log4net - Appenders not working in IIS7.5

2019-01-06 17:34发布

问题:

I am able to write to a log file using log4net and Cassini/IIS dev server, but when I use IIS7.5, I can't write out to a file.

Initially, I got a security exception, so I added requirePermission="false" and the exception went away but no file was created.

The trust level is full according to IISM.

I can't get this working on my own machine, I'm wondering what's going to happen when I transfer to an ISP (discountASP).

Here's the log4net setup:

<configSections>
    <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" requirePermission="false"  />
</configSections>

<log4net>
    <appender name="FileAppender" type="log4net.Appender.FileAppender">
        <file value="log-file.txt" />
        <appendToFile value="true" />
        <encoding value="utf-8" />
        <layout type="log4net.Layout.SimpleLayout" />
    </appender>
    <root>
        <level value="DEBUG" />
        <appender-ref ref="FileAppender" />
    </root>
</log4net>

C#

log4net.Config.XmlConfigurator.Configure();
ILog Log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
Log.Info("This is a test");

Any clues?

ASP.NET 3.5, VS2008, Windows 7, IIS7.5, log4net 1.2.10

EDIT:

I used the test web app that ran in Cassini and ran it in IIS7.5 and it worked so there's something specific to my web application that's preventing log4net from running. There's alot going on in it, ELMAH, output caching, AJAX Control Toolkit, forms authentication, ssl, url rewriting, etc... Other than adding each of those on to the test app, is there a better way to figure out what's causing log4net to work?

UPDATE:

I used the AdoNetAppender to stay away from the file permission problems and am still getting the same result. The AdoNetAppender works for the test app running on Cassini and IIS, but it doesn't work on my web app. Getting the following exception:

System.Security.SecurityException: Request for the permission of type 'System.Configuration.ConfigurationPermission, System.Configuration...' failed.

UPDATE 2: I was mistaken that the test webapp fileAppender worked in IIS7.5. This is what happens: The test webapp fileAppender and AdoDotNetAppender both work in Cassini/IIS dev, but not in IIS7.5. So I think it's IIS that's the problem, not my webapp.

Note. I am running VS2008 as Admin, but am logged into Windows 7 as a nonAdmin. Also, I'm running Windows 7 Home Premium, not Professional.

I granted NETWORK SERVICE full permission to the web root directory and still no file created. Also gave EVERYONE full permission, no file.

Since the adoDotNetAppender didn't work either (but did in dev IIS), I think there may be another issue in addition to the file permissions.

UPDATE 3:

I got it to work for the FileAppender on IIS7. If I add this:

<identity impersonate="true"
    userName="zzz"
    password="yyy" />

and if the user is an admin, it works. If it's me, not an admin, it doesn't. So it's a permissions issue. But I did grant EVERYONE rights to the directory the file is written to before and it didn't work, so there's a permission setting elsewhere. Also, while the FileAppender now works with the impersonation, the AdoNetAppender stil doesn't in IIS7. I tried adding:

<securityContext type="log4net.Util.WindowsSecurityContext">
    <userName value="zzz" />
    <password value="yyy" />
    <domain value="aaa" />
</securityContext>

to the AdoNetAppender section, but still getting silent fail.

I added a bounty for anyone who can help me get the AdoNetAppender working with IIS7.5.

UPDATE 4:

I finally got a hold of the stack trace. Here it is:

log4net:ERROR [AdoNetAppender] Failed in DoAppend
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
       at log4net.Util.LogicalThreadContextProperties.GetProperties(Boolean create)
       at log4net.Core.LoggingEvent.CreateCompositeProperties()
       at log4net.Core.LoggingEvent.CacheProperties()
       at log4net.Core.LoggingEvent.FixVolatileData(FixFlags flags)
       at log4net.Core.LoggingEvent.set_Fix(FixFlags value)
       at log4net.Appender.BufferingAppenderSkeleton.Append(LoggingEvent loggingEvent)
       at log4net.Appender.AppenderSkeleton.DoAppend(LoggingEvent loggingEvent)
The action that failed was:
LinkDemand
The type of the first permission that failed was:
System.Security.Permissions.SecurityPermission
The Zone of the assembly that failed was:
MyComputer

I had the SQL Profiler on and nothing made it to SQL Server. Also, the SQL Server account has the proper privileges to do the insert. Also, I removed the SecurityContext section as log4net did not recognize part of it.

回答1:

You can enable log4net internal debugging by adding the key log4net.Internal.Debug to your application configuration file.

<appSettings>
    <add key="log4net.Internal.Debug" value="true"/>
</appSettings>

This will write debug messages to the console and the System.Diagnostics.Trace system. You can then log these messages to a text file by adding a trace listener to you configuration file. Make sure the application has permission to write to the file.

<system.diagnostics>
    <trace autoflush="true">
        <listeners>
            <add 
                name="textWriterTraceListener" 
                type="System.Diagnostics.TextWriterTraceListener" 
                initializeData="C:\tmp\log4net.txt" />
        </listeners>
    </trace>
</system.diagnostics>

Alternatively, trace messages are also written to the system debugger, so you can use a utility like DebugView to capture the messages. See the log4Net FAQ for more details.



回答2:

I finally got it working, i added

<trust level="Full" />

to system.web.

With medium, the AdoNetAppender stops working, but the FileAppender still works for medium and high.



回答3:

Use a tool like Process Monitor and spy on the IIS process. I suspect it is trying to create the log file in a directory the IIS account has no access to.

Following on from that test, specify an absolute path to the log file that you know the IIS process has access to.



回答4:

Did you go into windows explorer and check the correct users (NETWORK SERVICE ?) have write permissions?



回答5:

I had this same problem. I solved it by changing the IIS 7 configuration. Rather easy...

Go to the application pool advanced settings and set "Load User Profile" to true! Then make sure that IUSR (IIS user) have permission to write to the logs path.

Additionally, usually, I add support for 32 bit applications, this is useful when you download and use assemblies from 3rd parties, where you don't know if they were complied for 32, 64 or independent.

I found this by reading this article: http://learn.iis.net/page.aspx/624/application-pool-identities/

Best regards, Tiago.



回答6:

Try giving IIS AppPool\DefaultAppPool user full permission to the log directory. That has helped me at least once.