IIS7: Web Application writing to Event Log generates Security Exception
| Every tried to write to the Application Event Log out of a Web Application running in Windows Server 2008 / IIS7? Well, i just tried that and spent about an hour to figure out, how to ‘allow’ the Web Application to write to the Event Log. |  |
using the following snippet in my code:
EventLog evtLog = new EventLog();
evtLog.Source = "DEMO.Web";
evtLog.WriteEntry("TEST");
(ASP Handler Class) – (.ashx extension) resulted in a:
Server Error in ‘/DEMO/test’ Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.]
System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly) +563
System.Diagnostics.EventLog.SourceExists(String source, String machineName) +264
System.Diagnostics.EventLog.VerifyAndCreateSource(String sourceName, String currentMachineName) +84
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) +377
System.Diagnostics.EventLog.WriteEntry(String message) +36
DEMOProject.Web.DEMO.ProcessRequest(HttpContext context) in D:\Development\DEMO.ashx.cs:25
System.Web.CallHandlerExecutionStep.System.Web.
HttpApplication.IExecutionStep.Execute() +599
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
I searched for a while until i found this one here:
Network Service is allowed to write to the Event Log, but not create an event source. you could give permissions to HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\ to allow it to create – but if you’ve already created it at install time, there’s no need.
It’s possible that it’s failing on the SourceExists as well – since that requires enumerating the same registry key. I’d probably just remove the SourceExists/Create check and trust that it’s there – if you’re anonymous, you can’t create it anyway.
So i just added the Network Service Account to the EventLog Key granting Full Control for the key and all of its sub keys.
Path is:
Screenshot:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
Screenshot:
Now we’re almost done. Now, don’t forget to create the corresponding Application-Event-Source-Whatever-Key! In this case/example the Key is named: DEMO.Web
Screenshot:
Now, try it again, logging to Event Manager should be working fine..
THANKS A BUNCH! This solved my problem after hours of head banging.
glad about! 😉
Christian
Wow… Thanks!
Thanks a lot.
Worked for me.
Tks a lot men !!! Work on windows 2008 64 bits, framework 4.0.
Thanks a lot. That helped! Hmm Windows environment becomes more and more complicated
THANKS!!!
Thanks a lot..worked for me..
can we do this with a c# program, i guess adding a new key shouldn’t be a problem
eg.
Registry.LocalMachine.CreateSubKey(@”SYSTEM\CurrentControlSet\Services\eventlog\Application\your website”);
but how to grant full access to network service for the eventlog folder
Referred to the link below to add the source key to the register.
http://www.codeproject.com/Articles/18072/Allow-your-ASP-NET-to-Access-your-Resources
Added it as self installing program.
using System.Configuration.Install;
using System.Diagnostics;
using System.ComponentModel;
using System.Reflection;
[RunInstaller(true)]
public class YourEventLogInstaller : Installer
{
private EventLogInstaller YourEventLogInstallerlog;
public YourEventLogInstaller()
{
// Create an instance of ‘EventLogInstaller’.
YourEventLogInstallerlog = new EventLogInstaller();
// Set the ‘Source’ of the event log, to be created.
YourEventLogInstallerlog.Source = “Your Website”;
// Set the ‘Event Log’ that the source is created in.
YourEventLogInstallerlog.Log = “Application”;
// Add myEventLogInstaller to ‘InstallerCollection’.
Installers.Add(YourEventLogInstallerlog);
}
public static void Main()
{
System.Configuration.Install.ManagedInstallerClass.InstallHelper(new string[] { “/i”, Assembly.GetExecutingAssembly().Location });
}
}
once the key is added as part of install activity we wouldn’t have an issue writing to the registry.
This finally got it to work for me, but one part could have been a little clearer. At the end of the article, you say not to forget the “Application-Event-Source-Whatever-Key”. I didn’t quite understand that.
In the eventlog\Application area, add a key with the name of the “source” in your call to EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Warning, 234);
Still, it was this article that got it to work for me. Thanks much. Miguelito
Thanks!!! I’ve tried a lot of stuff, but only this got it resolved!
Thanks a lot.. Its really helpful… 🙂
Thanks for putting this information out there…it works like a charm. I was able to get it to work for Network Service acct, but not for the authenticated user acct. I made the same changes that you suggested above, except I made them on the authenticate user acct, but it’s not working. Any thoughts on how I can get this to work on authenticated users?
Thanks a lot for your information! Very helpful!
I’d like to thank you for the efforts you have put in writing this
blog. I really hope to see the same high-grade content from you in the future as
well. In truth, your creative writing abilities has motivated me to get my own site now 😉
[…] source: https://www.christiano.ch/2009/12/02/iis7-web-application-writing-to-event-log-generates-se… […]