| Groups | Blog | Home |
dotnet security : Weird registry behavior when writing to custom event log
What is your web application's name? The key in the registry actually needs to be the Web Application's Name. So if I had a web site named Cactidevelopers, that is the name I would have to use in the registry. I couldn't just specify CactiDevelopers in the eventlog signature. (This is a good reason to Not put spaces in your solution names and such.) Hope this helps! :-) -- Joseph Bittman Microsoft Certified Application Developer Web Site: http://71.39.42.23 Static IP [quoted text, click to view] "Michael Carr" <mcarr@umich.edu> wrote in message news:uG67tgXiFHA.1248@TK2MSFTNGP12.phx.gbl... >I experienced the following strange behavior when trying to write to a >custom event log in an ASP.NET application (although the problem would >occur with any non-priviledged account) > > I created a custom event log named "MyCustomLog" and created a source > within it called "MyCustomLogSource" following the directions in > http://support.microsoft.com/Default.aspx?id=329291. For testing purposes, > I also created a source within Application called "MyApplicationSounce" > > From my ASP.NET app, I executed the following line of code and everything > works great: > > eventLog = new EventLog("Application", ".", "MyApplicationSource"); > > However, when I execute the following I get an error: > > eventLog = new EventLog("MyCustomLog", ".", "MyCustomLogSource"); > > The error is: > > Security Exception > Description: The application attempted to perform an operation not allowed > by the security policy. To grant this application the required permission > please contact your system administrator or change the application's trust > level in the configuration file. > Exception Details: System.Security.SecurityException: Requested registry > access is not allowed. > > Using RegMon I see the following access pattern: > > 7.01499081 aspnet_wp.exe:4512 EnumerateKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS > 7.01502752 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS > 7.01505136 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MyCustomLogSource > NOT FOUND > 7.01506662 aspnet_wp.exe:4512 CloseKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS > 7.01515818 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security ACCESS DENIED > > So it appears that what is happening is that System.Diagnostics is looking > through ALL of the event logs for the one that contains the > MyCustomLogSource source, even though I have clearly told it that it > exists within MyCustomLog. The only way to fix this problem is to give the > ASPNET user read access to the Security log, after which it works > correctly and I get the following registry trace: > > 2.66786623 aspnet_wp.exe:4512 EnumerateKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS > 2.66789460 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS > 2.66791654 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MyCustomLogSource > NOT FOUND > 2.66792893 aspnet_wp.exe:4512 CloseKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS > 2.66795588 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security SUCCESS > 2.66797757 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security\MyCustomLogSource > NOT FOUND > 2.66799212 aspnet_wp.exe:4512 CloseKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security SUCCESS > 2.66874981 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System SUCCESS > 2.66879916 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\MyCustomLogSource > NOT FOUND > 2.66881847 aspnet_wp.exe:4512 CloseKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System SUCCESS > 2.66885090 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\MyCustomLog SUCCESS > 2.66888428 aspnet_wp.exe:4512 OpenKey > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\MyCustomLog\MyCustomLogSource > SUCCESS > > So, long story short, I was able to fix this problem by lowering my > registry security settings on the Security event log... not exactly the > best solution I think. > > Michael Carr >
I experienced the following strange behavior when trying to write to a
custom event log in an ASP.NET application (although the problem would occur with any non-priviledged account) I created a custom event log named "MyCustomLog" and created a source within it called "MyCustomLogSource" following the directions in http://support.microsoft.com/Default.aspx?id=329291. For testing purposes, I also created a source within Application called "MyApplicationSounce" From my ASP.NET app, I executed the following line of code and everything works great: eventLog = new EventLog("Application", ".", "MyApplicationSource"); However, when I execute the following I get an error: eventLog = new EventLog("MyCustomLog", ".", "MyCustomLogSource"); The error is: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Requested registry access is not allowed. Using RegMon I see the following access pattern: 7.01499081 aspnet_wp.exe:4512 EnumerateKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS 7.01502752 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS 7.01505136 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MyCustomLogSource NOT FOUND 7.01506662 aspnet_wp.exe:4512 CloseKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS 7.01515818 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security ACCESS DENIED So it appears that what is happening is that System.Diagnostics is looking through ALL of the event logs for the one that contains the MyCustomLogSource source, even though I have clearly told it that it exists within MyCustomLog. The only way to fix this problem is to give the ASPNET user read access to the Security log, after which it works correctly and I get the following registry trace: 2.66786623 aspnet_wp.exe:4512 EnumerateKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS 2.66789460 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS 2.66791654 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MyCustomLogSource NOT FOUND 2.66792893 aspnet_wp.exe:4512 CloseKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS 2.66795588 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security SUCCESS 2.66797757 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security\MyCustomLogSource NOT FOUND 2.66799212 aspnet_wp.exe:4512 CloseKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security SUCCESS 2.66874981 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System SUCCESS 2.66879916 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\MyCustomLogSource NOT FOUND 2.66881847 aspnet_wp.exe:4512 CloseKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System SUCCESS 2.66885090 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\MyCustomLog SUCCESS 2.66888428 aspnet_wp.exe:4512 OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\MyCustomLog\MyCustomLogSource SUCCESS So, long story short, I was able to fix this problem by lowering my registry security settings on the Security event log... not exactly the best solution I think. Michael Carr
July 15, 2005
The registry key setting Only *grants* the permission to create event log sources. :-) Normally, web applications can't register event sources, and therefore this setting "pre-registers" the web application so that it doesn't need to. Therefore, since it is granting a permission to the application, it needs the application name. I noticed that this doesn't work for the security event log or the system. I'm not sure why this happens, although I do believe it is another security permission problem (as Security log doesn't allow non-admins to read it) but I haven't found out the cure. You might have to create your own custom ones if you want more logs outside of Application. Thanks and I hope this helps! :-) -- Joseph Bittman Microsoft Certified Application Developer Web Site: http://71.39.42.23 Static IP [quoted text, click to view] "Michael Carr" <mcarr@umich.edu> wrote in message news:%23pbsODZiFHA.3692@TK2MSFTNGP09.phx.gbl... > I'm not sure I see why the log name needs to be the same as the > application name... I'm explicitly specifying the name of the event log in > my function call..? What if, for example, I wanted to write to three > different event logs? > > "Joseph Bittman MCAD" <RyanBittman@msn.com> wrote in message > news:%230d9zqXiFHA.500@TK2MSFTNGP09.phx.gbl... >> July 15, 2005 >> >> What is your web application's name? The key in the registry actually >> needs to be the Web Application's Name. So if I had a web site named >> Cactidevelopers, that is the name I would have to use in the registry. I >> couldn't just specify CactiDevelopers in the eventlog signature. (This is >> a good reason to Not put spaces in your solution names and such.) Hope >> this helps! :-) > >
I'm not sure I see why the log name needs to be the same as the application
name... I'm explicitly specifying the name of the event log in my function call..? What if, for example, I wanted to write to three different event logs? [quoted text, click to view] "Joseph Bittman MCAD" <RyanBittman@msn.com> wrote in message news:%230d9zqXiFHA.500@TK2MSFTNGP09.phx.gbl... > July 15, 2005 > > What is your web application's name? The key in the registry actually > needs to be the Web Application's Name. So if I had a web site named > Cactidevelopers, that is the name I would have to use in the registry. I > couldn't just specify CactiDevelopers in the eventlog signature. (This is > a good reason to Not put spaces in your solution names and such.) Hope > this helps! :-)
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |