Fog Creek Software
Discussion Board




Writing to registry from web app

I know this isn't a support forum, but I'm not sure where else to turn...
I have a web application that stores some configuration information in the registry.  There are administrative pages that write the information to the registry.  The installation sets the virtual directory to run under a user account, which takes care of permission problems (IUSR can't write to registry).
This works on >90% of the installations.  On some, though, the pages hang when they try to write to the registry.  The call doesn't fail, it hangs.  I thought this might be caused by an overzealous anti-virus program, but when I stopped the Norton service on the system I was dialed in to, it still didn't work.
I'm about out of ideas.  Anyone have any suggestions?

The ASP does the obvious thing:
    SET sh = Server.CreateObject("WScript.Shell")
    sh.RegWrite KeyName, KeyVal, "REG_SZ"

I have searched the web and usenet, and didn't find anything.  Does this mean that people don't do this?  Is this the Wrong Way?  Would you have a separate configuration program?

TIA

Brian
Monday, May 10, 2004

if you ever write to my registry from your web app Ill be soooooooo pissed off at you.

I mean, wtf?  isn't that just a little rude?

FullNameRequired
Monday, May 10, 2004

I agree with FullNameRequired.  Why don't you just store this information on the server?  Or if that is not good enough then use a cookie.

Seeker
Monday, May 10, 2004

I didn't even know it was possible... :-S

Jeyzer
Monday, May 10, 2004

"overzealous anti-virus"???

Seems like it would be doing exactly what I paid for it to do.

Why can't you store this information on the server side?

Edward
Monday, May 10, 2004

Woah, everyone's freaking out.  He *is* writing to the SERVER's registry.  Not yours.

> _Server_.CreateObject("WScript.Shell")


Monday, May 10, 2004

Uhhh.... guys... I think the OP is actually talking about reading & writing the server's registry, not the remote user's registry.

Chill. Take your meds. Relax.

Bored Bystander
Monday, May 10, 2004

Damit, noname, you beat me to it... ;-)

Bored Bystander
Monday, May 10, 2004

Calm down, the original poster was talking about writing to the server's registry, on which the web app is running, not the end-user's registry. It's a perfectly reasonable way for a web service to save configuration.

We do this all the time with FogBugz. It's mostly a matter of getting the permissions right. If the thing is hanging it's almost always an instance of an overaggressive anti-virus program which sees a script trying to write to the registry and pops up "a dialog" asking the user to confirm. Of course you never see the dialog since IIS is not running interactively.

Joel Spolsky
Fog Creek Software
Monday, May 10, 2004

So we don't read the entire posts, then attack, eh? It's Slashdot but with less green!

Bob
Monday, May 10, 2004

It's probably worth running regmon http://www.sysinternals.com/ntw2k/source/regmon.shtml to see what's going on at a lower level than your script - that'll show you any permission problems etc.

r1ch
Monday, May 10, 2004

My favorite part is how he never explicitly says anything about the platform or technology involved, leaving it to the reader to deduce it from little hints dropped here and there (registry, IUSR, ASP)

Philo

Philo
Monday, May 10, 2004

Yes, sorry for the confusion.  The server writes to its own registry.  The 'S' in "ASP" is "Server" ;-).

The "hanging" part of the behavior makes me think you're right Joel, and that it's just waiting for somebody to click "Allow".  And waiting.  And waiting.  When you say it's a matter of permissions, does that mean you handle it at the Windows level, and don't have to bother with the vagaries of different anti-virus products?  The user it runs under has permission to write to the registry already - is there more that you recommend?
I'll give RegMon a try - I suspect the AV will intercept the call before it shows up, but I'm no AV expert.

Thanks everybody.

Brian
Monday, May 10, 2004

hey, I read the entire post!

I just misunderstood it.

its _always_ been my stupidity that has held me back, ever since I was a youngun.

*sigh*

my apologies to the OP.

FullNameRequired
Monday, May 10, 2004

By permissions, I mean, the process under which IIS is running needs to have write permission on the appropriate hives of the registry. We have a custom SETUP application that makes sure that will be the case.

