security exception writing to event log

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi;

I am trying to write to the event log using:
public const string EVENT_LOG_NAME = "Windward Portal";
if (!EventLog.SourceExists(EVENT_LOG_NAME))
EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");

And I am getting the exception:
[SecurityException: Requested registry access is not allowed.]
System.ThrowHelper.ThrowSecurityException(ExceptionResource resource) +48
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
+2780713
System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
sourceData) +360
System.Diagnostics.EventLog.CreateEventSource(String source, String
logName) +41
net.windward.portal.audit.Auditor.WriteEvent(String msg,
EventLogEntryType elet) in
C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:155
net.windward.portal.audit.Auditor..cctor() in
C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:142

Any idea why?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm
 
I don't believe the ASPNET user account has the permissions to write to the
event log. You would have to impersonate an account with a higher level of
permissions in order to do that. There should be some good alternatives
though if you do a search on google.
 
What is the suggested way of letting the sysadmin know something bad happened
then? I am testing the code path of the log file cannot be opened so I can't
log the error. I need to put it somewhere.

What do others do? I don't want to store a username/password to impersonate
as that is a big security hole.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




Mark Fitzpatrick said:
I don't believe the ASPNET user account has the permissions to write to the
event log. You would have to impersonate an account with a higher level of
permissions in order to do that. There should be some good alternatives
though if you do a search on google.


--
Hope this helps,
Mark Fitzpatrick
Former Microsoft FrontPage MVP 199?-2006


David Thielen said:
Hi;

I am trying to write to the event log using:
public const string EVENT_LOG_NAME = "Windward Portal";
if (!EventLog.SourceExists(EVENT_LOG_NAME))
EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");

And I am getting the exception:
[SecurityException: Requested registry access is not allowed.]
System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
+48
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
+2780713
System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
sourceData) +360
System.Diagnostics.EventLog.CreateEventSource(String source, String
logName) +41
net.windward.portal.audit.Auditor.WriteEvent(String msg,
EventLogEntryType elet) in
C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:155
net.windward.portal.audit.Auditor..cctor() in
C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:142

Any idea why?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm
 
If file or event log permissions are an issue.

Then

1. Write an entry to a database, even a local access database.
2. Send an email.

The EMAB was actually good for getting something off the ground.
Exception Management Application Block

The default behavior is to write to the EventLog, however, you can extend
some Interfaces, setup some info in your webconfig, and have it do something
else.
http://www.google.com/search?hl=en&q="Implements+IExceptionXmlPublisher"
http://builder.com.com/5100-6374-5110833.html

That would get you started.

Its worth the time, because ......... when you finally get it write, you
only have to put 1 line of code in to get the exception logged.

Dim x, y As Integer
Try
x = 5 / y
Catch ex As Exception
ExceptionManager.Publish(ex)
End Try

That's nice!

The EnterpriseLibrary is a little too much for what I need, so I stuck with
the original EMAB.




David Thielen said:
What is the suggested way of letting the sysadmin know something bad happened
then? I am testing the code path of the log file cannot be opened so I can't
log the error. I need to put it somewhere.

What do others do? I don't want to store a username/password to impersonate
as that is a big security hole.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




Mark Fitzpatrick said:
I don't believe the ASPNET user account has the permissions to write to the
event log. You would have to impersonate an account with a higher level of
permissions in order to do that. There should be some good alternatives
though if you do a search on google.


--
Hope this helps,
Mark Fitzpatrick
Former Microsoft FrontPage MVP 199?-2006


David Thielen said:
Hi;

I am trying to write to the event log using:
public const string EVENT_LOG_NAME = "Windward Portal";
if (!EventLog.SourceExists(EVENT_LOG_NAME))
EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");

And I am getting the exception:
[SecurityException: Requested registry access is not allowed.]
System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
+48
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
+2780713
System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
sourceData) +360
System.Diagnostics.EventLog.CreateEventSource(String source, String
logName) +41
net.windward.portal.audit.Auditor.WriteEvent(String msg,
EventLogEntryType elet) in
C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:15
5 C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:14
2
 
by default asp.net does not have access to registery. you should add the
applicaion node, message file key to registery, and give asp.net access.

-- bruce (sqlwork.com)
 
But what do I use to get a message to the admin if db access and mail fails?
Both of those can easily fail.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




sloan said:
If file or event log permissions are an issue.

Then

1. Write an entry to a database, even a local access database.
2. Send an email.

The EMAB was actually good for getting something off the ground.
Exception Management Application Block

The default behavior is to write to the EventLog, however, you can extend
some Interfaces, setup some info in your webconfig, and have it do something
else.
http://www.google.com/search?hl=en&q="Implements+IExceptionXmlPublisher"
http://builder.com.com/5100-6374-5110833.html

That would get you started.

