IIS7: Web Application writing to Event Log generates Security Exception

Every tried to write to the Application Event Log out of a Web Application running in Windows Server 2008 / IIS7? Well, i just tried that and spent about an hour to figure out, how to ‘allow’ the Web Application to write to the Event Log. Logo_IIS7

using the following snippet in my code:

EventLog evtLog = new EventLog();
evtLog.Source = "DEMO.Web";
evtLog.WriteEntry("TEST");

(ASP Handler Class) – (.ashx extension) resulted in a:

Server Error in ‘/DEMO/test’ Application.

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security.

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 

Stack Trace:
[SecurityException: The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security.]
System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly) +563
System.Diagnostics.EventLog.SourceExists(String source, String machineName) +264
System.Diagnostics.EventLog.VerifyAndCreateSource(String sourceName, String currentMachineName) +84
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) +377
System.Diagnostics.EventLog.WriteEntry(String message) +36
DEMOProject.Web.DEMO.ProcessRequest(HttpContext context) in D:\Development\DEMO.ashx.cs:25
System.Web.CallHandlerExecutionStep.System.Web.
HttpApplication.IExecutionStep.Execute() +599
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171

I searched for a while until i found this one here:

Network Service is allowed to write to the Event Log, but not create an event source. you could give permissions to HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\ to allow it to create – but if you’ve already created it at install time, there’s no need.

It’s possible that it’s failing on the SourceExists as well – since that requires enumerating the same registry key. I’d probably just remove the SourceExists/Create check and trust that it’s there – if you’re anonymous, you can’t create it anyway.

So i just added the Network Service Account to the EventLog Key granting Full Control for the key and all of its sub keys.

Path is:

Screenshot:

Registry_EventLog_Key_Path

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog

 

Screenshot:

Registry_EventLog_Key_Permissions

Now we’re almost done. Now, don’t forget to create the corresponding Application-Event-Source-Whatever-Key! In this case/example the Key is named: DEMO.Web

Screenshot:

Registry_EventLog_SubKey

Now, try it again, logging to Event Manager should be working fine..

EventLogResult