470,819 Members | 1,629 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,819 developers. It's quick & easy.

EventLog Access using impersonation in Windows Server 2003

cjk
Issue
Our web application requires access to write to a custom event log, yet access is denied. This access is denied because we are using impersonation, and our end-users do not (should not) have permissions to write to a custom event log. We would like to know if someone out there has resolved this problem without incorporating registry hacks, elevating end-user account permissions to admin OR calling native code to logon as the account running our Application Pool

Ideally, we would like to use our Application Pool account identity to create the event log entries and we do not mind providing the necessary permissions to this accoun

Details
-Web App hosted on Windows 2003 serve
-Web App is using a custom application pool, running under a specified identity
-Web App uses its own (custom) event lo
-Web App uses impersonation, thus we loose the application pool identity when trying to create an event log entr


Nov 18 '05 #1
3 2517
Hopefully this link will provide your answer:
http://support.microsoft.com/?id=329291

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"cjk" <an*******@discussions.microsoft.com> wrote in message
news:2A**********************************@microsof t.com...
Issue:
Our web application requires access to write to a custom event log, yet access is denied. This access is denied because we are using impersonation,
and our end-users do not (should not) have permissions to write to a custom
event log. We would like to know if someone out there has resolved this
problem without incorporating registry hacks, elevating end-user account
permissions to admin OR calling native code to logon as the account running
our Application Pool.
Ideally, we would like to use our Application Pool account identity to create the event log entries and we do not mind providing the necessary
permissions to this account
Details:
-Web App hosted on Windows 2003 server
-Web App is using a custom application pool, running under a specified identity -Web App uses its own (custom) event log
-Web App uses impersonation, thus we loose the application pool identity when trying to create an event log entry

Nov 18 '05 #2
try:

[DllImport("advapi32")] private extern static bool RevertToSelf();

WindowsIdentity id = WindowsIdentity.GetCurrent();
RevertToSelf();

// do your work here

id.Impersonate();
-- bruce (sqlwork.com)
"cjk" <an*******@discussions.microsoft.com> wrote in message
news:2A**********************************@microsof t.com...
Issue:
Our web application requires access to write to a custom event log, yet access is denied. This access is denied because we are using impersonation,
and our end-users do not (should not) have permissions to write to a custom
event log. We would like to know if someone out there has resolved this
problem without incorporating registry hacks, elevating end-user account
permissions to admin OR calling native code to logon as the account running
our Application Pool.
Ideally, we would like to use our Application Pool account identity to create the event log entries and we do not mind providing the necessary
permissions to this account
Details:
-Web App hosted on Windows 2003 server
-Web App is using a custom application pool, running under a specified identity -Web App uses its own (custom) event log
-Web App uses impersonation, thus we loose the application pool identity when trying to create an event log entry

Nov 18 '05 #3

I'm having the same problem. Unfortunately the link provided does not
apply to my situation because I create the EventLog source in my
ASP.NET app installer. The problem is that even after the EventLog
source is created, my ASP.NET app can not log to the custom event
source when running under Windows Server 2003. It works fine under
Windows 2000.

Details:

ASP.NET app
impersonation=true in web.config
can not elevate user accounts to admin group just for logging

Any ideas? I've found several people asking for help with this
situation but no solutions offered.

Scott
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> writes:
Hopefully this link will provide your answer:
http://support.microsoft.com/?id=329291 --
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"cjk" <an*******@discussions.microsoft.com> wrote in message
news:2A**********************************@microso ft.com...
Issue:
Our web application requires access to write to a custom event log, yet

access is denied. This access is denied because we are using impersonation,
and our end-users do not (should not) have permissions to write to a custom
event log. We would like to know if someone out there has resolved this
problem without incorporating registry hacks, elevating end-user account
permissions to admin OR calling native code to logon as the account running
our Application Pool.

Ideally, we would like to use our Application Pool account identity to

create the event log entries and we do not mind providing the necessary
permissions to this account

Details:
-Web App hosted on Windows 2003 server
-Web App is using a custom application pool, running under a specified

identity
-Web App uses its own (custom) event log
-Web App uses impersonation, thus we loose the application pool identity

when trying to create an event log entry


Nov 18 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by David Conorozzo | last post: by
reply views Thread by Scott Zabolotzky | last post: by
6 posts views Thread by MattC | last post: by
7 posts views Thread by Rob R. Ainscough | last post: by
3 posts views Thread by sammyloo | last post: by
2 posts views Thread by =?Utf-8?B?RWRkaWU=?= | last post: by
reply views Thread by mihailmihai484 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.