p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

aspx thread: eventLog class -- 'System.Security.SecurityException: Requested r egistry access is not allowed' errors


Message #1 by "Oliver, Wells" <WOliver@l...> on Thu, 11 Jul 2002 09:52:48 -0700
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C228FB.6338E2D0
Content-Type: text/plain;
	charset="iso-8859-1"

I'm trying to write to an event log and keep getting this security error.

However, I have '<trust level="Full" />' in my web.config file.

Any idea how I can get around this?

Wells Oliver
Web Application Programmer
Leviton Voice & Data
xxx-xxx-xxxx
http://www.levitonvoicedata.com 

Message #2 by Feduke Cntr Charles R <FedukeCR@m...> on Thu, 11 Jul 2002 13:16:37 -0400
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C228FE.B6A5F950
Content-Type: text/plain;
	charset="iso-8859-1"

I can tell you how to get around it, but its probably not the right way (in
the mind of security) to do it.  If you're worried about aspnet_wp.exe
hijacking your event log and destroying it should someone find an exploit to
do so, then don't do this.
 
Change the "<processModel ...>" section in your web.config from user (or it
might be username) ="machine" to ="SYSTEM".  You could do this in the
Machine.Config if you'd like to enable this for all sites.  This allows
aspnet_wp.exe to run as a system level administrator account and thus access
the file structure outside of its web application space and the event log.
 
- Chuck

-----Original Message-----
From: Oliver, Wells [mailto:WOliver@l...]
Sent: Thursday, July 11, 2002 12:53 PM
To: ASP+
Subject: [aspx] eventLog class -- 'System.Security.SecurityException:
Requested r egistry access is not allowed' errors



I'm trying to write to an event log and keep getting this security error. 

However, I have '<trust level="Full" />' in my web.config file. 

Any idea how I can get around this? 

Wells Oliver 
Web Application Programmer 
Leviton Voice & Data 
xxx-xxx-xxxx 
http://www.levitonvoicedata.com <http://www.levitonvoicedata.com>  

--- Change your mail options at http://p2p.wrox.com/manager.asp or to
unsubscribe send a blank email to  


Message #3 by "Dave Rezoski" <daverezoski@h...> on Thu, 11 Jul 2002 18:02:57 +0000
here's the c# code you'll need to do it.  the aspnet user has the ability to 
write to the event log, assuming the source log you're trying to write to is 
already created.  The aspnet user does *not* have the ability to *create* a 
log.  Allowing the aspnet user to have *write* privelages to the event log 
would require giving the aspnet user admin-ish privelages on the machine, 
which is not encouraged at all.

The code example below is located in the global.asx.cs file, within the 
Application_Error handler, so it fires whenever there is an unhandled 
application error.  The source event log that is being written to in this 
example (myLog.Source = "Application";) is pre-existing in the event log, 
and therefore can be written to by the aspnet user.

Example code: (apologies in advance for poor formatting)

protected void Application_Error(Object sender, EventArgs e)
{
	System.Exception ex = Server.GetLastError();
	string sError = "";

	// Create an EventLog instance and assign it's source.
	EventLog myLog = new EventLog();
	myLog.Source = "Application";

	if(ex == null)
	{
		myLog.WriteEntry("Unknown error occurred", EventLogEntryType.Error,0);
	}
	else
	{
		// Write an entry to the event log...
		if(ex.InnerException != null)
		{
			sError += "InnerException.Message:\n" + ex.InnerException.Message + 
"\n\n";
			sError += "InnerException.Source:\n" + ex.InnerException.Source + "\n\n";
			sError += "InnerException.StackTrace:\n" + ex.InnerException.StackTrace + 
"\n\n";
		}

		sError += "Exception.Message:\n" + ex.Message + "\n\n";
		sError += "Exception.Source:\n" + ex.Source + "\n\n";
		sError += "Exception.StackTrace:\n" + ex.StackTrace + "\n\n";

		// write log
		myLog.WriteEntry(sError,EventLogEntryType.Error,0);
	}
}



Hope this help!

Dave



----Original Message Follows----
From: Feduke Cntr Charles R <FedukeCR@m...>
Reply-To: "ASP+" <aspx@p...>
To: "ASP+" <aspx@p...>
Subject: [aspx] RE: eventLog class -- 'System.Security.SecurityException:    
   Requested r egistry access is not allowed' errors
Date: Thu, 11 Jul 2002 13:16:37 -0400

I can tell you how to get around it, but its probably not the right way (in
the mind of security) to do it.  If you're worried about aspnet_wp.exe
hijacking your event log and destroying it should someone find an exploit to
do so, then don't do this.

Change the "<processModel ...>" section in your web.config from user (or it
might be username) ="machine" to ="SYSTEM".  You could do this in the
Machine.Config if you'd like to enable this for all sites.  This allows
aspnet_wp.exe to run as a system level administrator account and thus access
the file structure outside of its web application space and the event log.

