ContextQMD
Back to Devexpress

Registry Access Policy

generalinformation-405081-security-registry-access-policy.md

latest9.6 KB
Original Source

Registry Access Policy

  • Sep 15, 2024
  • 4 minutes to read

DevExpress UI controls can save, read, and modify configuration settings and options in the system registry. These requests can be initiated in your code or through the internal control engine. The RegistryAccessPolicy allows you to apply global registry access restrictions, or track user/app initiated requests and execute custom actions in response.

Apply a Policy

Use the following methods to apply a restrictive policy (call these methods at application startup):

  • SuppressAllOperations() – Suppresses all requests to the system registry initiated by DevExpress controls.
  • SuppressReadOperations() – Suppresses read requests from the system registry.
  • SuppressWriteOperations() – Suppresses requests to write to the system registry.
  • ThrowAlways() – Applies a policy to suppress all requests to the system registry initiated by DevExpress controls. Throws an exception when the control accesses the system registry.
  • ThrowOnErrors() – Throws an exception if a request to the system registry fails.

The following example suppresses all read/write requests to the system registry:

csharp
static void Main() {
    Application.EnableVisualStyles();
    Application.SetCompatibleTextRenderingDefault(false);
    DevExpress.Data.Utils.RegistryAccessPolicy.SuppressAllOperations();
    Application.Run(new Form1());
}
vb
Shared Sub Main()
    Application.EnableVisualStyles()
    Application.SetCompatibleTextRenderingDefault(False)
    DevExpress.Data.Utils.RegistryAccessPolicy.SuppressAllOperations()
    Application.Run(New Form1())
End Sub

Allow Specific Registry Operations

Use the RegistryAccessPolicy.AllowOperation method to allow a specific registry operation when a restrictive policy is activated.

Registry operations include:

  • RegistryOperation.QueryValue
  • RegistryOperation.SetValue
  • RegistryOperation.DeleteSubKeyTree
  • RegistryOperation.EnumerateSubKeyTree
  • RegistryOperation.All
  • RegistryOperation.None

The following example suppresses all registry-related operations except for read requests from the system registry:

csharp
using System;
using System.Windows.Forms;
using DevExpress.Data.Utils;
using DevExpress.Data.Utils.Registry.Internal;

namespace DXApplication {
    internal static class Program {
        [STAThread]
        static void Main() {
            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault(false);
            RegistryAccessPolicy.SuppressAllOperations();
            RegistryAccessPolicy.AllowOperation(RegistryOperation.EnumerateSubKeyTree);
            RegistryAccessPolicy.AllowOperation(RegistryOperation.QueryValue);
            Application.Run(new Form1());
        }
    }
}
vb
using System;
using System.Windows.Forms;
using DevExpress.Data.Utils;
using DevExpress.Data.Utils.Registry.Internal;

namespace DXApplication {
    internal static class Program {
        [STAThread]
        static void Main() {
            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault(false);
            RegistryAccessPolicy.SuppressAllOperations();
            RegistryAccessPolicy.AllowOperation(RegistryOperation.EnumerateSubKeyTree);
            RegistryAccessPolicy.AllowOperation(RegistryOperation.QueryValue);
            Application.Run(new Form1());
        }
    }
}

Tip

Use the RegistryAccessPolicy.IsOperationAllowed method to check whether the specified registry operation is allowed.

Manage Registry Operations using Events

Handle the following events to allow or cancel registry operations based on a specific condition:

Policy EventDescription
SetValueFires when the DevExpress control attempts to write a value to a system registry key and allows you to cancel the operation.
QueryValueFires when the DevExpress control attempts to read a value from a system registry key and allows you to cancel the operation.
DeleteValueFires when the DevExpress control attempts to delete a value from a system registry key and allows you to cancel the operation.
EnumerateSubKeyTreeFires when the DevExpress control attempts to iterate subkey values in the system registry and allows you to cancel the operation.
CreateSubKeyFires when the DevExpress control attempts to create a subkey in the system registry and allows you to cancel the operation.
DeleteSubKeyTreeFires when the DevExpress control attempts to delete a subkey from the system registry and allows you to cancel the operation.

