Security Exception

Discussion in 'ASP .Net Security' started by Tumurbaatar S., Aug 18, 2005.

  1. How to allow the default user account of ASP.NET to access system registry
    of WinXP?
    My page raises following exception and I believe that happens because my
    script
    accesses the Event Log of WinXP:

    my code:

    if (EventLog.SourceExists("MySource"))
    EventLog.CreateEventSource("MySource", "MyLog");
    using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
    {
    ....
    ev.WriteEntry(MyMessage, EventLogEntryType.Error);
    ....
    }

    error details:

    Description: The application attempted to perform an operation not allowed
    by the security policy. To grant this application the required permission
    please contact your system administrator or change the application's trust
    level in the configuration file.

    Exception Details: System.Security.SecurityException: Requested registry
    access is not allowed.

    Source Error:

    An unhandled exception was generated during the execution of the current web
    request. Information regarding the origin and location of the exception can
    be identified using the exception stack trace below.

    Stack Trace:

    [SecurityException: Requested registry access is not allowed.]
    Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    +473
    System.Diagnostics.EventLog.FindSourceRegistration(String source, String
    machineName, Boolean readOnly) +295
    System.Diagnostics.EventLog.SourceExists(String source, String
    machineName) +78
    System.Diagnostics.EventLog.SourceExists(String source) +11
    card.RespFrm.Page_Load(Object sender, EventArgs e) +787
    ....
    Tumurbaatar S., Aug 18, 2005
    #1
    1. Advertising

  2. I gave Full Control permission to NETWORK SERVICE and ASPNET on
    "HK_LM\...\Services\Eventlog" and "..\Eventlog\MyLog" keys. But script
    still does not work. Any ideas?


    "Tumurbaatar S." <> wrote in message
    news:...
    > How to allow the default user account of ASP.NET to access system registry
    > of WinXP?
    > My page raises following exception and I believe that happens because my
    > script
    > accesses the Event Log of WinXP:
    >
    > my code:
    >
    > if (EventLog.SourceExists("MySource"))
    > EventLog.CreateEventSource("MySource", "MyLog");
    > using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
    > {
    > ...
    > ev.WriteEntry(MyMessage, EventLogEntryType.Error);
    > ...
    > }
    >
    > error details:
    >
    > Description: The application attempted to perform an operation not allowed
    > by the security policy. To grant this application the required permission
    > please contact your system administrator or change the application's trust
    > level in the configuration file.
    >
    > Exception Details: System.Security.SecurityException: Requested registry
    > access is not allowed.
    >
    > Source Error:
    >
    > An unhandled exception was generated during the execution of the current
    > web request. Information regarding the origin and location of the
    > exception can be identified using the exception stack trace below.
    >
    > Stack Trace:
    >
    > [SecurityException: Requested registry access is not allowed.]
    > Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    > +473
    > System.Diagnostics.EventLog.FindSourceRegistration(String source, String
    > machineName, Boolean readOnly) +295
    > System.Diagnostics.EventLog.SourceExists(String source, String
    > machineName) +78
    > System.Diagnostics.EventLog.SourceExists(String source) +11
    > card.RespFrm.Page_Load(Object sender, EventArgs e) +787
    > ...
    >
    >
    >
    >
    Tumurbaatar S., Aug 18, 2005
    #2
    1. Advertising

  3. I've found some workaround. Setting <processModel> to SYSTEM user
    allows ASP.NET app to fully control event log. But it has some security
    risks.
    Anybody can explain me, please, why ASPNET user with Full Control permission
    on "HK_LM\...\Services\Eventlog" key, cannot play with Event Log? What more
    rights it should have?

