Cannot open log Application on machine

[Greg]

Hi all,

We want to be able to log to the event log when an error occurs in our web
parts. Currently we cannot do that under SharePoint because it throws an
exception.

Below is the code where is fails:

EventLog log = new EventLog("Application", ".", "MyThing");
log.EnableRaisingEvents = true;

On the second line it throws the following exception:

- $exception {"Cannot open log Application on machine .. Windows has not
provided an error code."} System.Exception
{System.InvalidOperationException}

The exception contains an inner exception stating "Access denied."

Running the same code under an ASP.NET 2.0 application with an anonimus user
access it works fine.

Here are some facts:
- We are using windows authendication in the WSS server
- The users accessing the sharepoint site have domain accounts
- If I access the SharePoint site with a user that is NOT administrator then
it fails.
- For Admins it works fine.
- The Event log source gets installed by our installer to avoid other
sequrity problems.

How can I avoid the exception without having to make all users admins?
Please help!!!

Thanks in advance,
Greg.

 

[Dominick Baier [DevelopMentor]]

Hi,

1. EnableRaisingEvents - this is used if you are writing a event log listener
- you usually provide a callback in your application that gets called when
a new event entry is written - this is NOT needed to write to the event log

2. The ASP.NET worker process does not have the privileges to create a brand
new event source - that's where the access denied is coming from

You have to pre-create the event source and log in, e.g. a console application
that is run with admin privileges. Afterwards you can write to the EventLog
with a least privilege account.

 

[Greg]

Hi Dominic,

2. The ASP.NET worker process does not have the privileges to create a
brand new event source - that's where the access denied is coming from

We do not create a brand new event source. As I said previouslly the event
source gets installed by
our instalation program.

1. EnableRaisingEvents - this is used if you are writing a event log
listener - you usually provide a callback in your application that gets
called when a new event entry is written - this is NOT needed to write to
the event log

I removed the offending line to do with the EnableRaisingEvents. It now
fails when it actually tries to
write - log.WriteEntry(.....) - with an exception stating:

Cannot open log for source 'My event Source'. You may not have write access.

Any thought please?

Thanks for your quick reply.
Greg.

 

[Dominick Baier [DevelopMentor]]

ah - i remember vaguely that there is a bug in 1.1

whats the name of your event source? if the 1st is higher than "s" - or something
comparably obscure...

also check the ACL on HKLM\System\CurrentControlSet\Services\Eventlog\EventLogName

does the asp.net process account have sufficient rights?

what OS?

 

[Greg]

whats the name of your event source? if the 1st is higher than "s" - or
something
comparably obscure...

The source name is "Metastorm WSS Integration"

also check the ACL on
HKLM\System\CurrentControlSet\Services\Eventlog\EventLogName
does the asp.net process account have sufficient rights?

It has, otherwise the ASP.NET application running the same code would't be
able to log at all.
When I run the same code under SharePoint is where it fails.

what OS?

Windows 2003 SP1

Thanks,
Greg.

 

[Dominick Baier [DevelopMentor]]

what happens if you do a

new EventLogPermission(PermissionState.Unrestricted).Demand()

?

 

[Greg]

Hi Dominic,

I added the code as you asked me just before I do a write like this

new EventLogPermission(PermissionState.Unrestricted).Demand();
log.WriteEntry(message, type, (int)eventId, (short)category);

The Demand method executes sucessfull as it proceeds to the next line
(log.WriteEntry......) ok.
When it tries to do log.WriteEntry it then fails with a
System.InvalidOperationException exception:

"Cannot open log for source 'Metastorm WSS Integration'. You may not have
write access."

The exception contains an Inner Exception of "Access is denied".

The top 4 entries of the trace stack are:
System.Diagnostics.EventLog.OpenForWrite(...)
System.Diagnostics.EventLog.InternalWriteEvent(...)
System.Diagnostics.EventLog.WriteEntry(...)
System.Diagnostics.EventLog.WriteEntry(...)

Many thanks,
Greg.

 

[Dominick Baier [DevelopMentor]]

Hi,

OK - i wanted to make sure that the problem is not CAS related - it must
be some OS ACL

does this help?
http://www.leastprivilege.com/EventLogACLsInWindows2003.aspx

 

[Greg]

Hi Dominick,

I had a look at the article yopu suggested.
I do not think though that the security on the EventLog is relevant as the
same user can write to event log from an ASP.NET application using the same
code but cannot when the code is hosted in SharePoint. Both SharePoint and
the ASP.NET app use windows authendication.

This is very weird.....

Many Thanks,
Greg.

 

[Greg]

I also tried the following...

The trust lever is set to Full. I also GACed the assembly that does the
event logging but I still get same problem.

Please help....
Greg.