I am trying to write to the event log from ASP.NET, on Windows XP SP1.
As soon as I try to write an event (or even query the source with
EventLog.SourceExists() or EventLog.LogNameFromSourceName()) I get a
SecurityException "Requested registry access is not allowed.".
I have read the KB article associated with this error message, which
indicates the source needs to be created outside of ASP.NET. I created an
Installer class, and ran InstallUtil against it successfully. I even
verified the source was created by writing to it from a command-line program
(as opposed to ASP.NET).
I have also used Regedt32 to grant the local ASPNET account has Full Control
permissions on the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog
registry key (and its children). I have rebooted the machine to make sure
the old permissions were not cached somewhere.
FYI, the event source writes to a custom event log (which was created by
running InstallUtil against my installer class).
The website is configured to allow Anonymous access, and I do not use
impersonation.
The exception details (I use a modified form of the EMAB to build the log
text) indicate the ThreadIdentityName is blank, and the WindowsIdentityName
is MACHINE\ASPNET.
What else needs to be done to allow ASP.NET to write to an event source in a
custom event log?
11  3543 
Hi Josh,
As for the problem you mentioned, I also feel a bit strange since you've
done all the general steps on the asp.net eventlog issue. Also, as
currently you still receive the "access denied" error, I suggest that you
try the following things:
1. Change the ASP.NET's process Account(in the <processModel> elemetn in
machine.config) from machine\aspnet to SYSTEM and see whehther it can work.
2.If Local SYSTEM account can work, there should still exist somethings
incorrect for the registry accessing.
I think you can use the regmon tool to have a look when calling the writing
evenlog code in asp.net and verify whether it is still the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog key that
cause the problem.
If there is any new finding, please feel free to post here.
Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
I used RegMon, and discovered it is definitely a registry security issue, but
I'm not sure how to resolve it. Here is the offending output from RegMon
(hopefully it is readable):
OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS Access:
0x20019
QueryKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS Subkeys = 4
EnumerateKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS Name:
Application
EnumerateKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS Name:
Security
EnumerateKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS Name:
System
EnumerateKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS Name:
ValueChain
OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Ap plication SUCCESS Access: 0x20019
OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Ap plication\VC
Authorization NOTFOUND
CloseKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Ap plication SUCCESS
OpenKey HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Se curity ACCDENIED Access: 0x20019 WXP-D20HT11\ASPNET
I am attempting to write to an event source "VC Authorization", in the
"ValueChain" custom log (not the Application log).
You can see that the access problem is on the EventLog\Security key. Should
it need access to the Security key, if I am writing to a custom log?
Something that might be related... when I originally created the event
source, I tried to create one called "Security", and associate it with my
custom "ValueChain" log. That failed, since the source "Security" already
existed (associated with the Security log) -- I didn't realize that sources
had to be unique across all logs. After that failed, I changed the source
name to "VC Authorization", and now get this error. I'm wondering if my
attempt to use the "Security" source has left remnants in my registry
somewhere, so attempts to write to my custom log still try to write to
Security as well. Is that possible? Is it possible to clean out these
associations? Of course, this could be complete unrelated. Any help would
be appreciated.
Hi Josh,
Thanks for your response. As you mentioned that you used to try creating
"Security" custom log under the EvetLog entry and then changed to "VC
Authorization" after that, and it seems that after it, the accessing to the
VC authentication will be incorrectly redirected to the "Eventlog/Security"
entiry and cause the "Access Denied" ?
I'm not sure whether this is your problem's actual cause. But since it is
not recommeded that we create eventlog entry ourself directly under the
EventLog entry. So think you can try deleting your custom logs under
EventLog node and also clear the other nodes you created under the
application node and try creating some new Application event sources to see
whether you can get them work.
Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Creating the event source mistakenly as "Security" is not the problem. I
tried running the code on a different computer - where I had not made the
mistake of trying to create a new "Security" event source - and I have the
same problem.
What do you mean it is not recommended that we create our own Event logs?
Is this documented somewhere? The Win32 API and the .NET Framework both
provide methods to create custom event logs, why would it not be recommended?
Creating event sources under the Application event log will not solve my
problem. I am trying to create an event source for a custom event log, as
the API provides.
"Steven Cheng[MSFT]" wrote: Hi Josh,
Thanks for your response. As you mentioned that you used to try creating
"Security" custom log under the EvetLog entry and then changed to "VC
Authorization" after that, and it seems that after it, the accessing to the
VC authentication will be incorrectly redirected to the "Eventlog/Security"
entiry and cause the "Access Denied" ?
I'm not sure whether this is your problem's actual cause. But since it is
not recommeded that we create eventlog entry ourself directly under the
EventLog entry. So think you can try deleting your custom logs under
EventLog node and also clear the other nodes you created under the
application node and try creating some new Application event sources to see
whether you can get them work.
Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hi Josh,
Thanks for your followup. I'm sorry for my incorrect info on the
=============
t is not recommended that we create our own Event logs
=================
I'm mistaken it from anything else and please forget it .
Also, as for the current status of this issue, can I state it as below:
You're able to accessing the EventSource under the "Application" log after
the guide in the http://support.microsoft.com/?id=842795
kb article , but still failed when trying to access a Custom EventLog under
the "\Service\EventLog" entry, yes? If so, I still think there're some
permission things we need to do and currrently I'll peform some local tests
on my side and will update you as soon as I got any findings. Also, if you
have any other update, please feel free to let me know. Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hi Josh,
Sorry for keep you waiting, after some tests, it seems that generally it's
ok for us to write custom event source in asp.net web application. I've
tested on a XP PRO (SP2) MACHINE(WITH 1.0 AND 1.1 .NET FRAMEWORK).
I log on using an Administrator account and create a Custom EventLog (also
with a source under it ) under the Service\EventLog registry key via a
winform application.
#You receive the "Requested registry access is not allowed" error message
when you try to create a custom event log http://support.microsoft.com/?id=842795
After that, I try writing event entries into that customlog source in an
asp.net web application which didn't use impersonate or windows
authentication( just running under the local machiine\aspnet account) and
that worked. Also, there doesn't occur security issues from accessing the
"Security log". So currently I'm not sure whether there're any othe steps
different from our creating process. Would you please try creating a new
customlog and write entry into it via the steps I mentioned above? Or you
can try it on another clean machine.
Please feel free let me know if you have any further updates or concerns.
Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
I am creating the custom event log and event source using an
EventLogInstaller and the InstallUtil.exe utiltity.
I changed my EventLogInstaller to create a new source in the Application
log. I then modified my assembly used by the ASP.NET website to write to
this new source, and it worked correctly.
I changed my EventLogInstaller back to its original state (creating a new
source in the custom "ValueChain" log). As part of the Installer class, I
have it write an entry to the new log, and it succeeds. I then update the
assembly used by the ASP.NET website to write to this new source (which goes
to a custom event log), run the website, and it fails with the "Requested
registry access is not allowed" exception.
I am not (and cannot) creating my event source using a WinForms application.
Is there a difference between calling that CreateEventSource() method, and
using the EventLogInstaller class?
I am running .NET Framework 1.1 on WinXP PRO SP1.
I just tried following the steps in http://support.microsoft.com/?id=842795
under "Grant permission to create a custom event log". Instead of the Users
group, I used the ASPNET account. In adddtion, while on the "Advanced"
permissions tab, I checked the "Replace permission entries on all child
objects with entries shown here that apply to child objects" box. After
applying this change, I was able to successfully write to my custom event log
from ASP.NET.
However, I don't believe this is a valid solution. I effectively gave the
ASPNET account rights to create event sources, which was not the goal. The
intent of the EventLogInstaller class is to allow you to create custom
sources from an administrator account, so that code running under
lesser-priveleged accounts (ASPNET) can use them. I should not need to give
the ASPNET account rights to create event sources, when I only need to write
to the event log.
Hi Josh,
Yes, the creating the customlog via winform or a custom Installer class
dosn't matter since I've tested on both and both are ok. Currently I'm
still thinking there maybe something configured different on your box. Is
your asp.net web application's Trust Level on that machine set as "Full" ?
This can be configured in machine.config or override in web.config file.
And only the "Full" level has unrestricted permission ot the EventLog, see
below;
#ASP.NET Code Access Security http://msdn.microsoft.com/library/en...etcodeaccessse
curity.asp?frame=true http://msdn.microsoft.com/library/en...ettrustlevelsp
olicyfiles.asp?frame=true
Also, you can try testing on some other XP machines to see whether the
asp.net app can write entries to CUSTOM LOG created via ourselves.
Hope helps. Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Hi Josh,
Have you got any progresses on this issue? If there is anything else we can
help, please feel free to post here. Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
I am having a similar problem. Trying to deploy a .NET Windows Service that
unfortunately creates Event Log sources at runtime. It is outside of scope of
our project to fix the code, nor can we easily enumerate the number/names of
the sources that need creating. Historically, the solution the customer has
been using to date was to give the service account local admin membership.
Not a great idea.
To resolve this, I tried giving explicit permissions to the service account
on the EventLog and custom EventLog registry keys, however this did not work
(even with Full control being granted and inherited!). However, once I
checked the box "Replace permission entries on all child objects with entries
shown here that apply to child objects", I was able to successfully drop the
local admin memberships.
