Security Exception

T

Tumurbaatar S.

How to allow the default user account of ASP.NET to access system registry
of WinXP?
My page raises following exception and I believe that happens because my
script
accesses the Event Log of WinXP:

my code:

if (EventLog.SourceExists("MySource"))
EventLog.CreateEventSource("MySource", "MyLog");
using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
{
....
ev.WriteEntry(MyMessage, EventLogEntryType.Error);
....
}

error details:

Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Requested registry
access is not allowed.

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Requested registry access is not allowed.]
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
+473
System.Diagnostics.EventLog.FindSourceRegistration(String source, String
machineName, Boolean readOnly) +295
System.Diagnostics.EventLog.SourceExists(String source, String
machineName) +78
System.Diagnostics.EventLog.SourceExists(String source) +11
card.RespFrm.Page_Load(Object sender, EventArgs e) +787
....
 
T

Tumurbaatar S.

I gave Full Control permission to NETWORK SERVICE and ASPNET on
"HK_LM\...\Services\Eventlog" and "..\Eventlog\MyLog" keys. But script
still does not work. Any ideas?
 
T

Tumurbaatar S.

I've found some workaround. Setting <processModel> to SYSTEM user
allows ASP.NET app to fully control event log. But it has some security
risks.
Anybody can explain me, please, why ASPNET user with Full Control permission
on "HK_LM\...\Services\Eventlog" key, cannot play with Event Log? What more
rights it should have?

Tumurbaatar S. said:
I gave Full Control permission to NETWORK SERVICE and ASPNET on
"HK_LM\...\Services\Eventlog" and "..\Eventlog\MyLog" keys. But script
still does not work. Any ideas?


Tumurbaatar S. said:
How to allow the default user account of ASP.NET to access system
registry of WinXP?
My page raises following exception and I believe that happens because my
script
accesses the Event Log of WinXP:

my code:

if (EventLog.SourceExists("MySource"))
EventLog.CreateEventSource("MySource", "MyLog");
using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
{
...
ev.WriteEntry(MyMessage, EventLogEntryType.Error);
...
}

error details:

Description: The application attempted to perform an operation not
allowed by the security policy. To grant this application the required
permission please contact your system administrator or change the
application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Requested registry
access is not allowed.

Source Error:

An unhandled exception was generated during the execution of the current
web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Requested registry access is not allowed.]
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
+473
System.Diagnostics.EventLog.FindSourceRegistration(String source,
String machineName, Boolean readOnly) +295
System.Diagnostics.EventLog.SourceExists(String source, String
machineName) +78
System.Diagnostics.EventLog.SourceExists(String source) +11
card.RespFrm.Page_Load(Object sender, EventArgs e) +787
...
Click to expand...
Click to expand...
 
J

Joe Kaplan \(MVP - ADSI\)

The correct thing to do is to use an adminstrative account to create the
event source and then not do that in your web code. Your code should assume
that the event source already exists and that the application has been
configured correctly by the adminstrator.

If you want to debug a security problem on the registry though, using a tool
like regmon (sysinternals) is extremely helpful.

Joe K.

Tumurbaatar S. said:
I've found some workaround. Setting <processModel> to SYSTEM user
allows ASP.NET app to fully control event log. But it has some security
risks.
Anybody can explain me, please, why ASPNET user with Full Control
permission
on "HK_LM\...\Services\Eventlog" key, cannot play with Event Log? What
more
rights it should have?

Tumurbaatar S. said:
I gave Full Control permission to NETWORK SERVICE and ASPNET on
"HK_LM\...\Services\Eventlog" and "..\Eventlog\MyLog" keys. But script
still does not work. Any ideas?


Tumurbaatar S. said:
How to allow the default user account of ASP.NET to access system
registry of WinXP?
My page raises following exception and I believe that happens because my
script
accesses the Event Log of WinXP:

my code:

if (EventLog.SourceExists("MySource"))
EventLog.CreateEventSource("MySource", "MyLog");
using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
{
...
ev.WriteEntry(MyMessage, EventLogEntryType.Error);
...
}

error details:

Description: The application attempted to perform an operation not
allowed by the security policy. To grant this application the required
permission please contact your system administrator or change the
application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Requested registry
access is not allowed.

Source Error:

An unhandled exception was generated during the execution of the current
web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Requested registry access is not allowed.]
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
+473
System.Diagnostics.EventLog.FindSourceRegistration(String source,
String machineName, Boolean readOnly) +295
System.Diagnostics.EventLog.SourceExists(String source, String
machineName) +78
System.Diagnostics.EventLog.SourceExists(String source) +11
card.RespFrm.Page_Load(Object sender, EventArgs e) +787
...
Click to expand...
Click to expand...
Click to expand...
 
T

Tumurbaatar S.

Is there any tool to create an event source? As I understand,
adding a sub-key under "..\Eventlog" key creates a new custom event
log section ("MyLog" in my case). But how to add an event source
("MySource")?


