Access Registry From WebJob/WebApp

234 views Asked by At

I have been trying, without success, to disable the RC4 Cipher on Azure. I came across a code sample that worked with a Web Role:

string[] subKeys = new string[]
{
    "RC4 40/128",
    "RC4 56/128",
    "RC4 64/128",
    "RC4 128/128",
};

RegistryKey parentKey = Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers", true);

foreach(string keyName in subKeys)
{
    var newKey = parentKey.CreateSubKey(keyName);
    newKey.SetValue("Enabled", 0);
    newKey.Close();
}

As we are using WebApp's, I created a WebJob containing the code above. When executed I get a security exception:

System.Security.SecurityException: Requested registry access is not allowed.

Is there a way to run a WebJob in an elevated execution context? Or a way to use PowerShell?

We are currently being audited and this was flagged as something which requires attention.

2

There are 2 answers

0
Alex S On BEST ANSWER

You cannot achieve this with a WebApp. Because WebApps run in a multi-tenanted environment access to the registry is restricted. This page contains a feature comparison between WebApps and WebRoles.

https://azure.microsoft.com/en-gb/documentation/articles/choose-web-site-cloud-service-vm/

2
Zain Rizvi On

Like Alex said, you can't disable the RC4 Cipher yourself on an Azure Web App. However, in a few weeks Azure will be disabling various weak cipher suites across all sites, so you'll get it for free.

Their public announcement:

https://social.msdn.microsoft.com/Forums/vstudio/en-US/50f1ab33-c22a-4629-951e-b7510f6b2cbe/upgrading-tlsssl-cryptography-for-azure-web-apps?forum=windowsazurewebsitespreview