- Chuck

-----Original Message-----
From: Oliver, Wells [mailto:WOliver@l...]
Sent: Thursday, July 11, 2002 12:53 PM
To: ASP+
Subject: [aspx] eventLog class -- 'System.Security.SecurityException:
Requested r egistry access is not allowed' errors



I'm trying to write to an event log and keep getting this security error.

However, I have '<trust level="Full" />' in my web.config file.

Any idea how I can get around this?

Wells Oliver
Web Application Programmer
Leviton Voice & Data
xxx-xxx-xxxx
http://www.levitonvoicedata.com <http://www.levitonvoicedata.com>

--- Change your mail options at http://p2p.wrox.com/manager.asp or to
unsubscribe send a blank email to 







_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

Message #4 by "Oliver, Wells" <WOliver@l...> on Thu, 11 Jul 2002 12:59:54 -0700
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C22915.86257910
Content-Type: text/plain;
	charset="iso-8859-1"

Thank you. I guess my new, less interesting question is-- _how_ do you
create a new event log?! I have admin rights on my box and I see no option
from either the event viewer or the MMC to create a new one.

Thanks :)

-----Original Message-----
From: Dave Rezoski [mailto:daverezoski@h...]
Sent: Thursday, July 11, 2002 11:03 AM
To: ASP+
Subject: [aspx] RE: eventLog class --
'System.Security.SecurityException: Requested r egistry access is not
allowed' errors


here's the c# code you'll need to do it.  the aspnet user has the ability to

write to the event log, assuming the source log you're trying to write to is

already created.  The aspnet user does *not* have the ability to *create* a 
log.  Allowing the aspnet user to have *write* privelages to the event log 
would require giving the aspnet user admin-ish privelages on the machine, 
which is not encouraged at all.

The code example below is located in the global.asx.cs file, within the 
Application_Error handler, so it fires whenever there is an unhandled 
application error.  The source event log that is being written to in this 
example (myLog.Source = "Application";) is pre-existing in the event log, 
and therefore can be written to by the aspnet user.

Example code: (apologies in advance for poor formatting)

protected void Application_Error(Object sender, EventArgs e)
{
	System.Exception ex = Server.GetLastError();
	string sError = "";

	// Create an EventLog instance and assign it's source.
	EventLog myLog = new EventLog();
	myLog.Source = "Application";

	if(ex == null)
	{
		myLog.WriteEntry("Unknown error occurred",
EventLogEntryType.Error,0);
	}
	else
	{
		// Write an entry to the event log...
		if(ex.InnerException != null)
		{
			sError += "InnerException.Message:\n" +
ex.InnerException.Message + 
"\n\n";
			sError += "InnerException.Source:\n" +
ex.InnerException.Source + "\n\n";
			sError += "InnerException.StackTrace:\n" +
ex.InnerException.StackTrace + 
"\n\n";
		}

		sError += "Exception.Message:\n" + ex.Message + "\n\n";
		sError += "Exception.Source:\n" + ex.Source + "\n\n";
		sError += "Exception.StackTrace:\n" + ex.StackTrace +
"\n\n";

		// write log
		myLog.WriteEntry(sError,EventLogEntryType.Error,0);
	}
}



Hope this help!

Dave



----Original Message Follows----
From: Feduke Cntr Charles R <FedukeCR@m...>
Reply-To: "ASP+" <aspx@p...>
To: "ASP+" <aspx@p...>
Subject: [aspx] RE: eventLog class -- 'System.Security.SecurityException:

   Requested r egistry access is not allowed' errors
Date: Thu, 11 Jul 2002 13:16:37 -0400

I can tell you how to get around it, but its probably not the right way (in
the mind of security) to do it.  If you're worried about aspnet_wp.exe
hijacking your event log and destroying it should someone find an exploit to
do so, then don't do this.

Change the "<processModel ...>" section in your web.config from user (or it
might be username) ="machine" to ="SYSTEM".  You could do this in the
Machine.Config if you'd like to enable this for all sites.  This allows
aspnet_wp.exe to run as a system level administrator account and thus access
the file structure outside of its web application space and the event log.

- Chuck

-----Original Message-----
From: Oliver, Wells [mailto:WOliver@l...]
Sent: Thursday, July 11, 2002 12:53 PM
To: ASP+
Subject: [aspx] eventLog class -- 'System.Security.SecurityException:
Requested r egistry access is not allowed' errors



I'm trying to write to an event log and keep getting this security error.

However, I have '<trust level="Full" />' in my web.config file.

Any idea how I can get around this?

Wells Oliver
Web Application Programmer
Leviton Voice & Data
xxx-xxx-xxxx
http://www.levitonvoicedata.com <http://www.levitonvoicedata.com>

--- Change your mail options at http://p2p.wrox.com/manager.asp or to
unsubscribe send a blank email to 







_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com




  Return to Index