Am I missing something? What did checking this box do that I couldn't have
done explicitly? I have even looked for differences in security descriptors
and don't see what this box has changed. Any insight would be greatly
appreciated!
Thanks,
Chris
"Josh Flanagan" wrote: I am creating the custom event log and event source using an
EventLogInstaller and the InstallUtil.exe utiltity.
I changed my EventLogInstaller to create a new source in the Application
log. I then modified my assembly used by the ASP.NET website to write to
this new source, and it worked correctly.
I changed my EventLogInstaller back to its original state (creating a new
source in the custom "ValueChain" log). As part of the Installer class, I
have it write an entry to the new log, and it succeeds. I then update the
assembly used by the ASP.NET website to write to this new source (which goes
to a custom event log), run the website, and it fails with the "Requested
registry access is not allowed" exception.
I am not (and cannot) creating my event source using a WinForms application.
Is there a difference between calling that CreateEventSource() method, and
using the EventLogInstaller class?
I am running .NET Framework 1.1 on WinXP PRO SP1.
I just tried following the steps in http://support.microsoft.com/?id=842795
under "Grant permission to create a custom event log". Instead of the Users
group, I used the ASPNET account. In adddtion, while on the "Advanced"
permissions tab, I checked the "Replace permission entries on all child
objects with entries shown here that apply to child objects" box. After
applying this change, I was able to successfully write to my custom event log
from ASP.NET.
However, I don't believe this is a valid solution. I effectively gave the
ASPNET account rights to create event sources, which was not the goal. The
intent of the EventLogInstaller class is to allow you to create custom
sources from an administrator account, so that code running under
lesser-priveleged accounts (ASPNET) can use them. I should not need to give
the ASPNET account rights to create event sources, when I only need to write
to the event log.
Hi Josh, Steven,
I had the exact same issue. It made me crazy, because another
application on my machine behave nicely.
Now I hope I can help you:
Try to prefix the name of your event log with '.'.
And here is why:
EMAB. class DefaultPublisher. method VerifyValidSource.
the following line has a bug
if (!EventLog.SourceExists(applicationName))
It is looking for event source simply by iterating through
all cildren entries of HKLM\SYSTEM\CurrentControlSet\Services\EventLog
in alphabetical order, as soon as it gets to the read-only 'Security'
.... well ... I guess, just to be secure, it stops right there
RegMon result on my machine is similar to Josh's...
It looks like starting event logs name with character [T-Z] it is not
an option ... for now. :(
Thanks,
AD v-******@online.microsoft.com (Steven Cheng[MSFT]) wrote in message news:<r0*************@cpmsftngxa10.phx.gbl>... Hi Josh,
Have you got any progresses on this issue? If there is anything else we can
help, please feel free to post here. Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Scott Emick |
last post by:
In my visual studio (enterprise arch. 2003) when I try to open my projects,
or add to a project a component (vb windows project)
I get a big red X inside a red frame and the error pops up:
The...
|
by: Brian Campbell |
last post by:
Gretings...
I have written a Windows Service that accesses a Web Service.
Both run fine on my development machine....
After installing both the Windows Service and Web Service on my
staging...
|
by: HK |
last post by:
I am exceuting the following command in C#
using Microsoft.Win32;
RegistryKey key = Registry.LocalMachine.OpenSubKey(KeyName);
I keep getting the exception "Requested registry access is not...
|
by: bfprog |
last post by:
Using IBM iSeries client access OLEDB provider to connect to DB2 on AS/400,
but cannot create connection using .NET web app. Using following code:
Dim cnTest As New...
|
by: LP |
last post by:
Hi,
My webservice is currently deployed on WIndows 2000 server and runs pretty
fine. I am trying to run my webservice on a Windows 2003 server. My
webservice tries to write to a eventlog. The...
|
by: Shane |
last post by:
Does anyone have any advise on how I can fix the error message shown below?
Thanks in advance for any ideas,
Shane
Server Error in '/' Application....
|
by: Ankit Aneja |
last post by:
This is my problem. I am using Visual 2003, .Net framework 1.1 and the
Application Block
I configured the DAAB using the Enterprise Library Configuration
now this is the error which is coming
...
|
by: Peter Ritchie |
last post by:
I'm writing a Web Service and I would like to add performance counter data
for monitoring performance of the Web Service's operations over time and load.
The problem is, I get the "Requested...
|
by: UK1967 |
last post by:
I wrote a ASP.NET application (Windows 2003 Enterprise Server, IIS, .NET
Framework 1.1). This application use the Windows (AD) account and
impersonation. Some functions in this application contact,...
|
by: JB |
last post by:
I am trying to access a registry key on computer like so:
key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine,
computerName).OpenSubKey(Subkey);
There are two keys I am trying to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |
