Solved

Got security exception error. What permission is needed to write/create windows event log?

Posted on 2015-01-21
2
783 Views
Last Modified: 2015-02-24
Hi, I'm using vs2012.
i'm getting the following error when my code try to create new event log and event source.  I then added impersonation code, stepping through it is impersonating successfully.  the impersonated account is added to the local Administrator group of the server but still I would get security error.  What other permission still needed?  Thank you.
Both code below would give security error
            //if ((!EventLog.Exists(sLog)) || (!EventLog.SourceExists(sSource)))
            //    EventLog.CreateEventSource(sSource, sLog);

            if (!EventLog.SourceExists(sSource))
                EventLog.CreateEventSource(sSource, sLog);

ecurity Exception
  Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

 Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security.

Source Error:


 An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace:



[SecurityException: The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security.]
   System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly, Boolean wantToCreate) +806
   System.Diagnostics.EventLog.SourceExists(String source, String machineName, Boolean wantToCreate) +315
   System.Diagnostics.EventLog.SourceExists(String source) +22
   XXXXXXXXXXXXXXXXXXXXXXX.ErrLog.LogIt(String msg) +143
   XXXXXXXXXXXXXXXXXXXXXXX._Default.GetUsersToSession() +2444
   System.Web.UI.Control.LoadRecursive() +71
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12347355
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +12346873
   System.Web.UI.Page.ProcessRequest() +119
   System.Web.UI.Page.ProcessRequest(HttpContext context) +99
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +913
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
0
Comment
Question by:lapucca
2 Comments
 
LVL 33

Accepted Solution

by:
it_saige earned 500 total points
ID: 40563105
This is because NetworkService does not have read and\or write permissions to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security key in the registry.

Other than explicitly defining the permissions, the recommendation is to add a key entry for your application (by Name) to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application key.

Example for an application named MyApplication:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MyApplication

Open in new window


-saige-
0
 

Author Comment

by:lapucca
ID: 40563306
That's why I use impersonation code from here, http://metah.ch/blog/2010/10/impersonation-with-c-2/?utm_expid=93095202-0.j6F45lYdRJalUdpcxFnTAA.0&utm_referrer=https%3A%2F%2Fwww.google.com%2F 

before I write to the event log.  The user impersonate is added to the local server's Administrator's group.  Wouldn't that be enough?  I know it's not because it's getting security error but that doesn't make sense if I'm impersonating a user account that is part of Administrators group

          ImpersonateManager.ImpersonateUser("domain-name", ConfigurationManager.AppSettings.Get("admin"), ConfigurationManager.AppSettings.Get("password"));
            var curUser = WindowsIdentity.GetCurrent().Name;

                  sSource = "XXXXXXXXX";
                  sLog = "XXXXXXXXX";
                  sEvent = "XXXXXXXXXXXX Exception Error";

            //if ((!EventLog.Exists(sLog)) || (!EventLog.SourceExists(sSource)))
            //    EventLog.CreateEventSource(sSource, sLog);

            if (!EventLog.SourceExists(sSource))
                EventLog.CreateEventSource(sSource, sLog);

                  EventLog.WriteEntry(sSource,msg, EventLogEntryType.Error);

            ImpersonateManager.StopImpersonation();
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question