To this notion, Windows says: System.Security.SecurityException: Requested registry access is not allowed.
You have GOT to be kidding me...
Here's a snipped stack trace:
[SecurityException: Requested registry access is not allowed.]
System.ThrowHelper.ThrowSecurityException(ExceptionResource resource) +48
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable) +2780649
System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData) +360
System.Diagnostics.EventLog.CreateEventSource(String source, String logName) +41
It should be pretty obvious what I'm trying to do. What security settings must I change to allow my ASP.NET application to create this EventLog source and subsequently write log events?
Thanks for any help,
You have to give the ASP.NET porcess account access to modify the event log entries. There are a number of KB articles about this and related issues. Might start here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;842795
Jeff
Cool, thanks! :)
ASTECH:
You have GOT to be kidding me...
Wow, so you'd be cool that the Windows Registry gave access to running code by default?
Can you image the havok created if someone had a third party dll in their web project or some other made-with-.NET programming running that was reading and reporting EventLog details back to some remote server somewhere?
Explicitly setting the permission is absolutely the best route there.... protects programmeres/end-users fromthemselves
Do you expect a reply to that? If you're really begging for a reply to that, here: "I couldn't care less."
The EventLog is the central logging facility for Windows. Duh? Let my .NET applications write entries without bothering me with these overly paranoid, annoying details. This has just been one more delay in what should have been an easy development cycle...
By the way: "If you don't have anything nice to say or constructive to add, KEEP IT SHUT!"
There's a definite security concern with allowing the .NET process to write to the Windows event logs. The proper method would be to create your own event log for your app and write to that. In all cases never allow access to the secuirty log, makes it too easy to cover your tracks when you're hacking.
As long as you're comfortable with allowing the access, it's fine with us. If you wish to avoid further delays in your development cycle due to security issues, I suggest you make the group Everyone a local administrator and change all your processes to use the Administrator account. That way you pretty much won't be pestered by security issues in your coding.
Jeff
If you wish to avoid further delays in your development cycle due to security issues, I suggest you make the group Everyone a local administrator and change all your processes to use the Administrator account. That way you pretty much won't be pestered by security issues in your coding.
Jeff
Now that's funny! What a blissful world we'd all live in if everyone everywhere did exactly that! (tongue in cheek)
0 comments:
Post a Comment