Hi,
I was using IMSAdminBase->OpenKey() on IIS 6.0 to read from /ROOT/W3SVC level and it was working fine for all users including non-admin users. Basically I have metabase entry at this level. However when I try my same code on IIS 7.0 (with IIS Metabase compatibilty module installed) with non-administrator user it returns E_ACCESSDENIED.
I was going through some article which was talking about the VISTA design to prevent other users from normal operations. And then the concept of COM Elevation Moniker was given at http://msdn.microsoft.com/en-us/library/ms679687.aspx
I followed it but no success. Instead I got into another issues.
My Code Snippet:
void main()
{
...
HRESULT hRes = CoCreateInstanceAsAdmin(NULL,CLSID_MSAdminBase,IID_IMSAdminBase,(void **) &pIMeta);
...
}
// Taken from sample given at above link
HRESULT CoCreateInstanceAsAdmin(HWND hwnd, REFCLSID rclsid, REFIID riid, __out void ** ppv)
{
OutputDebugString("CoCreateInstanceAsAdmin : Enter ");
BIND_OPTS3 bo;
WCHAR wszCLSID[50];
WCHAR wszMonikerName[300];
StringFromGUID2(rclsid, wszCLSID, sizeof(wszCLSID)/sizeof(wszCLSID[0]));
HRESULT Hres = StringCchPrintfW(wszMonikerName, sizeof(wszMonikerName)/sizeof(wszMonikerName[0]), L"Elevation:Administrator!new:%s", wszCLSID);
if (FAILED(Hres))
return Hres;
memset(&bo, 0, sizeof(bo));
bo.cbStruct = sizeof(bo);
bo.hwnd = hwnd;
bo.dwClassContext = CLSCTX_ALL;
Hres = CoGetObject(wszMonikerName, &bo, riid, ppv);
OutputDebugString("After CoGetObject");
if (FAILED(Hres))
{
return Hres;
}
OutputDebugString("CoCreateInstanceAsAdmin : CoGetObject SUCCESSFUL ");
return Hres;
}
Basically the CLSID_MSAdminBase does not meet the requirement.
[Requirement given in Elevation guide:In order to use the elevation moniker to activate a COM class, the class
must be configured to run as the launching user or the 'Activate as
Activator' application identity. If the class is configured to run under
any other identity, the activation returns the error
CO_E_RUNAS_VALUE_MUST_BE_AAA.
The class must also be annotated with a "friendly" display name that is
multilingual user interface (MUI) compatible. This requires the
following registry entry:]
But then i tried workaround by adding dummy keys.
Output:
CoGetObject function fails with error code 0x80080015 (CO_E_MISSING_DISPLAYNAME)
So I added the some dummy keys as
{CLSID}\LocalizedString
{CLSID}\Elevation\IconReference
{CLSID}\Elevation\Enabled
but now also the problem is not resolved. Instead now its returning 0x80080016 (CO_E_RUNAS_VALUE_MUST_BE_AAA)
I am not sure what to do to resolve this problem. Basically I want my server level key to be read by any non-admin user.
"Elevation requires participation from both a COM
class and its client. The COM class must be configured to support elevation by
annotating its registry entry, as described in the Requirements section."
But looking at "CLSID_MSAdminBase" it seems it does not support. Please let me know how to read the key in IIS 7.0 at server level with non-admin account.
Please please guide.
Thanks,
Neha