EventLog permission failing in ASP.Net on Win7

2019-05-11 06:09发布

问题:

I have an ASP.Net app .net 3.5 SP1, running in Win7 . During the login process, something within the ASP.Net login control is causing a write to the security log (this sounds acceptable to me) in the event log. The problem is that it seems the app doesn't have permission to do this. There error is:

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

The stack trace doesn't show a single line of code from my application, its all in the framework. The last 5 lines are: System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0 System.Security.CodeAccessPermission.Demand() +61 System.Diagnostics.EventLog..ctor(String logName, String machineName, String source) +125 System.Diagnostics.EventLog..ctor() +24 System.Diagnostics.EventLog.WriteEntry(String source, String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) +52

This same app works fine on XP SP2. I've hunted around and can't find how to give permissions. I've tried running hte app pool as LocalSystem and ApplicationPoolIdentity.

Whats the easiest way to get this running? Its my local dev machine and I don't care if I open up security holes, as long as I don't have to modify code (ie I need the solution to be an INETMGR change or web.config or some local permissions, etc).

Thanks!

回答1:

This link appears to discuss the issue you are having. I am not sure about the differences between the default CAS (code access security) on XP vs. win 7, however the assembly writing to the event log (and all calling assemblies) must have EventLogPermission.

You can add the AllowPartiallyTrustedCallers attribute or sign the assembly with a strong name key.



回答2:

If you are writing to the default Application log you need to provide permisson to the LocalSystem before using it inside app pool. Open RegistryEdit and goto

 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application

RightClick over the Applicatuion and click permissions

If the user(LOCALSYSTEM) is not present in the list then Add and Allow full Control