Need help on the Permissions needed to log to Event Log from ASP.NET?

Discussion in 'ASP .Net' started by Henrik_the_boss, Nov 5, 2003.

  1. Hello all.

    I have a couple of aspx pages. When something fails in them, I would like
    them to be able to log to either a database, a logfile, or the application
    log. All code is in C#

    I run into permissions problems straigh away though. To log to the event
    log, you need Administrator privileges. So followed MS example how to
    sandbox sensitive and secure code.


    1) Made a new component, to sandbox the event log code, and to decrease the
    possible attack surface.
    2) Created a strong key, and added it to the assembly file.
    3) Added the APTCA attribute ([assembly: AllowPartiallyTrustedCallers]),
    and as per MS instructions, the following attribute also:
    [assembly: EventLogPermission(SecurityAction.RequestMinimum,
    PermissionAccess = EventLogPermissionAccess.Instrument)]
    4) Added the component to the GAC
    5) The code in the function looks like this:

    public static bool LogEvent(string LogName, string Source, string User,
    string LogText, int EventID, short Category)
    {
    EventLog oLog;
    EventLogEntryType lEntry = EventLogEntryType.Error;
    EventLogPermission oPerm;

    string sMachine = System.Net.Dns.GetHostName();
    string sLog;
    bool bOK = false;
    sLog = LogName;

    Category = 0;
    try
    {
    System.Text.StringBuilder oBuilder = new
    System.Text.StringBuilder(LogText.Length + 100);

    oBuilder.Append("Date: ");
    oBuilder.Append (System.DateTime.Now.ToString());
    oBuilder.Append("\n"); // new line

    oBuilder.Append("User: ");
    oBuilder.Append(User);
    oBuilder.Append("\n\n"); // new line

    oBuilder.Append(LogText);


    // to allow untrusted callers the right to add entries to the event log.
    oPerm = new EventLogPermission(EventLogPermissionAccess.Instrument,
    sMachine);
    oPerm.Assert();

    if (!EventLog.SourceExists(Source))
    EventLog.CreateEventSource(Source, sLog, sMachine);

    // using means that we don't have to explicitly call dispose at the end.
    // Dispose is called implicitly at the end of the using bracket.
    // Only supported for objects that implement IDisposable.
    using (oLog = new EventLog(sLog, sMachine, Source))
    {

    string sEventDescription = oBuilder.ToString();

    oLog.BeginInit();
    oLog.WriteEntry(sEventDescription, lEntry, EventID, Category);
    oLog.EndInit();
    }
    bOK = true;
    }
    catch (System.Security.SecurityException secEx)
    {
    bOK = false;
    throw(secEx);
    }
    catch (System.Exception ex)
    {
    bOK = false;
    throw(ex);
    }
    finally
    {
    CodeAccessPermission.RevertAll();

    }

    return bOK;
    }


    When this component is called from my aspx pages the following error occurs:

    Description: The application attempted to perform an operation not allowed
    by the security policy. To grant this application the required permission
    please contact your system administrator or change the application's trust
    level in the configuration file.

    Exception Details: System.Security.SecurityException: Requested registry
    access is not allowed.

    Source Error:

    An unhandled exception was generated during the execution of the
    current web request. Information regarding the origin and location of the
    exception can be identified using the exception stack trace below.


    I have tried to modify the trust level in the web.config file, but to no
    avail. Full trust level works no better than the default trust level.
    Clearly, the pages do not have permissions to access the component, and to
    execute the code.
    I know that the code fails at the call to oLog.WriteEntry

    Any idea how to do fix this? Need I configure some assemblies or some such?
    Should I remove the demand for Instrument privelege for EventLogPermission?


    Have tried to look at code groups under machine config in the .Neet
    configuration tool, but nothing helps.

    The web pages are running in the default ASP.NET account, as they are on a
    public server, and running the web pages under an administrative account is
    out of the question.



    // Sincerily yours, Henrik
     
    Henrik_the_boss, Nov 5, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott Allen
    Replies:
    0
    Views:
    456
    Scott Allen
    Jul 13, 2004
  2. =?Utf-8?B?U3VkaGlyIERhcmJoYQ==?=

    Unable to set permissions on VSWebCache folder error in Event Log.

    =?Utf-8?B?U3VkaGlyIERhcmJoYQ==?=, Feb 3, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    586
    =?Utf-8?B?U3VkaGlyIERhcmJoYQ==?=
    Feb 3, 2005
  3. Replies:
    0
    Views:
    203
  4. Tom Wingert
    Replies:
    0
    Views:
    350
    Tom Wingert
    Jan 12, 2006
  5. Replies:
    0
    Views:
    1,343
Loading...

Share This Page