths; checks should always be made with canonical path names.

Object
   CodeAccessPermission
      RegistryPermission

[Visual Basic]
NotInheritable Public Class RegistryPermission
   Inherits CodeAccessPermission
   Implements IUnrestrictedPermission
[C#]
public sealed class RegistryPermission : CodeAccessPermission,
   IUnrestrictedPermission
[C++]
public __gc __sealed class RegistryPermission : public
   CodeAccessPermission, IUnrestrictedPermission
[JScript]
public class RegistryPermission extends CodeAccessPermission,
   IUnrestrictedPermission

Remarks

The RegistryPermission describes protected operations on registry keys and value. The security access check is done at the time the registry key is opened. Remember, the check is only performed on the open, so if the registry object is passed to an untrusted caller, then it can be misused. Registry permission access is only checked on the key's open. This means, for example, that file handles should not be stored in global statics where code with less permission might get at them.

The flags specify the actions that can be performed on the key(s) or value(s): Read, Write, and Create. In addition, the actions can be OR'd together to form more complicated access requests.

Key access implies access to all values it contains and all keys and values below it in sub-/subsub-/etc. keys.

Requirements

Namespace: System.Security.Permissions

Assembly: mscorlib.dll

Example [C#]

After these two lines of code, the object f would represent permissions to read the values from the CentralProcessor key and read and write to the FloatingPointProcessor key. The TBD and TBD are an enumerated type that represent the key/value permissions as described above.

[C#]

f = new RegistryPermission(
  RegistryPermissionAccess.Read, 
  "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"
);

Here is a sample of what a piece of code would look like that used the RegistryPermission object:

[C#]

f.Add(
  RegistryPermissionAccess.Write | RegistryPermissionAccess.Read,
  "HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0"
);

See Also

RegistryPermission Members | System.Security.Permissions Namespace