Can't get EventLogs of type Security.

Discussion in 'ASP .Net' started by Ken Varn, Oct 11, 2005.

  1. Ken Varn

    Ken Varn Guest

    I am using the EventLog class to try and get the Security logs to display
    them on my asp.net page. For some reason if I impersonate an administrator
    user before accessing the Entries collection in the EventLog object, I get a
    Win32Exception (A required privilege is not held by the client). However,
    if I set the ASP.NET account to run under the SYSTEM level privileges
    without doing impersonation, the call works fine. This only seems to be a
    problem when accessing the Security EvenLog category. Can someone explain
    why this occurs and how I can get it to work under impersonation, rather
    than using SYSTEM level privileges for the ASP.NET account?

    i.e.,

    void ParseLog()
    {
    EventLog Log;

    // Omitted - Impersonation code done here
    //....

    Log = new EventLog("Application");

    foreach(LogEntry L in Log.Entries) // This loop works fine.
    {
    // Omitted -- Load log data into screen here.
    }

    Log = new EventLog("Security");

    foreach(LogEntry L in Log.Entries) // Exception is thrown here.
    {
    // Omitted -- Load log data into screen here.
    }
    }

    --
    -----------------------------------
    Ken Varn
    Senior Software Engineer
    Diebold Inc.

    EmailID = varnk
    Domain = Diebold.com
    -----------------------------------
     
    Ken Varn, Oct 11, 2005
    #1
    1. Advertising

  2. Ken Varn

    Bruce Barker Guest

    my guess is that the impersonation code is incorrect. the asp.net account
    need impersonation (act as part of os) permission, and you need a primary
    token for the account you want to impersonate. if there is a current
    impersonation you will need to revert first.

    -- bruce (sqlwork.com)


    "Ken Varn" <nospam> wrote in message
    news:u0rVh$...
    >I am using the EventLog class to try and get the Security logs to display
    > them on my asp.net page. For some reason if I impersonate an
    > administrator
    > user before accessing the Entries collection in the EventLog object, I get
    > a
    > Win32Exception (A required privilege is not held by the client). However,
    > if I set the ASP.NET account to run under the SYSTEM level privileges
    > without doing impersonation, the call works fine. This only seems to be a
    > problem when accessing the Security EvenLog category. Can someone explain
    > why this occurs and how I can get it to work under impersonation, rather
    > than using SYSTEM level privileges for the ASP.NET account?
    >
    > i.e.,
    >
    > void ParseLog()
    > {
    > EventLog Log;
    >
    > // Omitted - Impersonation code done here
    > //....
    >
    > Log = new EventLog("Application");
    >
    > foreach(LogEntry L in Log.Entries) // This loop works fine.
    > {
    > // Omitted -- Load log data into screen here.
    > }
    >
    > Log = new EventLog("Security");
    >
    > foreach(LogEntry L in Log.Entries) // Exception is thrown here.
    > {
    > // Omitted -- Load log data into screen here.
    > }
    > }
    >
    > --
    > -----------------------------------
    > Ken Varn
    > Senior Software Engineer
    > Diebold Inc.
    >
    > EmailID = varnk
    > Domain = Diebold.com
    > -----------------------------------
    >
    >
     
    Bruce Barker, Oct 11, 2005
    #2
    1. Advertising

  3. Run RegEdt32
    Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
    Right Click on the Security key and see the permission list. This way you do
    not have to grant Admin privileage for the rest of the code.

