Cannot read a Security Log from ASP.net web service

Discussion in 'ASP .Net Security' started by Ian Wright, May 22, 2004.

  1. Ian Wright

    Ian Wright Guest

    I'm attempting to read the security event log for a WinXP Pro machine using
    a web form that calls a web service. Both files are stored in the same
    directory in IIS. The directory is set to use Windows Integrated security
    and I've set up the web app to use impersonation with the local admin
    account on a WinXP Pro box.

    I get the following error though whenever I attempt to iterate over the
    Entries collection of the EventLog object:

    Cannot open log Security on machine .. Windows has not provided an error
    code.

    The application log and the system log can both be read though using the
    same web service. I've altered the machine.config file to use both the
    LOCAL and Administrator accounts with the same result. If I put the same
    code into a Win form project, it works just fine and I'm able to view the
    entries of the security log. Within the web method, I can see that the
    current user making the request is the local administrator by using the
    IIdentity interface of the User object. Explicitly impersonating the local
    admin using objects of the System.Security namespace doesn't help either.

    Signing the web service with sn.exe and putting it into the GAC has not
    helped. I created a code permission that included full privileges to the
    registry and event logs and set my sn assembly to use it, but the same error
    occurs. Using Regmon.exe, I can see the requests to the registry keys that
    are made, but no error messages are reported.

    Can anyone provide suggestions for a fix?
    Ian Wright, May 22, 2004
    #1
    1. Advertising

  2. Ian Wright

    Eric Marvets Guest

    Its all about the process identity. You could put the ASPNET account in the
    Administrators group and it would work, but that's a security risk.

    Here's what you do. Open regedit. Find
    'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security' and
    go to Edit -> Permissions. Give the ASPNET account full control to this
    key.

    --
    Eric Marvets
    Principal Consultant

    the bang project

    <shameless self promotion>

    Email for Information on Our Architecture and
    Mentoring Services

    </shameless self promotion>
    Eric Marvets, May 22, 2004
    #2
    1. Advertising

  3. Ian Wright

    Ian Wright Guest

    Good suggestion, but I tried that a little earlier just to see if it would
    work (and yes, it's a very bad idea to grant that permission to the ASPNET
    account). Anyway, the error is still the same. It looks to me as though
    it's just a defect in the runtime/IIS. Maybe MS just decided to lock down
    the security log so that nothing even remotely related to the ASPNET process
    can touch it.

    Here's the error I get after adding the ASPNET account to the Admin group:

    Cannot open log Security on machine .. Windows has not provided an error
    code.

    at System.Diagnostics.EventLog.OpenForRead()
    at System.Diagnostics.EventLog.get_EntryCount()
    at System.Diagnostics.EventLogEntryCollection.get_Count()
    at System.Diagnostics.EntriesEnumerator.MoveNext()
    at EventLogArchiver.ServerEventLogReader.GetServerEvents(String LogName) in
    c:\inetpub\wwwroot\EventLogArchiver\ServerEventLogReader.asmx.vb:line 71

    TY Eric for taking the time to respond.



    "Ian Wright" <> wrote in message
    news:...
    > I'm attempting to read the security event log for a WinXP Pro machine

    using
    > a web form that calls a web service. Both files are stored in the same
    > directory in IIS. The directory is set to use Windows Integrated security
    > and I've set up the web app to use impersonation with the local admin
    > account on a WinXP Pro box.
    >
    > I get the following error though whenever I attempt to iterate over the
    > Entries collection of the EventLog object:
    >
    > Cannot open log Security on machine .. Windows has not provided an error
    > code.
    >
    > The application log and the system log can both be read though using the
    > same web service. I've altered the machine.config file to use both the
    > LOCAL and Administrator accounts with the same result. If I put the same
    > code into a Win form project, it works just fine and I'm able to view the
    > entries of the security log. Within the web method, I can see that the
    > current user making the request is the local administrator by using the
    > IIdentity interface of the User object. Explicitly impersonating the

    local
    > admin using objects of the System.Security namespace doesn't help either.
    >
    > Signing the web service with sn.exe and putting it into the GAC has not
    > helped. I created a code permission that included full privileges to the
    > registry and event logs and set my sn assembly to use it, but the same

    error
    > occurs. Using Regmon.exe, I can see the requests to the registry keys

    that
    > are made, but no error messages are reported.
    >
    > Can anyone provide suggestions for a fix?
    >
    >
    Ian Wright, May 22, 2004
    #3
  4. Ian Wright

    Eric Marvets Guest

    Have you turned on auditing and looked at the security or even the
    application log for a better error message? I have had no problems doing
    this in the past.

