«

I'm attempting to read the security event log for a WinXP Pro machine using
a web form that calls a web service. Both files are stored in the same
directory in IIS. The directory is set to use Windows Integrated security
and I've set up the web app to use impersonation with the local admin
account on a WinXP Pro box.

I get the following error though whenever I attempt to iterate over the
Entries collection of the EventLog object:

Cannot open log Security on machine .. Windows has not provided an error
code.

The application log and the system log can both be read though using the
same web service. I've altered the machine.config file to use both the
LOCAL and Administrator accounts with the same result. If I put the same
code into a Win form project, it works just fine and I'm able to view the
entries of the security log. Within the web method, I can see that the
current user making the request is the local administrator by using the
IIdentity interface of the User object. Explicitly impersonating the local
admin using objects of the System.Security namespace doesn't help either.

Signing the web service with sn.exe and putting it into the GAC has not
helped. I created a code permission that included full privileges to the
registry and event logs and set my sn assembly to use it, but the same error
occurs. Using Regmon.exe, I can see the requests to the registry keys that
are made, but no error messages are reported.

Can anyone provide suggestions for a fix?

Its all about the process identity. You could put the ASPNET account in the
Administrators group and it would work, but that's a security risk.

Here's what you do. Open regedit. Find
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\Eventlog\Security' and
go to Edit -> Permissions. Give the ASPNET account full control to this
key.

--
Eric Marvets
Principal Consultant

the bang project

<shameless self promotion>

Email for Information on Our Architecture and
Mentoring Services

</shameless self promotion>

Good suggestion, but I tried that a little earlier just to see if it would
work (and yes, it's a very bad idea to grant that permission to the ASPNET
account). Anyway, the error is still the same. It looks to me as though
it's just a defect in the runtime/IIS. Maybe MS just decided to lock down
the security log so that nothing even remotely related to the ASPNET process
can touch it.

Here's the error I get after adding the ASPNET account to the Admin group:

Cannot open log Security on machine .. Windows has not provided an error
code.

at System.Diagnostics.EventLog.OpenForRead()
at System.Diagnostics.EventLog.get_EntryCount()
at System.Diagnostics.EventLogEntryCollection.get_Cou nt()
at System.Diagnostics.EntriesEnumerator.MoveNext()
at EventLogArchiver.ServerEventLogReader.GetServerEve nts(String LogName) in
c:\inetpub\wwwroot\EventLogArchiver\ServerEventLog Reader.asmx.vb:line 71

TY Eric for taking the time to respond.



"Ian Wright" <ian-c-> wrote in message
news:...
> I'm attempting to read the security event log for a WinXP Pro machine
using
> a web form that calls a web service. Both files are stored in the same
> directory in IIS. The directory is set to use Windows Integrated security
> and I've set up the web app to use impersonation with the local admin
> account on a WinXP Pro box.
>
> I get the following error though whenever I attempt to iterate over the
> Entries collection of the EventLog object:
>
> Cannot open log Security on machine .. Windows has not provided an error
> code.
>
> The application log and the system log can both be read though using the
> same web service. I've altered the machine.config file to use both the
> LOCAL and Administrator accounts with the same result. If I put the same
> code into a Win form project, it works just fine and I'm able to view the
> entries of the security log. Within the web method, I can see that the
> current user making the request is the local administrator by using the
> IIdentity interface of the User object. Explicitly impersonating the
local
> admin using objects of the System.Security namespace doesn't help either.
>
> Signing the web service with sn.exe and putting it into the GAC has not
> helped. I created a code permission that included full privileges to the
> registry and event logs and set my sn assembly to use it, but the same
error
> occurs. Using Regmon.exe, I can see the requests to the registry keys
that
> are made, but no error messages are reported.
>
> Can anyone provide suggestions for a fix?
>
>

Have you turned on auditing and looked at the security or even the
application log for a better error message? I have had no problems doing
this in the past.

--
Eric Marvets
Principal Consultant

the bang project

<shameless self promotion>

Email for Information on Our Architecture and
Mentoring Services

</shameless self promotion>

There are no events recorded in the either of the logs you mentioned that
have to do with my problem.

I looked at the Programming .NET Security book by Freeman and Jones. In
there, they point out that the security log requires a special permission
("Manage auditing and security log") in order to do certain operations (p.
514). Even after explicitly adding the ASPNET account to this user right
group though, it still fails with the same error. I've also added the
ASPNET account with Full Control rights to the registry key for the Services
stuff to no avail.

At this point, my hunch is that the functionality I need is broken as the
result of a recent MS security patch. The same error happens on both of my
WinXP machines. I'll try a Win2K box tomorrow. The thing that's so
frustrating is that even by granting the ASPNET the highest privileges and
access to the system, the web service cannot enumerate thru the log
collection. Perhaps service pack 2 addresses this bug.

"Eric Marvets" <> wrote in message
news:%23S$...
> Have you turned on auditing and looked at the security or even the
> application log for a better error message? I have had no problems doing
> this in the past.
>
> --
> Eric Marvets
> Principal Consultant
>
> the bang project
>
> <shameless self promotion>
>
> Email for Information on Our Architecture and
> Mentoring Services
>
> </shameless self promotion>
>
>

The user account that ASP .Net runs under on the 1.1 framework is "Network
Service". Check to make certain that you have granted the right account the
necessary privileges.

--

Chris Rolon

This posting is provided "AS IS" with no warranties, and confers no rights.

"Ian Wright" <ian-c-> wrote in message
news:Of7U#...
> There are no events recorded in the either of the logs you mentioned that
> have to do with my problem.
>
> I looked at the Programming .NET Security book by Freeman and Jones. In
> there, they point out that the security log requires a special permission
> ("Manage auditing and security log") in order to do certain operations (p.
> 514). Even after explicitly adding the ASPNET account to this user right
> group though, it still fails with the same error. I've also added the
> ASPNET account with Full Control rights to the registry key for the
Services
> stuff to no avail.
>
> At this point, my hunch is that the functionality I need is broken as the
> result of a recent MS security patch. The same error happens on both of
my
> WinXP machines. I'll try a Win2K box tomorrow. The thing that's so
> frustrating is that even by granting the ASPNET the highest privileges and
> access to the system, the web service cannot enumerate thru the log
> collection. Perhaps service pack 2 addresses this bug.
>
> "Eric Marvets" <> wrote in message
> news:%23S$...
> > Have you turned on auditing and looked at the security or even the
> > application log for a better error message? I have had no problems
doing
> > this in the past.
> >
> > --
> > Eric Marvets
> > Principal Consultant
> >
> > the bang project
> >
> > <shameless self promotion>
> >
> > Email for Information on Our Architecture and
> > Mentoring Services
> >
> > </shameless self promotion>
> >
> >
>
>