EventLog.WriteEntry

  • Thread starter Thread starter John Lee
  • Start date Start date
J

John Lee

Hi,

we have been trying so many days and could not figure it out - please
help!!!

in windows 2003, we created an application pool and assigned a domain
account as its identity - we also assigned this domain account to IIS_WPG
group, and also assigned this domain account all priviledges that NETWORK
SERVICE has in local security policy mmc ... but when we try to use
System.Diagnosis.EventLog.WriteEntry("source", "test") we got access denied
error - the "source" is pre-created event source

and if we switch over using the default application pool which is running
under "NETWORK SERVICE" and the writing to eventlog is OK

so what exactly permission is needed for an domain account to write to
eventlog?

Thanks very much!
John
 
Good news is it works on one of our server with SP1 installed - I will test
more server with SP1.
 
Hi John,

First of all, I would like to confirm my understanding of your issue. From
your description, I understand that when you're trying to write an event
log, you got an access denied error. If there is any misunderstanding,
please feel free to let me know.

When making the following function call:

EventLog.WriteEntry("WebApplication3", exc.Message,EventLogEntryType.Error);

The ASPNET account checks the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application

If there is not a key for the first parameter, in this case
"WebApplication3", the key will be created. Since the ASPNET account does
not have write access to this location the process fails.

To workaround this issue, create a key under the registry location that
matches the parameter being passed. In the above example, create a key
called WebApplication3:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\We
bApplication3

If that still doesn't work, could you please give me the exact error
message, so that I can do more research on it?

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 
Hi John,

I suddenly found that you mentioned in your first post that the "source" is
pre-created event source. So I think I might have delivered the incorrect
information to you. Sorry.

In this case, could you let me know if you have used impersonate in your
ASP.NET app? If so, we also have to do the following:

1. Configure the Directory Security of your ASP.Net application (in IIS
MMC) to use Windows Integrated Authentication ONLY
2. Set the following attributes in web.config of your ASP.NET application
<authentication mode="Windows" />
<identity impersonate="true" />

3. Goto to the following registry key
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Application
And locate the CustomSD key and add the following string to the existing
value:
(A;;0x0002;;;AU)

A;;0x0002;;;AU means the following:
A: SDDL_ACCESS_ALLOWED
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/se
curity/ace_strings.asp
0x0002: ELF_LOGFILE_WRITE: Permission to write log files.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/
event_logging_security.asp
AU: Authenticated Users
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/se
curity/sid_strings.asp

HTH.

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 
Back
Top