    Regards,

    Trevor Benedict R
    MCSD

    "Ken Varn" <nospam> wrote in message
    news:u0rVh$...
    >I am using the EventLog class to try and get the Security logs to display
    > them on my asp.net page. For some reason if I impersonate an
    > administrator
    > user before accessing the Entries collection in the EventLog object, I get
    > a
    > Win32Exception (A required privilege is not held by the client). However,
    > if I set the ASP.NET account to run under the SYSTEM level privileges
    > without doing impersonation, the call works fine. This only seems to be a
    > problem when accessing the Security EvenLog category. Can someone explain
    > why this occurs and how I can get it to work under impersonation, rather
    > than using SYSTEM level privileges for the ASP.NET account?
    >
    > i.e.,
    >
    > void ParseLog()
    > {
    > EventLog Log;
    >
    > // Omitted - Impersonation code done here
    > //....
    >
    > Log = new EventLog("Application");
    >
    > foreach(LogEntry L in Log.Entries) // This loop works fine.
    > {
    > // Omitted -- Load log data into screen here.
    > }
    >
    > Log = new EventLog("Security");
    >
    > foreach(LogEntry L in Log.Entries) // Exception is thrown here.
    > {
    > // Omitted -- Load log data into screen here.
    > }
    > }
    >
    > --
    > -----------------------------------
    > Ken Varn
    > Senior Software Engineer
    > Diebold Inc.
    >
    > EmailID = varnk
    > Domain = Diebold.com
    > -----------------------------------
    >
    >
     
    Trevor Benedict R, Oct 12, 2005
    #3
  4. Ken Varn

    Ken Varn Guest

    Thanks for the info.

    I checked out the permissions, and admin does have read/write permissions.
    I am impersonating an admin user before using the EventLog object, but I am
    still not getting permission. Maybe my impersonation logic is not right.
    Here are the steps that I follow:

    - First PInvoke the Win32 LogonUser to get a handle to my reserved admin
    user.
    - Next, I PInvoke the Win32 DuplicateToken to create a new handle of type
    SecurityImpersonation
    - Next, I Create a WindowsIdentity object using the duplicated handle.
    - Finally, I call the Impersonate method of the WindowsIdentity object.

    All calls in the above steps are checked for success and all complete
    successfully.

    Is there something that I am doing wrong here?

    --
    -----------------------------------
    Ken Varn
    Senior Software Engineer
    Diebold Inc.

    EmailID = varnk
    Domain = Diebold.com
    -----------------------------------
    "Trevor Benedict R" <> wrote in message
    news:...
    > Run RegEdt32
    > Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
    > Right Click on the Security key and see the permission list. This way you

    do
    > not have to grant Admin privileage for the rest of the code.
    >
    > Regards,
    >
    > Trevor Benedict R
    > MCSD
    >
    > "Ken Varn" <nospam> wrote in message
    > news:u0rVh$...
    > >I am using the EventLog class to try and get the Security logs to display
    > > them on my asp.net page. For some reason if I impersonate an
    > > administrator
    > > user before accessing the Entries collection in the EventLog object, I

    get
    > > a
    > > Win32Exception (A required privilege is not held by the client).

    However,
    > > if I set the ASP.NET account to run under the SYSTEM level privileges
    > > without doing impersonation, the call works fine. This only seems to be

    a
    > > problem when accessing the Security EvenLog category. Can someone

    explain
    > > why this occurs and how I can get it to work under impersonation, rather
    > > than using SYSTEM level privileges for the ASP.NET account?
    > >
    > > i.e.,
    > >
    > > void ParseLog()
    > > {
    > > EventLog Log;
    > >
    > > // Omitted - Impersonation code done here
    > > //....
    > >
    > > Log = new EventLog("Application");
    > >
    > > foreach(LogEntry L in Log.Entries) // This loop works fine.
    > > {
    > > // Omitted -- Load log data into screen here.
    > > }
    > >
    > > Log = new EventLog("Security");
    > >
    > > foreach(LogEntry L in Log.Entries) // Exception is thrown here.
    > > {
    > > // Omitted -- Load log data into screen here.
    > > }
    > > }
    > >
    > > --
    > > -----------------------------------
    > > Ken Varn
    > > Senior Software Engineer
    > > Diebold Inc.
    > >
    > > EmailID = varnk
    > > Domain = Diebold.com
    > > -----------------------------------
    > >
    > >

    >
    >
     
    Ken Varn, Oct 12, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JJ

    Eventlogs

    JJ, Dec 19, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    449
  2. Replies:
    2
    Views:
    1,673
  3. Rabia [Xavor]

    Web App Accesing eventlogs

    Rabia [Xavor], Aug 4, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    195
    MattC
    Aug 9, 2004
  4. Leyla
    Replies:
    2
    Views:
    744
    Leyla
    Aug 17, 2006
  5. Replies:
    0
    Views:
    934
Loading...

Share This Page