Hello all.
I have a couple of aspx pages. When something fails in them, I would like
them to be able to log to either a database, a logfile, or the application
log. All code is in C#
I run into permissions problems straigh away though. To log to the event
log, you need Administrator privileges. So followed MS example how to
sandbox sensitive and secure code.
1) Made a new component, to sandbox the event log code, and to decrease the
possible attack surface.
2) Created a strong key, and added it to the assembly file.
3) Added the APTCA attribute ([assembly: AllowPartiallyTrustedCallers]),
and as per MS instructions, the following attribute also:
[assembly: EventLogPermission(SecurityAction.RequestMinimum,
PermissionAccess = EventLogPermissionAccess.Instrument)]
4) Added the component to the GAC
5) The code in the function looks like this:
public static bool LogEvent(string LogName, string Source, string User,
string LogText, int EventID, short Category)
{
EventLog oLog;
EventLogEntryType lEntry = EventLogEntryType.Error;
EventLogPermission oPerm;
string sMachine = System.Net.Dns.GetHostName();
string sLog;
bool bOK = false;
sLog = LogName;
Category = 0;
try
{
System.Text.StringBuilder oBuilder = new
System.Text.StringBuilder(LogText.Length + 100);
oBuilder.Append("Date: ");
oBuilder.Append (System.DateTime.Now.ToString());
oBuilder.Append("\n"); // new line
oBuilder.Append("User: ");
oBuilder.Append(User);
oBuilder.Append("\n\n"); // new line
oBuilder.Append(LogText);
// to allow untrusted callers the right to add entries to the event log.
oPerm = new EventLogPermission(EventLogPermissionAccess.Instru ment,
sMachine);
oPerm.Assert();
if (!EventLog.SourceExists(Source))
EventLog.CreateEventSource(Source, sLog, sMachine);
// using means that we don't have to explicitly call dispose at the end.
// Dispose is called implicitly at the end of the using bracket.
// Only supported for objects that implement IDisposable.
using (oLog = new EventLog(sLog, sMachine, Source))
{
string sEventDescription = oBuilder.ToString();
oLog.BeginInit();
oLog.WriteEntry(sEventDescription, lEntry, EventID, Category);
oLog.EndInit();
}
bOK = true;
}
catch (System.Security.SecurityException secEx)
{
bOK = false;
throw(secEx);
}
catch (System.Exception ex)
{
bOK = false;
throw(ex);
}
finally
{
CodeAccessPermission.RevertAll();
}
return bOK;
}
When this component is called from my aspx pages the following error occurs:
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.
Exception Details: System.Security.SecurityException: Requested registry
access is not allowed.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.
I have tried to modify the trust level in the web.config file, but to no
avail. Full trust level works no better than the default trust level.
Clearly, the pages do not have permissions to access the component, and to
execute the code.
I know that the code fails at the call to oLog.WriteEntry
Any idea how to do fix this? Need I configure some assemblies or some such?
Should I remove the demand for Instrument privelege for EventLogPermission?
Have tried to look at code groups under machine config in the .Neet
configuration tool, but nothing helps.
The web pages are running in the default ASP.NET account, as they are on a
public server, and running the web pages under an administrative account is
out of the question.
// Sincerily yours, Henrik
