Mike Rousos on Registry Security


Over the weekend, Mike Rousos (a BCL tester who’s been temporarily drafted onto the security team) posted an interesting piece about the new BCL registry security support on the BCL blog.  While the title mentions RegistryPermission, the post is actually about the NT security features of the registry classes rather than CAS permissions.  Mike covers the difference between RegistryRights and RegistryPermissionCheck — two features that are nice additions to the BCL registry support.  Worth checking out if you spend much time working with NT security on the registry.

Comments (2)

  1. Steven says:

    Hopefully there is some level of functionality around to get the "DOMAINuser" bit, doing it programmatically might be a pain and yeild some errors.

  2. Hi Steven,

    There sure is — there’s an equivilent overload to the RegistryAccessRule class which takes an IdentityReference. One type of IdentityReference is an NTAccount, which has a constructor NTAccount(string domainName, string accountName). There is also an IdentityReference subclass SecurityIdentifier if you only have a SID to work with.

    -Shawn