Our KB article on the subject:

http://www.fogcreek.com/FogBUGZ/KB/trouble/Browserhangs.html

Here's how to diagnose it:

* Write a small VBScript script (.vbs extension) that just writes the registry key in question and nothing else
* Run it from the command line using cscript
* Now try logging on as the user which IIS logs on as, and run your script
* If one of the AV programs is popping up a dialog, you'll see it now

Joel Spolsky
Fog Creek Software
Monday, May 10, 2004

Great.  Thanks so much Joel.  That's exactly the kind of info I've been looking for!

Brian
Monday, May 10, 2004

Sometimes, IIS will randomly go nutty and actually give you an error saying "Invalid root in registry key" when you try to read and write to the server.

See http://discuss.fogcreek.com/fogbugz/default.asp?cmd=show&ixPost=3751&ixReplies=2

I haven't been able to reliably reproduce this, and restarting IIS makes the problem go away.  This may or may not be related.

Michael H. Pryor
Fog Creek Software
Monday, May 10, 2004


"My favorite part is how he never explicitly says anything about the platform or technology involved, leaving it to the reader to deduce it from little hints dropped here and there (registry, IUSR, ASP)"

My favorite part is watching pompous airbags that mock a user in 3'rd person rather than suggesting to them that they include more info in their post.

You're my hero, Philo.

Whatever
Monday, May 10, 2004

So, I have a dumb question.

Why not just use web.config (or whatever the name of the config file is).  What's the advantage of writing this to the registry as opposed to putting it in a config file of some sort?

Personally, I'd be a little uneasy installing any web server app that needed to write to the registry.  Call me paranoid, but I just haven't had a lot of good experiences with purchased web programs (no offense Joel, I'm the only dev and their's no budget for full blown bug tracker).

Steve Barbour
Tuesday, May 11, 2004

>Why not just use web.config (or whatever the name of the config file is).  What's the advantage of writing this to the registry as opposed to putting it in a config file of some sort?

Just because the registry is the favored place to store configuration info in Windows (AFAIK).

>Personally, I'd be a little uneasy installing any web server app that needed to write to the registry.

I think the distinction between a web application and a "real" windows client-server program is a little artificial.  Do you have the same misgivings about "real" windows applications writing to the registry?  What if the apps were written by the same people?

Brian
Tuesday, May 11, 2004

"Just because the registry is the favored place to store configuration info in Windows (AFAIK)."

Don't think that's true with .NET code.

mb
Tuesday, May 11, 2004

Well the difference between a web app and windows app is that they usually aren't written by the same people, and web apps have a tendency to be buggier, or at least the bugs are more obvious.

Mostly it's due to the fact that a lot of web apps seem to be written by small vendors who skimp on the testing side of things.  Plus, most of the web apps I've had experience with always seem to have given in to the (IMO unreasonable) pressure to produce an interface that tries to work like a proper windowed application.

Then there's the fact that we don't generally install traditional windowed apps on a server side by side with other apps, as tends to happen with web applications.  All of these things, taken together make me distrust web apps, and I say this as a person whose primary coding is of web apps, but I've been able to refuse to try and make them into copies of windowed applications so far.  My fingers are crossed.

Oh, and with .NET writing to the registry is now no longer favored.  I never did this anyway, as I find it easier to change a config file in the same folder as the application as opposed to searching through the registry trying to find the right key(s).  That's probably just me though.

So, to reiterate, is "MS said to do it" the only real reason to write stuff to the registry?  I'm genuinely curious.

Steve Barbour
Wednesday, May 12, 2004

It's probably not worth trying to generalize about the differences in quality between web apps and "regular" windows apps.  This particular app has some web-publishing functionality, so part of it necessarily has to be web-based.  But I've worked on a variety of products - win32 client-server, java service with a web interface, etc.
One of the nice things about the registry is how easy it is to access from the ASP's.  As you can see above, it's literally 2 lines of code to get/set information.  Also, you don't have to worry about where the app was installed to, which is especially nice for a web app.

Brian
Thursday, May 13, 2004

Ah, I see now.

I generally focus on how difficult it's going to be for me to change the value manually after the app is deployed, versus how difficult it will be to manage the coding.

Of course, I'm also usually too lazy to write an interface to change those values, which is why it's important that I be able to find the config settings and be able to change them in a text editor.

Thanks.

Steve Barbour
Thursday, May 13, 2004

*  Recent Topics

*  Fog Creek Home