Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > EMAB, Impersonation and Event log

Reply
Thread Tools

EMAB, Impersonation and Event log

 
 
SJ
Guest
Posts: n/a
 
      11-11-2003
Hi all,

I'm having a problem in ASP.NET enabling write access to the system event
log using EMAB, which uses System.Diagnostics.WriteEntry under the covers.
Specifically:
* The web application has anonymous authentication (only) enabled.
* The account used is IUSR_mypc
* I use InstallUtil to create the 2 source entries in
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Ap plication. These are
ExceptionManagerInternalException and ExceptionManagerPublishedException (
the defaults )
* In Web.config: authentication=none (or Windows).

Whenever I set identity impersonate to "true", I get
'System.ComponentModel.Win32Exception: Access is denied', no matter what
permissions I grant on the registry keys (I've tried from the specific
source keys to the Eventlog root).

I thought that in this case, the ASPNET account would be used to impersonate
the (anonymous) user. As I had granted full control to the registry keys to
this account, I thought that there should be no problem writing to the event
log.

I've also tried the IUSR account and numerous others. There does not seem to
be a single account I can use to grant these permissions. Does anyone know
if this is correct?

Thanks in advance

Simon


 
Reply With Quote
 
 
 
 
MSFT
Guest
Posts: n/a
 
      11-11-2003
Hi Simon

With "impersonate" set to True and anonymous access, ASP.NET will use
IUSER_mypc permission to write the event log. However, to write event log,
it may be not enough to set permission on some registry entries. I suggest
you may try following steps to see if they can help:

1. Change "Impersonate" to false, so that the ASP.NET app will to ASPNET
account to write the event log.
2. Trace the registry and files access with some utilities, for example,
Regmon and Filemon. They will record all read/write behaviors on registry
and files. Form their log, we may find the object which cause "access
denied". For more informaiton on these two utilities, please browse to
www.systeminternals.com.

Hope this help,

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
 
 
 
SJ
Guest
Posts: n/a
 
      11-12-2003
Hi Luke,

Thanks - they were good suggestions. I've tried seeing what is happening
under the covers but am no closer to understand where it's failing. RegMon
shows no failures at all, - the aspnet_wp successfully reads the Eventlog
keys even when impersonate=true. Filemon, too, is showing no errors - I
can't even see what file it's trying to write to. Diskmon also does not show
any failures.

About the only thing that's odd is in FileMon: when impersonate=true, before
the exception, aspnet_wp opens, reads and closes the ExceptionManager.vb
(source) file - this is part of the EMAB. When impersonate=false this does
not happen.

I know that the EMAB uses the resource manager, and I've tried assigning
permissions to the IUSR account on the files accessed, but it still doesn't
work. The exception is "A first chance exception of type
'System.InvalidOperationException' occurred in system.dll Additional
information: Cannot open log for source {0}. You may not have write access."

The key to it may be the {0} symbol but I don't know why this ie being
returned. Any more suggestions?

Thanks

Simon


 
Reply With Quote
 
David Eisenberg
Guest
Posts: n/a
 
      11-12-2003
I'm having the same trouble... I'm using W2K3 .Net Server so I've also
changed my ACL's to include the Network Service account. The registry
hive entry gets created under the Application tree but the actual
event doesn't get logged. I've even given full rights to the local
Everyone group just to see if that worked but no dice. The domain
IUSR_ account has full rights to that section of the registry also. I
don't know what else to open up... do these changes require a reboot?
Thanks,
-Dave
Here's my code. It's in Global.asax.vb which is used to trap all
errors:

Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
' Fires when an error occurs
Dim objEventLog As New EventLog
Dim AppName As String = "My VB.Net WebApp"
Dim LogName As String = "Application"
Dim objErr As Exception = Server.GetLastError().GetBaseException()
Dim err As String = "Error Caught in Application_Error event" & _
System.Environment.NewLine & _
"Error in: " & Request.Url.ToString() & _
System.Environment.NewLine & _
"Error Message: " & objErr.Message.ToString() & _
System.Environment.NewLine & _
"Stack Trace:" & objErr.StackTrace.ToString()
Try
'Register the App as an Event Source
If Not objEventLog.SourceExists(AppName) Then
objEventLog.CreateEventSource(AppName, LogName)
End If
objEventLog.Source = AppName
objEventLog.WriteEntry(err, EventLogEntryType.Error)
Catch Ex As Exception
Response.Write(Ex.Message)
End Try
End Sub

The result is:
Cannot open log for source {0}. You may not have write access.


