Reputation: 327
ClosedXML SecurityException: Requested registry access is not allowed
I am using ClosedXML to export an Excel file and I can't seem to export the Excel file. Every time I click on the Button to Export the Excel File(XLSX) I get an error. See Below...
using (XLWorkbook wb = new XLWorkbook())
{
wb.Worksheets.Add(dsInput);
Response.Clear();
Response.Buffer = true;
Response.Charset = "";
Response.ContentType = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
Response.AddHeader("content-disposition", "attachment;filename=" + sFileName + ".xlsx");
using (MemoryStream MyMemoryStream = new MemoryStream())
{
wb.SaveAs(MyMemoryStream, false);
MyMemoryStream.WriteTo(Response.OutputStream);
Response.Flush();
Response.End();
}
}
I am getting this error: SecurityException: Requested registry access is not allowed.
Exception thrown: 'System.TypeInitializationException' in WindowsBase.dll
System.TypeInitializationException: The type initializer for
'MS.Utility.EventTrace' threw an exception. --->
System.Security.SecurityException: Requested registry access is not allowed.
at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at Microsoft.Win32.RegistryKey.OpenSubKey(String name)
at Microsoft.Win32.Registry.GetValue(String keyName, String valueName,
Object defaultValue)
at MS.Utility.EventTrace.IsClassicETWRegistryEnabled()
at MS.Utility.EventTrace..cctor()
--- End of inner exception stack trace ---
at MS.Utility.EventTrace.EasyTraceEvent(Keyword keywords, Event eventID)
at System.IO.Packaging.Package.Open(Stream stream, FileMode packageMode,
FileAccess packageAccess, Boolean streaming)
at DocumentFormat.OpenXml.Packaging.OpenXmlPackage.CreateCore(Stream stream)
at DocumentFormat.OpenXml.Packaging.SpreadsheetDocument.Create(Stream
stream, SpreadsheetDocumentType type, Boolean autoSave)
at DocumentFormat.OpenXml.Packaging.SpreadsheetDocument.Create(Stream
stream, SpreadsheetDocumentType type)
at ClosedXML.Excel.XLWorkbook.CreatePackage(Stream stream, Boolean
newStream, SpreadsheetDocumentType spreadsheetDocumentType, Boolean
validate) in C:\Git\ClosedXML\ClosedXML\Excel\XLWorkbook_Save.cs:line 111
at ClosedXML.Excel.XLWorkbook.SaveAs(Stream stream, Boolean validate) in
C:\Git\ClosedXML\ClosedXML\Excel\XLWorkbook.cs:line 547
at ExcelHelper.ToExcel(DataSet dsInput, String sFileName, HttpResponse
Response) in c:\inetpub\wwwroot\Felbro_B\App_Code\ExcelHelper.cs:line 139
Upvotes: 5
Views: 11671
Answers (5)
Reputation: 11
I ran into this issue after migrating our web server from Windows Server 2012R2 running IIS 8.5 to 2019 running IIS 10.0. Opening an Excel file (.xlsx) using the OpenXML SDK resulted in the error, but only on the new server. I used SysInternals Process Monitor to confirm the problem was an access denied error on the registry key
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Avalon.Graphics.
That SID is the built-in NETWORK SERVICE account, which we've always used to support impersonation and Kerberos delegation to the back end SQL Server (14 years). I wondered if I'd missed a change with the application pools in IIS, so I did a search and came up with https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities, which describes the ApplicationPoolIdentity type added in IIS 7.0 (Obviously, I've not been keeping up). Changing each application pool to use that type solved the problem. No registry permission change was needed.
Upvotes: 1
Reputation: 11
It's not:
HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics
it's
HKEY_USERS\<<SID ID of Service Account Running SSRS>>\Software\Microsoft\Avalon.Graphics
…and then give READ permissions to the Execution Account, which is setup in the Report Server Configuration Manager.
Upvotes: 1
Reputation: 651
This is usually caused by IIS anonymous authentication. If your iis web Application Settings enabled aspnet:AllowAnonymousImpersonation and IIS authentications enabled Anonymous Authenticaion & Asp.net Impersonate, your web app will access HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics by user specified in IIS Authentications -> Anonymous Authentication -> Specific User, you should make sure this user(IUSR) has read permission to the registry key. You can also disable aspnet:AllowAnonymousImpersonation or disable Asp.net Impersonate.
But the specific registry key is not always exist, if it is not exist, it seems the problem will not occurr too.
Upvotes: 0
Reputation: 106
For future people running into this: I looked through the .NET source reference, and the registry key that it needs access to is HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics. Granting "Everyone" read access on that specific key has no security implications that I can think of, and solves the problem.
Upvotes: 4
Reputation: 327
I solved the issue by removing identity impersonate="true" from the Web.Config file.
Upvotes: 13
Related Questions
- ClosedXML - Could not load file or assembly
- Access Denied using MSXML
- ClosedXML - Could not load file or assembly exception
- ClosedXML and UWP
- ClosedXml Cannot access a closed Stream
- ASP error: msxml3.dll error 80070005, access is denied. How do I set the correct permissions?
- RegistrySecurity Access is denied. C#
- OpenXml "Can not access a closed stream" only on production
- Access Denied Opening DocX File
- Registry System.UnauthorizedAccessException