Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Problem with Exception Mgt. App Block on W2k Server

Reply
Thread Tools

Problem with Exception Mgt. App Block on W2k Server

 
 
Jim Ross [MVP]
Guest
Posts: n/a
 
      12-02-2003
I'm about at wit's end getting the exception block to operate at all
on our Win 2000 server. All is well on my local workstation, but the
block will not register correctly to operate on the server. Here is
what we have done:

* Xcopied the dll's into our app's bin directory on the server.
* Ran the install util with a bat file located in the bin directory.
the BAT file contains:
===========================
REM *** Batch File to register the ExceptionManagement appblock dll to
allow
REM *** writing to the event log
c:\winnt\microsoft.net\framework\v1.1.4322\install util.exe
microsoft.applicationblocks.exceptionmanagement.dl l
REM Register complete.
pause
=================================

the BAT file returns comforting sounding words, and the actual install
log that gets created also looks "comforting":

==========================================
Installing assembly
'd:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.dll'.
Affected parameters are:
assemblypath =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.dll
logfile =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.InstallLog
Creating EventLog source ExceptionManagerInternalException in log
Application...
Creating EventLog source ExceptionManagerPublishedException in log
Application...
Committing assembly
'd:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.dll'.
Affected parameters are:
assemblypath =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.dll
logfile =
d:\sites\problem-management\wwwroot\cca\bin\microsoft.applicationbl ocks.exceptionmanagement.InstallLog
==============================

BUT, when anything tries to throw an exception, we get the "dreaded":
=======================
"The event source ExceptionManagerInternalException does not exist and
cannot be created with the current permissions
======================

WHAT is going on here? I have seen this error reported frequently, but
in most cases running the installutil seems to clear it up. Here, we
ran installutil, with apparent success to judge from the log, but we
still can't log an exception. I'm sure it is a permissions thing
somewhere, but where? As noted, this is a Win2000 sp3.

Jim Ross
MS MVP [ASP.NET][VC/MFC emeritus]

To send email, change 'lotsofspamthroughhere' to 'msn' but please ask all questions in the newsgroups, not via private mail
 
Reply With Quote
 
 
 
 
MSFT
Guest
Posts: n/a
 
      12-03-2003
Hi Jim,

If you use a more powerful account, for example, the System account, will
the error still occur?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
 
 
 
Jim Ross [MVP]
Guest
Posts: n/a
 
      12-03-2003
I don't know. Could you tell me how I might try that? I'm afraid that
is an area of .NET that is foreign territory to me.

Note that the block _appears_ to be correctly registered. Even the
correct Registry entries exist.

http://www.velocityreviews.com/forums/(E-Mail Removed) (MSFT) wrote:

>If you use a more powerful account, for example, the System account, will
>the error still occur?


Jim Ross
MS MVP [ASP.NET][VC/MFC emeritus]

To send email, change 'lotsofspamthroughhere' to 'msn' but please ask all questions in the newsgroups, not via private mail
 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      12-04-2003
Hi Jim,

You can configure the process identity in the <processModel> section of the
Machine.config file in the Config subdirectory of the installation root
directory. The userName and the password attributes control the identity of
the process. The default values for these attributes are as follows:


<processModel userName="machine" password="AutoGenerate" />


The machine and the AutoGenerate values instruct ASP.NET to use the
built-in ASPNET account and to use a cryptographically strong, random
password that is stored in the Local Security Authority (LSA) for that
account.

If you want to use a process that has more access rights, you can set the
userName attribute to System, which causes the ASP.NET worker process to
run with the same identity as the Inetinfo.exe process. The Inetinfo.exe
process runs by default as the System identity. When you configure the
ASP.NET worker process to use the System identity, the ASP.NET worker
process can access almost all of the resources on the local computer. On
computers that are running Windows 2000 or Windows XP, the System account
also has network credentials and can access network resources as the
machine account.


For more information about <processModel> Element:

http://msdn.microsoft.com/library/de...us/cpgenref/ht
ml/gngrfprocessmodelsection.asp

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
Jim Ross [MVP]
Guest
Posts: n/a
 
      12-09-2003
Yes, I _could_ take that approach, but since my original post I'be
been reading up on these issues, and according to an MS Press book on
building secure ASP.NET apps, the preferred approach for this specific
sort of issue is to grant the ASPNET account the needed access. The
idea being--just as much access as is needed and not a bit more.
Sounds reasonable.