"SJ" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> Hi Luke,
>
> Thanks - they were good suggestions. I've tried seeing what is happening
> under the covers but am no closer to understand where it's failing. RegMon
> shows no failures at all, - the aspnet_wp successfully reads the Eventlog
> keys even when impersonate=true. Filemon, too, is showing no errors - I
> can't even see what file it's trying to write to. Diskmon also does not show
> any failures.
>
> About the only thing that's odd is in FileMon: when impersonate=true, before
> the exception, aspnet_wp opens, reads and closes the ExceptionManager.vb
> (source) file - this is part of the EMAB. When impersonate=false this does
> not happen.
>
> I know that the EMAB uses the resource manager, and I've tried assigning
> permissions to the IUSR account on the files accessed, but it still doesn't
> work. The exception is "A first chance exception of type
> 'System.InvalidOperationException' occurred in system.dll Additional
> information: Cannot open log for source {0}. You may not have write access."
>
> The key to it may be the {0} symbol but I don't know why this ie being
> returned. Any more suggestions?
>
> Thanks
>
> Simon

 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      11-13-2003
Hi Simon,

You may try write to the event log directly to see if it will be
successful, to set the security with this way, you may refer to:

http://support.microsoft.com/default...;EN-US;Q329291

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      11-17-2003
Hi Simon,

Any updates? can you write the eventlog directly as I suggested?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
Phil
Guest
Posts: n/a
 
      11-17-2003
Hi Luke,
I had the exact same problems that Simon had. The link you suggested
worked:
http://support.microsoft.com/default...;EN-US;Q329291
However, after having following the instructions for the "Second Approach" I
can only right to the "TEST" Event Source. I then attempted to create a new
event source but I received the same failure exceptions.
While this is a temporary work around, it's hardly a solution to the
problem. It looks like the ASPNET user does not have permissions to Create
an Event Source, but does have permission to write to Event Sources that
already exist in the Registry.
Thanks for the work around to the problem.
Best Regards,
Phil

"MSFT" <(E-Mail Removed)> wrote in message
news:$(E-Mail Removed)...
> Hi Simon,
>
> Any updates? can you write the eventlog directly as I suggested?
>
> Luke
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>



 
Reply With Quote
 
SJ
Guest
Posts: n/a
 
      11-19-2003
Hi Luke and Phil,

Thanks for chasing this up, Luke - and for the support, Phil - I thought I
was losing it for a while!

Yep, the work-around does work. I agree with Phil's last post: the ASPNET is
not able to create event sources, despite appearances to the contrary. There
doesn't seem to be any way to enable event source creation through
permissions.

I am now using an installer module to create the event source on
installation, but that's still an extra, manual step.

Thanks again

Simon


 
Reply With Quote
 
Phil
Guest
Posts: n/a
 
      11-19-2003
Simon,
Glad it all worked out.
Luke,
Suggestion:
This may sound a might pedestrian, and I certainly am more gratified as a
developer when I do the following in code, however,
since VS.Net's Server Explorer gives users the ability to create performance
counters and such, why not add the same feature for event log creation ? I
also noticed, after running the installer, then expanding the Application
event log node in VS.Net's Server Explorer, that the newly created 'TEST'
event log node is displayed. What would be really cool is if the user could
drag that particular event log node into the Designer. This would
automatically set the event source property of course.
Regards,
Phil


"SJ" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Luke and Phil,
>
> Thanks for chasing this up, Luke - and for the support, Phil - I thought I
> was losing it for a while!
>
> Yep, the work-around does work. I agree with Phil's last post: the ASPNET

is
> not able to create event sources, despite appearances to the contrary.

There
> doesn't seem to be any way to enable event source creation through
> permissions.
>
> I am now using an installer module to create the event source on
> installation, but that's still an extra, manual step.
>
> Thanks again
>
> Simon
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Impersonation and Custom Event Log - write access denied JimLad ASP .Net 0 01-26-2010 03:59 PM
My.Log.Writeexception not writing to Application Event Log. =?Utf-8?B?VG9tIFdpbmdlcnQ=?= ASP .Net 0 01-20-2006 06:41 PM
My.Log.WriteException not writing to Event Log with ASP.Net 2.0 Tom Wingert ASP .Net Web Services 0 01-12-2006 06:46 PM
EMAB, Impersonation, & Access Denied to Event Log in ASP.NET Jaloha ASP .Net Security 0 07-02-2004 03:28 AM
Need help on the Permissions needed to log to Event Log from ASP.NET? Henrik_the_boss ASP .Net 0 11-05-2003 10:14 AM



Advertisments