Jan Jan - 1 year ago 88
ASP.NET (C#) Question

Two web applications, one error when writing to the eventlog

I have two ASP.NET web applications and in both I use EventLog.WriteEntry with a custom source name to write custom events to the application log.

Both on my programming machine and on the webserver this works in one of the applications, in the other it doesn't - I get a security exception:

[SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.]

I am wondering why this happens, both web applications are identical (as far as I see it). The only difference from a security point of view is the authentication mode: one uses Forms (there Eventlog.WriteEntry works) and one uses Windows (here it doesn't work). Can this be the reason?

Giving "everyone" read access to the application log doesn't change this behavior.

Answer Source

Your problem on Windows authentication mode essentially similar with these problems:

System.Security.SecurityException when writing to Event Log

System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.

The exception means that your web app tried to write on event log using a value given to "source" which has not been registered due to insufficent privilege on corresponding account.

When using Windows authentication mode to perform event log tasks, you need to give read permission on NETWORK SERVICE account on eventlog\Security key. Below are these steps to do:

  1. Open Regedit (Registry Editor).
  2. Go to HKLM\SYSTEM\CurrentControlSet\services\eventlog\Security
  3. Right click the branch, select "Permissions".
  4. Click "Add", find RDN named NETWORK SERVICE or type it directly, then add the account.
  5. Under "Permissions for Network Service", check "Read" or "Full Control" to give the read permission, then apply the change.
  6. Restart your application pool on IIS host.

If it still not enough, do actions below:

  1. Open IIS Manager. Check the Identity column on Application Pools section, it should given LocalSystem or NetworkService.

  2. When you need to change Identity, right click the application pool with Windows authentication, choose Advanced Settings.

  3. Under Process Model, change ApplicationPoolIdentity to LocalSystem or NetworkService, apply your edit and restart the application pool.

NB: NetworkService identity is more preferred to LocalSystem due to security vulnerability reasons.

Also you may try setting <trust level="Full" /> in web.config file, depending on security consideration.

If all solutions above still won't work, set Visual Studio on development machine or deployed app on web server to run as administrator privilege, gaining full access to Windows authentication event log. After all, it depends of your choice to ensure proper security measure was applied.