Yesterday I was putting the finishing touches on a .NET web service I wrote in C# which included logging events to the Windows Application log (using Server 2003) for exceptions [and a few informational things]. At first I used the standard nomenclature:
"EventLog.WriteEntry(source, message, EventLogEntryType.Error);"
Upon accessing the web service from another app I was a bit surprised to see this error:
"Cannot open log for source {0}. You may not have write access."
After a bit of research online I found this forum entry (link) at dotnet247.com. The first reply is from a Microsoft VIP that references adding the string "(A;;0x0002;;;AU)" to the end of the existing CustomSD value in the registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Application. He included several links to MSDN that explain why.
According to this MSDN article (Development Impacts of Security Changes in Windows Server 2003) the short reason why my original code didn't work is that there were several security restrictions added to IIS6 in Server 2003. One of which was tighter ACLs (Access Control List) on the event logs to restrict what accounts can read and write to the logs (application, system & security). Each log's security can now be configured locally via the following registry values:
The CustomSD value uses Security Descriptor Definition Language (SDDL) syntax to apply the ACLs. SDDL uses ACE strings to translate the ACLs in the registry.
I prefer to know what exactly I'm adding to my code and what security changes I'm making so I disected the string "(A;;0x0002;;;AU)" into these portions:
Anyway, that's how to enable event logging for an ASP.NET application. Once I added the string "(A;;0x0002;;;AU)" to the end of the existing string in the CustomSD value of the HKLM\System\CurrentControlSet\Services\Eventlog\Application key my web service was logging away like a happy little camper.
~tod
tags: eventlog dotnet asp
Email or RSS 1.0, RSS 2.0 & Atom
