I have a library that I created with some business logic that includes writing to a System.Diagnostics.EventLog
instance. The library is normally called from a Windows Service application, but now I'm trying to call those same library functions from my ASP.NET MVC application.
I tried this code inside my controller to create the EventLog instance that I pass into the method that needs to write to the log.
Dim log = New EventLog("Application", My.Computer.Name, "MyMVCApp")
The following error is generated when the code within the library method tries to write to the log:
[SecurityException: Requested registry access is not allowed.]
System.ThrowHelper.ThrowSecurityException(ExceptionResource resource) +51
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable) +7462217
System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData) +366
System.Diagnostics.EventLog.VerifyAndCreateSource(String sourceName, String currentMachineName) +194
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) +205
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type) +14
My web app is running as the Network Service user on Windows Server 2003 running IIS 6. Is there something I need to do in order to give the Network Service user access to the registry?
Is there a better way to create an EventLog instance for use in an ASP.NET MVC application? Is there one already created by the framework that I just need to reference?
Navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > EventLog > Security, right-click and select "Permissions..." Click "Add...", find the account running Secret Server, then click OK. Check Read in the Allow column, then click OK to apply the permission.
In the Group Policy editor, expand Windows Setting, expand Security Settings, expand Local Policies, and then expand Security Options. Double-click Event log: Application log SDDL, type the SDDL string that you want for the log security, and then select OK.
The Write-EventLog cmdlet writes an event to an event log. To write an event to an event log, the event log must exist on the computer and the source must be registered for the event log. The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs.
Parameters. The string to write to the event log. One of the EventLogEntryType values. The application-specific identifier for the event.
From MSDN: "Applications that run using the Network Service identity can write to the event log by using existing event sources, but they cannot create new event sources because of insufficient registry permissions."
And...
"If the Source for the event log associated with the EventLog instance does not exist, a new event source is created."
So looks like your event log source doesn't exist, and it's trying to create a new event log source using the Network Service User (which requires writing to the registry, so wont work).
"To enable your ASP.NET application to write to the event log using an event source that does not already exist, you have two options:"
So, need to create the log outside of the application (you can't do it programatically with this user. Do it either manually, or create a simple command line app to simplify installation).
For full details:
http://msdn.microsoft.com/en-us/library/ms998320.aspx#paght000015_eventlogaccess
Personally I'd recommend that you don't alter the net user permissions, but rather create the log source outside of the web app. My preference is in a console app (which will take you about 5mins to write, and which you can also use to prep other machines). Start a new console app in VS.NET, and add the code to create the log sources. An example:
http://www.dotnetspider.com/resources/23593-Create-Event-log-VB-NET.aspx
Then just run the console app from the cmd line, when logged in with appropriate permissions.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With