What is so maddening is that I HAVE granted it Registry access to the
needed keys. I can look at it in RegEdt32, and there it is, ASPNET has
the exact access the books says it needs, but as soon as I try to log
an exception, it gets "Registry access denied". It seems reasonable to
assume, at this point, that the domain security policies are somehow
overriding what I'm trying to do.

(E-Mail Removed) (MSFT) wrote:
>You can configure the process identity in the <processModel> section of the
>Machine.config file in the Config subdirectory of the installation root
>directory. The userName and the password attributes control the identity of
>the process. The default values for these attributes are as follows:
>


Jim Ross
MS MVP [ASP.NET][VC/MFC emeritus]

To send email, change 'lotsofspamthroughhere' to 'msn' but please ask all questions in the newsgroups, not via private mail
 
Reply With Quote
 
Joe Audette
Guest
Posts: n/a
 
      12-09-2003
I think the reason your batch file doesn't work is
because you have to use the VS.NET command prompt to run
the installutil not just a regular command prompt. The
VS.NET command line set up environment variables that are
needed. I know there is a way to do it with a regular
command prompt but you have to setup the environment
variables that the VS.NET command prompt would do for you.

Best Regards,

Joe Audette

>-----Original Message-----
>I'm about at wit's end getting the exception block to

operate at all
>on our Win 2000 server. All is well on my local

workstation, but the
>block will not register correctly to operate on the

server. Here is
>what we have done:
>
>* Xcopied the dll's into our app's bin directory on the

server.
>* Ran the install util with a bat file located in the

bin directory.
>the BAT file contains:
>===========================
>REM *** Batch File to register the ExceptionManagement

appblock dll to
>allow
>REM *** writing to the event log
>c:\winnt\microsoft.net\framework\v1.1.4322

\installutil.exe
>microsoft.applicationblocks.exceptionmanagement.d ll
>REM Register complete.
>pause
>=================================
>
>the BAT file returns comforting sounding words, and the

actual install
>log that gets created also looks "comforting":
>
>==========================================
>Installing assembly
>'d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.dll'.
>Affected parameters are:
> assemblypath =
>d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.dll
> logfile =
>d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.InstallLog
>Creating EventLog source

ExceptionManagerInternalException in log
>Application...
>Creating EventLog source

ExceptionManagerPublishedException in log
>Application...
>Committing assembly
>'d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.dll'.
>Affected parameters are:
> assemblypath =
>d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.dll
> logfile =
>d:\sites\problem-

management\wwwroot\cca\bin\microsoft.applicationbl ocks.exc
eptionmanagement.InstallLog
>==============================
>
>BUT, when anything tries to throw an exception, we get

the "dreaded":
>=======================
>"The event source ExceptionManagerInternalException does

not exist and
>cannot be created with the current permissions
>======================
>
>WHAT is going on here? I have seen this error reported

frequently, but
>in most cases running the installutil seems to clear it

up. Here, we
>ran installutil, with apparent success to judge from the

log, but we
>still can't log an exception. I'm sure it is a

permissions thing
>somewhere, but where? As noted, this is a Win2000 sp3.
>
>Jim Ross
>MS MVP [ASP.NET][VC/MFC emeritus]
>
>To send email, change 'lotsofspamthroughhere' to 'msn'

but please ask all questions in the newsgroups, not via
private mail
>.
>

 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      12-10-2003
Hi Jim,

There may be some other registry entries on which we need permission. To
make sure this, you may use a tool "regmon" to trace the access to
registry. It will log all access to registry. When the error occur, you can
check its log to see if there is any permission denied error on the
registry. For more information on this tool, you can browse to:

www.systeminternals.com

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Exception of type 'System.Web.HttpUnhandledException' wasthrown.Exception has been thrown by the target of an invocation.System.WebSystem.Exception jobs ASP .Net 1 11-16-2007 05:57 PM
while executing my client program i get the exception javax.naming.LinkException: [Root exception is javax.naming.LinkException: [Root exception is javax.naming.NameNotFoundException: remaining if plz anybody know how to solve this problem then mahesh Java 0 03-08-2007 12:26 PM
Fo:Block can you check to see if a block contains any text by using the block id? morrell XML 1 10-10-2006 07:18 PM
W2K Prof. to W2K Prof. File & Printer Sharing Not Working =?Utf-8?B?Qm9i?= Wireless Networking 14 12-17-2004 06:20 PM



Advertisments