Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Need help on the Permissions needed to log to Event Log from ASP.NET?

Reply
Thread Tools

Need help on the Permissions needed to log to Event Log from ASP.NET?

 
 
Henrik_the_boss
Guest
Posts: n/a
 
      11-05-2003
Hello all.

I have a couple of aspx pages. When something fails in them, I would like
them to be able to log to either a database, a logfile, or the application
log. All code is in C#

I run into permissions problems straigh away though. To log to the event
log, you need Administrator privileges. So followed MS example how to
sandbox sensitive and secure code.


1) Made a new component, to sandbox the event log code, and to decrease the
possible attack surface.
2) Created a strong key, and added it to the assembly file.
3) Added the APTCA attribute ([assembly: AllowPartiallyTrustedCallers]),
and as per MS instructions, the following attribute also:
[assembly: EventLogPermission(SecurityAction.RequestMinimum,
PermissionAccess = EventLogPermissionAccess.Instrument)]
4) Added the component to the GAC
5) The code in the function looks like this:

public static bool LogEvent(string LogName, string Source, string User,
string LogText, int EventID, short Category)
{
EventLog oLog;
EventLogEntryType lEntry = EventLogEntryType.Error;
EventLogPermission oPerm;

string sMachine = System.Net.Dns.GetHostName();
string sLog;
bool bOK = false;
sLog = LogName;

Category = 0;
try
{
System.Text.StringBuilder oBuilder = new
System.Text.StringBuilder(LogText.Length + 100);

oBuilder.Append("Date: ");
oBuilder.Append (System.DateTime.Now.ToString());
oBuilder.Append("\n"); // new line

oBuilder.Append("User: ");
oBuilder.Append(User);
oBuilder.Append("\n\n"); // new line

oBuilder.Append(LogText);


// to allow untrusted callers the right to add entries to the event log.
oPerm = new EventLogPermission(EventLogPermissionAccess.Instru ment,
sMachine);
oPerm.Assert();

if (!EventLog.SourceExists(Source))
EventLog.CreateEventSource(Source, sLog, sMachine);

// using means that we don't have to explicitly call dispose at the end.
// Dispose is called implicitly at the end of the using bracket.
// Only supported for objects that implement IDisposable.
using (oLog = new EventLog(sLog, sMachine, Source))
{

string sEventDescription = oBuilder.ToString();

oLog.BeginInit();
oLog.WriteEntry(sEventDescription, lEntry, EventID, Category);
oLog.EndInit();
}
bOK = true;
}
catch (System.Security.SecurityException secEx)
{
bOK = false;
throw(secEx);
}
catch (System.Exception ex)
{
bOK = false;
throw(ex);
}
finally
{
CodeAccessPermission.RevertAll();

}

return bOK;
}


When this component is called from my aspx pages the following error occurs:

Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Requested registry
access is not allowed.

Source Error:

An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.


I have tried to modify the trust level in the web.config file, but to no
avail. Full trust level works no better than the default trust level.
Clearly, the pages do not have permissions to access the component, and to
execute the code.
I know that the code fails at the call to oLog.WriteEntry

Any idea how to do fix this? Need I configure some assemblies or some such?
Should I remove the demand for Instrument privelege for EventLogPermission?


Have tried to look at code groups under machine config in the .Neet
configuration tool, but nothing helps.

The web pages are running in the default ASP.NET account, as they are on a
public server, and running the web pages under an administrative account is
out of the question.



// Sincerily yours, Henrik


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Event log permissions while impersonating spamisuseless1@gmail.com ASP .Net Security 0 01-21-2007 08:47 AM
In-depth documenation on User Permissions, Group Permissions, ACLs, DCLs etc. Curt K ASP .Net 0 11-03-2006 04:54 PM
Unable to set permissions on VSWebCache folder error in Event Log. =?Utf-8?B?U3VkaGlyIERhcmJoYQ==?= ASP .Net 0 02-03-2005 03:27 PM
ASPX file returning obscur runtime error - after changing permissions to a subweb (.net app) to different permissions than on its parent ? Isabelle ASP .Net 0 08-11-2004 02:04 PM
Re: Permissions - giving "everyone" full permissions is bad ? Scott Allen ASP .Net 0 07-13-2004 08:54 PM



Advertisments