I have two ASP.NET web applications and in both I use EventLog.WriteEntry with a custom source name to write custom events to the application log.
Both on my programming machine and on the webserver this works in one of the applications, in the other it doesn't - I get a security exception:
[SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.]
Your problem on Windows authentication mode essentially similar with these problems:
The exception means that your web app tried to write on event log using a value given to "source" which has not been registered due to insufficent privilege on corresponding account.
When using Windows authentication mode to perform event log tasks, you need to give read permission on
NETWORK SERVICE account on
eventlog\Security key. Below are these steps to do:
NETWORK SERVICEor type it directly, then add the account.
If it still not enough, do actions below:
Open IIS Manager. Check the Identity column on
Application Pools section, it should given
When you need to change Identity, right click the application pool with Windows authentication, choose Advanced Settings.
Under Process Model, change
NetworkService, apply your edit and restart the application pool.
NetworkService identity is more preferred to
LocalSystem due to security vulnerability reasons.
Also you may try setting
<trust level="Full" /> in
web.config file, depending on security consideration.
If all solutions above still won't work, set Visual Studio on development machine or deployed app on web server to run as administrator privilege, gaining full access to Windows authentication event log. After all, it depends of your choice to ensure proper security measure was applied.