Joe Kaplan (MVP - ADSI) said:
The correct thing to do is to use an adminstrative account to create the
event source and then not do that in your web code. Your code should
assume that the event source already exists and that the application has
been configured correctly by the adminstrator.

If you want to debug a security problem on the registry though, using a
tool like regmon (sysinternals) is extremely helpful.

Joe K.

Tumurbaatar S. said:
I've found some workaround. Setting <processModel> to SYSTEM user
allows ASP.NET app to fully control event log. But it has some security
risks.
Anybody can explain me, please, why ASPNET user with Full Control
permission
on "HK_LM\...\Services\Eventlog" key, cannot play with Event Log? What
more
rights it should have?

Tumurbaatar S. said:
I gave Full Control permission to NETWORK SERVICE and ASPNET on
"HK_LM\...\Services\Eventlog" and "..\Eventlog\MyLog" keys. But script
still does not work. Any ideas?


How to allow the default user account of ASP.NET to access system
registry of WinXP?
My page raises following exception and I believe that happens because
my script
accesses the Event Log of WinXP:

my code:

if (EventLog.SourceExists("MySource"))
EventLog.CreateEventSource("MySource", "MyLog");
using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
{
...
ev.WriteEntry(MyMessage, EventLogEntryType.Error);
...
}

error details:

Description: The application attempted to perform an operation not
allowed by the security policy. To grant this application the required
permission please contact your system administrator or change the
application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Requested
registry access is not allowed.

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Requested registry access is not allowed.]
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
+473
System.Diagnostics.EventLog.FindSourceRegistration(String source,
String machineName, Boolean readOnly) +295
System.Diagnostics.EventLog.SourceExists(String source, String
machineName) +78
System.Diagnostics.EventLog.SourceExists(String source) +11
card.RespFrm.Page_Load(Object sender, EventArgs e) +787
...
Click to expand...
Click to expand...
Click to expand...
 
J

Joe Kaplan \(MVP - ADSI\)

The easiest way is probably to create a small dll assembly project that uses
the EventLogInstaller class and then just run installutil.exe on it during
installation as the adminstrator. There are samples of this in the SDK
documentation on the class.

Alternately, you can do the same CreatEventSource stuff in a small console
application that you run as administrator. It is also possible to modify
the registry directly, although it is more straightforward to use the .NET
classses. Modifying the registry will give you more control though.

HTH,

Joe K.

Tumurbaatar S. said:
Is there any tool to create an event source? As I understand,
adding a sub-key under "..\Eventlog" key creates a new custom event
log section ("MyLog" in my case). But how to add an event source
("MySource")?


Joe Kaplan (MVP - ADSI) said:
The correct thing to do is to use an adminstrative account to create the
event source and then not do that in your web code. Your code should
assume that the event source already exists and that the application has
been configured correctly by the adminstrator.

If you want to debug a security problem on the registry though, using a
tool like regmon (sysinternals) is extremely helpful.

Joe K.

Tumurbaatar S. said:
I've found some workaround. Setting <processModel> to SYSTEM user
allows ASP.NET app to fully control event log. But it has some security
risks.
Anybody can explain me, please, why ASPNET user with Full Control
permission
on "HK_LM\...\Services\Eventlog" key, cannot play with Event Log? What
more
rights it should have?

I gave Full Control permission to NETWORK SERVICE and ASPNET on
"HK_LM\...\Services\Eventlog" and "..\Eventlog\MyLog" keys. But script
still does not work. Any ideas?


How to allow the default user account of ASP.NET to access system
registry of WinXP?
My page raises following exception and I believe that happens because
my script
accesses the Event Log of WinXP:

my code:

if (EventLog.SourceExists("MySource"))
EventLog.CreateEventSource("MySource", "MyLog");
using (EventLog ev = new EventLog("MyLog", ".", "MySource"))
{
...
ev.WriteEntry(MyMessage, EventLogEntryType.Error);
...
}

error details:

Description: The application attempted to perform an operation not
allowed by the security policy. To grant this application the required
permission please contact your system administrator or change the
application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Requested
registry access is not allowed.

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Requested registry access is not allowed.]
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean
writable) +473
System.Diagnostics.EventLog.FindSourceRegistration(String source,
String machineName, Boolean readOnly) +295
System.Diagnostics.EventLog.SourceExists(String source, String
machineName) +78
System.Diagnostics.EventLog.SourceExists(String source) +11
card.RespFrm.Page_Load(Object sender, EventArgs e) +787
...
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security problem when writting to Event Log 3
Security Exception when writting to EventLog 0
Security Exception 0
Writing to event log 2
Security Exception when Deploying to IIS 0
security exception writing to event log 10
Security- access to Event Viewer 29
SecurityException on EventLog.CreateEventSource 1

Members online

No members online now.
Total: 27 (members: 0, guests: 27)
Robots: 494

Forum statistics

Threads
473,769
Messages
2,569,579
Members
45,053
Latest member
BrodieSola

Latest Threads

Top