    "Tumurbaatar S." <> wrote in message
    news:OaSwx%...
    >I gave Full Control permission to NETWORK SERVICE and ASPNET on
    > "HK_LM\...\Services\Eventlog" and "..\Eventlog\MyLog" keys. But script
    > still does not work. Any ideas?
    >
    >
    > "Tumurbaatar S." <> wrote in message
    > news:...
    >> How to allow the default user account of ASP.NET to access system
    >> registry of WinXP?
    >> My page raises following exception and I believe that happens because my
    >> script
    >> accesses the Event Log of WinXP:
    >>
    >> my code:
    >>
    >> if (EventLog.SourceExists("MySource"))
    >> EventLog.CreateEventSource("MySource", "MyLog");
    >> using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
    >> {
    >> ...
    >> ev.WriteEntry(MyMessage, EventLogEntryType.Error);
    >> ...
    >> }
    >>
    >> error details:
    >>
    >> Description: The application attempted to perform an operation not
    >> allowed by the security policy. To grant this application the required
    >> permission please contact your system administrator or change the
    >> application's trust level in the configuration file.
    >>
    >> Exception Details: System.Security.SecurityException: Requested registry
    >> access is not allowed.
    >>
    >> Source Error:
    >>
    >> An unhandled exception was generated during the execution of the current
    >> web request. Information regarding the origin and location of the
    >> exception can be identified using the exception stack trace below.
    >>
    >> Stack Trace:
    >>
    >> [SecurityException: Requested registry access is not allowed.]
    >> Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    >> +473
    >> System.Diagnostics.EventLog.FindSourceRegistration(String source,
    >> String machineName, Boolean readOnly) +295
    >> System.Diagnostics.EventLog.SourceExists(String source, String
    >> machineName) +78
    >> System.Diagnostics.EventLog.SourceExists(String source) +11
    >> card.RespFrm.Page_Load(Object sender, EventArgs e) +787
    >> ...
    >>
    >>
    >>
    >>

    >
    >
    Tumurbaatar S., Aug 19, 2005
    #3
  4. The correct thing to do is to use an adminstrative account to create the
    event source and then not do that in your web code. Your code should assume
    that the event source already exists and that the application has been
    configured correctly by the adminstrator.

    If you want to debug a security problem on the registry though, using a tool
    like regmon (sysinternals) is extremely helpful.

    Joe K.

    "Tumurbaatar S." <> wrote in message
    news:...
    > I've found some workaround. Setting <processModel> to SYSTEM user
    > allows ASP.NET app to fully control event log. But it has some security
    > risks.
    > Anybody can explain me, please, why ASPNET user with Full Control
    > permission
    > on "HK_LM\...\Services\Eventlog" key, cannot play with Event Log? What
    > more
    > rights it should have?
    >
    > "Tumurbaatar S." <> wrote in message
    > news:OaSwx%...
    >>I gave Full Control permission to NETWORK SERVICE and ASPNET on
    >> "HK_LM\...\Services\Eventlog" and "..\Eventlog\MyLog" keys. But script
    >> still does not work. Any ideas?
    >>
    >>
    >> "Tumurbaatar S." <> wrote in message
    >> news:...
    >>> How to allow the default user account of ASP.NET to access system
    >>> registry of WinXP?
    >>> My page raises following exception and I believe that happens because my
    >>> script
    >>> accesses the Event Log of WinXP:
    >>>
    >>> my code:
    >>>
    >>> if (EventLog.SourceExists("MySource"))
    >>> EventLog.CreateEventSource("MySource", "MyLog");
    >>> using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
    >>> {
    >>> ...
    >>> ev.WriteEntry(MyMessage, EventLogEntryType.Error);
    >>> ...
    >>> }
    >>>
    >>> error details:
    >>>
    >>> Description: The application attempted to perform an operation not
    >>> allowed by the security policy. To grant this application the required
    >>> permission please contact your system administrator or change the
    >>> application's trust level in the configuration file.
    >>>
    >>> Exception Details: System.Security.SecurityException: Requested registry
    >>> access is not allowed.
    >>>
    >>> Source Error:
    >>>
    >>> An unhandled exception was generated during the execution of the current
    >>> web request. Information regarding the origin and location of the
    >>> exception can be identified using the exception stack trace below.
    >>>
    >>> Stack Trace:
    >>>
    >>> [SecurityException: Requested registry access is not allowed.]
    >>> Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    >>> +473
    >>> System.Diagnostics.EventLog.FindSourceRegistration(String source,
    >>> String machineName, Boolean readOnly) +295
    >>> System.Diagnostics.EventLog.SourceExists(String source, String
    >>> machineName) +78
    >>> System.Diagnostics.EventLog.SourceExists(String source) +11
    >>> card.RespFrm.Page_Load(Object sender, EventArgs e) +787
    >>> ...
    >>>
    >>>
    >>>
    >>>

    >>
    >>

    >
    >
    Joe Kaplan \(MVP - ADSI\), Aug 19, 2005
    #4
  5. Is there any tool to create an event source? As I understand,
    adding a sub-key under "..\Eventlog" key creates a new custom event
    log section ("MyLog" in my case). But how to add an event source
    ("MySource")?