    --
    Eric Marvets
    Principal Consultant

    the bang project

    <shameless self promotion>

    Email for Information on Our Architecture and
    Mentoring Services

    </shameless self promotion>
    Eric Marvets, May 23, 2004
    #4
  5. Ian Wright

    Ian Wright Guest

    There are no events recorded in the either of the logs you mentioned that
    have to do with my problem.

    I looked at the Programming .NET Security book by Freeman and Jones. In
    there, they point out that the security log requires a special permission
    ("Manage auditing and security log") in order to do certain operations (p.
    514). Even after explicitly adding the ASPNET account to this user right
    group though, it still fails with the same error. I've also added the
    ASPNET account with Full Control rights to the registry key for the Services
    stuff to no avail.

    At this point, my hunch is that the functionality I need is broken as the
    result of a recent MS security patch. The same error happens on both of my
    WinXP machines. I'll try a Win2K box tomorrow. The thing that's so
    frustrating is that even by granting the ASPNET the highest privileges and
    access to the system, the web service cannot enumerate thru the log
    collection. Perhaps service pack 2 addresses this bug.

    "Eric Marvets" <> wrote in message
    news:%23S$...
    > Have you turned on auditing and looked at the security or even the
    > application log for a better error message? I have had no problems doing
    > this in the past.
    >
    > --
    > Eric Marvets
    > Principal Consultant
    >
    > the bang project
    >
    > <shameless self promotion>
    >
    > Email for Information on Our Architecture and
    > Mentoring Services
    >
    > </shameless self promotion>
    >
    >
    Ian Wright, May 23, 2004
    #5
  6. Ian Wright

    Chris Rolon Guest

    The user account that ASP .Net runs under on the 1.1 framework is "Network
    Service". Check to make certain that you have granted the right account the
    necessary privileges.

    --

    Chris Rolon

    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Ian Wright" <> wrote in message
    news:Of7U#...
    > There are no events recorded in the either of the logs you mentioned that
    > have to do with my problem.
    >
    > I looked at the Programming .NET Security book by Freeman and Jones. In
    > there, they point out that the security log requires a special permission
    > ("Manage auditing and security log") in order to do certain operations (p.
    > 514). Even after explicitly adding the ASPNET account to this user right
    > group though, it still fails with the same error. I've also added the
    > ASPNET account with Full Control rights to the registry key for the

    Services
    > stuff to no avail.
    >
    > At this point, my hunch is that the functionality I need is broken as the
    > result of a recent MS security patch. The same error happens on both of

    my
    > WinXP machines. I'll try a Win2K box tomorrow. The thing that's so
    > frustrating is that even by granting the ASPNET the highest privileges and
    > access to the system, the web service cannot enumerate thru the log
    > collection. Perhaps service pack 2 addresses this bug.
    >
    > "Eric Marvets" <> wrote in message
    > news:%23S$...
    > > Have you turned on auditing and looked at the security or even the
    > > application log for a better error message? I have had no problems

    doing
    > > this in the past.
    > >
    > > --
    > > Eric Marvets
    > > Principal Consultant
    > >
    > > the bang project
    > >
    > > <shameless self promotion>
    > >
    > > Email for Information on Our Architecture and
    > > Mentoring Services
    > >
    > > </shameless self promotion>
    > >
    > >

    >
    >
    Chris Rolon, May 25, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Henrik_the_boss
    Replies:
    0
    Views:
    2,627
    Henrik_the_boss
    Nov 5, 2003
  2. Patrick
    Replies:
    2
    Views:
    640
    Steven Cheng[MSFT]
    Oct 1, 2004
  3. Replies:
    2
    Views:
    847
    iduditz
    Jan 28, 2009
  4. Replies:
    0
    Views:
    197
  5. Tom Wingert
    Replies:
    0
    Views:
    318
    Tom Wingert
    Jan 12, 2006
Loading...

Share This Page