The following example suppresses attempts to write values to the specified system registry path:

csharp
static string privatePath = "SPECIFY_REGISTRY_PRIVATE_PATH";
static void Main() {
    Application.EnableVisualStyles();
    Application.SetCompatibleTextRenderingDefault(false);
    DevExpress.Data.Utils.RegistryAccessPolicy.SetValue += RegistryAccessPolicy_SetValue;
    Application.Run(new Form1());
}
static void RegistryAccessPolicy_QueryValue(object sender, DevExpress.Data.Utils.RegistryAccessPolicy.ValueEventArgs e) {
  e.Cancel = e.Key.Contains(privatePath);
}
vb
Private Shared privatePath As String = "SPECIFY_REGISTRY_PRIVATE_PATH"
Shared Sub Main()
    Application.EnableVisualStyles()
    Application.SetCompatibleTextRenderingDefault(False)
    DevExpress.Data.Utils.RegistryAccessPolicy.SetValue += RegistryAccessPolicy_SetValue
    Application.Run(New Form1())
End Sub
Shared Sub RegistryAccessPolicy_QueryValue(ByVal sender As Object, ByVal e As DevExpress.Data.Utils.RegistryAccessPolicy.ValueEventArgs)
  e.Cancel = e.Key.Contains(privatePath)
End Sub

Handle Exceptions

DevExpress UI controls catch registry-related errors or exceptions (error swallowing), and then continue without logging, processing, or reporting errors. Call the RegistryAccessPolicy.ThrowOnErrors method at application startup to manually handle registry-related errors. The ThrowOnErrors method applies a policy that allows all registry-related operations. The policy throws an exception when a registry operation fails in a DevExpress control.

You can also use the RegistryAccessPolicy.ThrowAlways method to apply a policy that disables all registry-related operations (read, write, enumerate, delete) in DevExpress controls. The policy throws an exception when a DevExpress control attempts to initiate a registry operation.

Handle the RegistryAccessPolicy.Failed event to respond to associated failures.

csharp
using DevExpress.Data.Utils;
using DevExpress.Data.Utils.Registry.Internal;

[STAThread]
static void Main() {
    Application.EnableVisualStyles();
    Application.SetCompatibleTextRenderingDefault(false);
    RegistryAccessPolicy.ThrowAlways();
    RegistryAccessPolicy.Failed += RegistryAccessPolicy_Failed;
    Application.Run(new Form1());
}

static void RegistryAccessPolicy_Failed(object sender, RegistryAccessPolicy.FailedEventArgs e) {
    if(e.Operation == RegistryOperation.QueryValue || e.Operation == RegistryOperation.EnumerateSubKeyTree) {
        e.Throw = false;
    }
}
vb
Imports DevExpress.Data.Utils
Imports DevExpress.Data.Utils.Registry.Internal

<STAThread>
Shared Sub Main()
    Application.EnableVisualStyles()
    Application.SetCompatibleTextRenderingDefault(False)
    RegistryAccessPolicy.ThrowAlways()
    AddHandler RegistryAccessPolicy.Failed, AddressOf RegistryAccessPolicy_Failed
    Application.Run(New Form1())
End Sub

Shared Sub RegistryAccessPolicy_Failed(ByVal sender As Object, ByVal e As RegistryAccessPolicy.FailedEventArgs)
    If e.Operation = RegistryOperation.QueryValue OrElse e.Operation = RegistryOperation.EnumerateSubKeyTree Then
        e.Throw = False
    End If
End Sub

Tip

Use the RegistryAccessPolicy.AllowOperation method to allow a specific registry operation when a restrictive policy is activated.