    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:%...
    > The correct thing to do is to use an adminstrative account to create the
    > event source and then not do that in your web code. Your code should
    > assume that the event source already exists and that the application has
    > been configured correctly by the adminstrator.
    >
    > If you want to debug a security problem on the registry though, using a
    > tool like regmon (sysinternals) is extremely helpful.
    >
    > Joe K.
    >
    > "Tumurbaatar S." <> wrote in message
    > news:...
    >> I've found some workaround. Setting <processModel> to SYSTEM user
    >> allows ASP.NET app to fully control event log. But it has some security
    >> risks.
    >> Anybody can explain me, please, why ASPNET user with Full Control
    >> permission
    >> on "HK_LM\...\Services\Eventlog" key, cannot play with Event Log? What
    >> more
    >> rights it should have?
    >>
    >> "Tumurbaatar S." <> wrote in message
    >> news:OaSwx%...
    >>>I gave Full Control permission to NETWORK SERVICE and ASPNET on
    >>> "HK_LM\...\Services\Eventlog" and "..\Eventlog\MyLog" keys. But script
    >>> still does not work. Any ideas?
    >>>
    >>>
    >>> "Tumurbaatar S." <> wrote in message
    >>> news:...
    >>>> How to allow the default user account of ASP.NET to access system
    >>>> registry of WinXP?
    >>>> My page raises following exception and I believe that happens because
    >>>> my script
    >>>> accesses the Event Log of WinXP:
    >>>>
    >>>> my code:
    >>>>
    >>>> if (EventLog.SourceExists("MySource"))
    >>>> EventLog.CreateEventSource("MySource", "MyLog");
    >>>> using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
    >>>> {
    >>>> ...
    >>>> ev.WriteEntry(MyMessage, EventLogEntryType.Error);
    >>>> ...
    >>>> }
    >>>>
    >>>> error details:
    >>>>
    >>>> Description: The application attempted to perform an operation not
    >>>> allowed by the security policy. To grant this application the required
    >>>> permission please contact your system administrator or change the
    >>>> application's trust level in the configuration file.
    >>>>
    >>>> Exception Details: System.Security.SecurityException: Requested
    >>>> registry access is not allowed.
    >>>>
    >>>> Source Error:
    >>>>
    >>>> An unhandled exception was generated during the execution of the
    >>>> current web request. Information regarding the origin and location of
    >>>> the exception can be identified using the exception stack trace below.
    >>>>
    >>>> Stack Trace:
    >>>>
    >>>> [SecurityException: Requested registry access is not allowed.]
    >>>> Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    >>>> +473
    >>>> System.Diagnostics.EventLog.FindSourceRegistration(String source,
    >>>> String machineName, Boolean readOnly) +295
    >>>> System.Diagnostics.EventLog.SourceExists(String source, String
    >>>> machineName) +78
    >>>> System.Diagnostics.EventLog.SourceExists(String source) +11
    >>>> card.RespFrm.Page_Load(Object sender, EventArgs e) +787
    >>>> ...
    >>>>
    >>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Tumurbaatar S., Aug 19, 2005
    #5
  6. The easiest way is probably to create a small dll assembly project that uses
    the EventLogInstaller class and then just run installutil.exe on it during
    installation as the adminstrator. There are samples of this in the SDK
    documentation on the class.

    Alternately, you can do the same CreatEventSource stuff in a small console
    application that you run as administrator. It is also possible to modify
    the registry directly, although it is more straightforward to use the .NET
    classses. Modifying the registry will give you more control though.

    HTH,

    Joe K.

