Advertisement
Advertisement


System.Security.SecurityException when writing to Event Log


Question

I’m working on trying to port an ASP.NET app from Server 2003 (and IIS6) to Server 2008 (IIS7).

When I try and visit the page on the browser I get this:

Server Error in ‘/’ Application.

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.

Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and the location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.]

System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly) +562 System.Diagnostics.EventLog.SourceExists(String source, String machineName) +251

[snip]

These are the things I’ve done to try and solve it:

  1. Give “Everyone” full access permission to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security. This worked. But naturally I can’t do this in production. So I deleted the “Everyone” permission after running the app for a few minutes and the error re-appeared.

  2. I created the source in the Application log and the Security log (and I verified it exists via regedit) during installation with elevated permissions but the error remained.

  3. I gave the app a full trust level in the web.config file (and using appcmd.exe) but to no avail.

Does anyone have an insight as to what could be done here?

PS: This is a follow up to this question. I followed the given answers but to no avail (see #2 above).

2017/05/23
1
190
5/23/2017 12:10:31 PM

Accepted Answer

The solution was to give the "Network Service" account read permission on the EventLog/Security key.

2016/06/22
45
6/22/2016 6:34:14 PM


The problem is that the EventLog.SourceExists tries to access the EventLog\Security key, access which is only permitted for an administrator.

A common example for a C# Program logging into EventLog is:

string sSource;
string sLog;
string sEvent;

sSource = "dotNET Sample App";
sLog = "Application";
sEvent = "Sample Event";

if (!EventLog.SourceExists(sSource))
    EventLog.CreateEventSource(sSource, sLog);

EventLog.WriteEntry(sSource, sEvent);
EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Warning, 234);

However, the following lines fail if the program hasn't administrator permissions and the key is not found under EventLog\Application as EventLog.SourceExists will then try to access EventLog\Security.

if (!EventLog.SourceExists(sSource))
    EventLog.CreateEventSource(sSource, sLog);

Therefore the recommended way is to create an install script, which creates the corresponding key, namely:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App

One can then remove those two lines.

You can also create a .reg file to create the registry key. Simply save the following text into a file create.reg:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App]
2016/06/06

For me ony granting 'Read' permissions for 'NetworkService' to the whole 'EventLog' branch worked.

2009/12/03

This exception was occurring for me from a .NET console app running as a scheduled task, and I was trying to do basically the same thing - create a new Event Source and write to the event log.

In the end, setting full permissions for the user under which the task was running on the following keys did the trick for me:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
2011/12/15

I had a very similar problem with a console program I develop under VS2010 (upgraded from VS2008 under XP) My prog uses EnLib to do some logging. The error was fired because EntLib had not the permission to register a new event source.

So I started once my compiled prog as an Administrator : it registered the event source. Then I went back developping and debugging from inside VS without problem.

(you may also refer to http://www.blackwasp.co.uk/EventLog_3.aspx, it helped me

2011/10/18

I try almost everything in here to solve this problem... I share here the answer that help me:

Another way to resolve the issue :

  • in IIS console, go to application pool managing your site, and note the identity running it (usually Network Service)
  • make sure this identity can read KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog (rigth-click, authorisations)
  • now change the identity of this application pool to Local System, apply, and switch back to Network Service

Credentials will be reloaded and EventLog reacheable

in http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx , thanks Michael Freidgeim

2020/06/20

Source: https://stackoverflow.com/questions/1274018
Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow
Email: [email protected]