Its worth the time, because ......... when you finally get it write, you
only have to put 1 line of code in to get the exception logged.

Dim x, y As Integer
Try
x = 5 / y
Catch ex As Exception
ExceptionManager.Publish(ex)
End Try

That's nice!

The EnterpriseLibrary is a little too much for what I need, so I stuck with
the original EMAB.




David Thielen said:
What is the suggested way of letting the sysadmin know something bad happened
then? I am testing the code path of the log file cannot be opened so I can't
log the error. I need to put it somewhere.

What do others do? I don't want to store a username/password to impersonate
as that is a big security hole.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




Mark Fitzpatrick said:
I don't believe the ASPNET user account has the permissions to write to the
event log. You would have to impersonate an account with a higher level of
permissions in order to do that. There should be some good alternatives
though if you do a search on google.


--
Hope this helps,
Mark Fitzpatrick
Former Microsoft FrontPage MVP 199?-2006


Hi;

I am trying to write to the event log using:
public const string EVENT_LOG_NAME = "Windward Portal";
if (!EventLog.SourceExists(EVENT_LOG_NAME))
EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");

And I am getting the exception:
[SecurityException: Requested registry access is not allowed.]
System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
+48
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
+2780713
System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
sourceData) +360
System.Diagnostics.EventLog.CreateEventSource(String source, String
logName) +41
net.windward.portal.audit.Auditor.WriteEvent(String msg,
EventLogEntryType elet) in
C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:15
5
net.windward.portal.audit.Auditor..cctor() in
C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:14
2
Any idea why?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm
 
How do I do that? I've been searching and not finding anything about this.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




bruce barker (sqlwork.com) said:
by default asp.net does not have access to registery. you should add the
applicaion node, message file key to registery, and give asp.net access.

-- bruce (sqlwork.com)

David Thielen said:
Hi;

I am trying to write to the event log using:
public const string EVENT_LOG_NAME = "Windward Portal";
if (!EventLog.SourceExists(EVENT_LOG_NAME))
EventLog.CreateEventSource(EVENT_LOG_NAME, "Application");

And I am getting the exception:
[SecurityException: Requested registry access is not allowed.]
System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
+48
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
+2780713
System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData
sourceData) +360
System.Diagnostics.EventLog.CreateEventSource(String source, String
logName) +41
net.windward.portal.audit.Auditor.WriteEvent(String msg,
EventLogEntryType elet) in
C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:155
net.windward.portal.audit.Auditor..cctor() in
C:\src\RePortal\WindwardPortalEngine\net\windward\portal\audit\Auditor.cs:142

Any idea why?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm
 
Hi Dave,

If your ASP.NET web application runs in medium trust level, you will need
additional configuration steps to write to event log. See following article:

#How To: Use Medium Trust in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998341.aspx
In ASP.NET version 1.1, you had to grant code full trust to access the
event log. This is no longer required in ASP.NET version 2.0, although you
must still create a custom trust policy file to grant the
EventLogPermission, as described later in this document.
...
(search section titled "EventLogPermission")

Sincerely,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications. If you are using Outlook Express, please make sure you clear the
check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
promptly.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
This is strange - the only use of "trust" in machine.config is:
<section name="trust"
type="System.Web.Configuration.TrustSection, System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
allowDefinition="MachineToApplication" />

And the Web.Config in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG is:
<trust level="Full" originUrl="" />

No trust set in my app's config.web. Is there something else it could be?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm
 
Hi Dave,

If you're not using medium trust level, then the custom policy is not
needed. If you do, the instructions are in the same article's section "Step
3. Optionally Create a Custom Policy Based on Medium Trust".

Even with full trust level, we still need to do following steps to make
sure ASP.NET web application can write to event log:

1. Creating Event Sources

If your application needs to use application specific event sources, you
should create them at installation time when administrator privileges are
available. A good approach is to use a .NET installer class, which can be
instantiated by the Windows Installer (if you are using .msi deployment) or
by the InstallUtil.exe system utility.

If you are unable to create event sources at installation time, and you are
in deployment, the administrator should manually create new event source
entry beneath the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\<LogName>

Note:
You should not grant write permission to the ASP.NET process account (or
any impersonated account if your application uses impersonation) on the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ registry
key. If you allow write access to this key and the account is compromised,
the attacker can modify any log-related setting, including access control
to the log, for any log on the system.


As you can see, creating event source at HKLM will certainly requires
administrative privilege.

2. Also you need to manually set the EventMessageFile for your event source:

http://groups.google.com/group/microsoft.public.dotnet.general/browse_frm/th
read/1ad0881c8871578e/



Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top