    "Tumurbaatar S." <> wrote in message
    news:...
    > Is there any tool to create an event source? As I understand,
    > adding a sub-key under "..\Eventlog" key creates a new custom event
    > log section ("MyLog" in my case). But how to add an event source
    > ("MySource")?
    >
    >
    > "Joe Kaplan (MVP - ADSI)" <> wrote
    > in message news:%...
    >> The correct thing to do is to use an adminstrative account to create the
    >> event source and then not do that in your web code. Your code should
    >> assume that the event source already exists and that the application has
    >> been configured correctly by the adminstrator.
    >>
    >> If you want to debug a security problem on the registry though, using a
    >> tool like regmon (sysinternals) is extremely helpful.
    >>
    >> Joe K.
    >>
    >> "Tumurbaatar S." <> wrote in message
    >> news:...
    >>> I've found some workaround. Setting <processModel> to SYSTEM user
    >>> allows ASP.NET app to fully control event log. But it has some security
    >>> risks.
    >>> Anybody can explain me, please, why ASPNET user with Full Control
    >>> permission
    >>> on "HK_LM\...\Services\Eventlog" key, cannot play with Event Log? What
    >>> more
    >>> rights it should have?
    >>>
    >>> "Tumurbaatar S." <> wrote in message
    >>> news:OaSwx%...
    >>>>I gave Full Control permission to NETWORK SERVICE and ASPNET on
    >>>> "HK_LM\...\Services\Eventlog" and "..\Eventlog\MyLog" keys. But script
    >>>> still does not work. Any ideas?
    >>>>
    >>>>
    >>>> "Tumurbaatar S." <> wrote in message
    >>>> news:...
    >>>>> How to allow the default user account of ASP.NET to access system
    >>>>> registry of WinXP?
    >>>>> My page raises following exception and I believe that happens because
    >>>>> my script
    >>>>> accesses the Event Log of WinXP:
    >>>>>
    >>>>> my code:
    >>>>>
    >>>>> if (EventLog.SourceExists("MySource"))
    >>>>> EventLog.CreateEventSource("MySource", "MyLog");
    >>>>> using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
    >>>>> {
    >>>>> ...
    >>>>> ev.WriteEntry(MyMessage, EventLogEntryType.Error);
    >>>>> ...
    >>>>> }
    >>>>>
    >>>>> error details:
    >>>>>
    >>>>> Description: The application attempted to perform an operation not
    >>>>> allowed by the security policy. To grant this application the required
    >>>>> permission please contact your system administrator or change the
    >>>>> application's trust level in the configuration file.
    >>>>>
    >>>>> Exception Details: System.Security.SecurityException: Requested
    >>>>> registry access is not allowed.
    >>>>>
    >>>>> Source Error:
    >>>>>
    >>>>> An unhandled exception was generated during the execution of the
    >>>>> current web request. Information regarding the origin and location of
    >>>>> the exception can be identified using the exception stack trace below.
    >>>>>
    >>>>> Stack Trace:
    >>>>>
    >>>>> [SecurityException: Requested registry access is not allowed.]
    >>>>> Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean
    >>>>> writable) +473
    >>>>> System.Diagnostics.EventLog.FindSourceRegistration(String source,
    >>>>> String machineName, Boolean readOnly) +295
    >>>>> System.Diagnostics.EventLog.SourceExists(String source, String
    >>>>> machineName) +78
    >>>>> System.Diagnostics.EventLog.SourceExists(String source) +11
    >>>>> card.RespFrm.Page_Load(Object sender, EventArgs e) +787
    >>>>> ...
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>
    >>>>
    >>>
    >>>

    >>
    >>

    >
    >
    Joe Kaplan \(MVP - ADSI\), Aug 19, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    339
    John C. Bollinger
    Aug 4, 2003
  2. Marco
    Replies:
    1
    Views:
    2,400
    Roedy Green
    Jan 28, 2006
  3. Akram Baig
    Replies:
    0
    Views:
    319
    Akram Baig
    Apr 7, 2011
  4. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    128
    Dinis Cruz
    Oct 11, 2003
  5. Michael Randrup
    Replies:
    3
    Views:
    287
    Henning Krause [MVP]
    Mar 27, 2006
Loading...

Share This Page