Ask a Question related to ASP.NET Security, Design and Development.
-
Eric #1
Event Log Source creation security hang up.
I want to have my trace statements log to the event viewer and have the
following test code in Page_Load:
If Not Page.IsPostBack Then
Try
System.Diagnostics.Trace.Listeners.Add(New
System.Diagnostics.EventLogTraceListener("CustomSo urce"))
System.Diagnostics.Trace.WriteLine("TestMsg", "Info-Test")
Catch e1 As Exception
Dim str As String = e1.Message
End Try
End If
I get a SecurityException with the message "Required registry access is not
allowed"
I'm not doing anything beyond the default with security at the moment.
Web.config is the default as far as security is concerned.
I am not sure the best approach. I may have to alter the ASPNET account's
permissions, or create the event log by hand (or in any future install
script) but I am reluctant do alter permissions of any accounts. I could
probably create the event log using a RegistryActions install segment but
I'm wondering if there is a better way to do it? Would I need to
impersonate an actual user? Would this work with Forms authentication?
Thanks.
Eric Guest
-
Sandbox Security and Data Source Permissions Error
I continually receive the following ColdFusion error when trying to login to some of my ColdFusion applications: 11:47:54.054 -... -
Error Creating Event Source
Hi, My web application which runs on Windows 2003 server writes to EventLog during application startup but I get the following exception ... -
Dynamic Datagrid Creation - ItemCommand event not firing
I am generating a dynamic datagrid that gets assigned to a cell within the parent grid. Here's the html: <asp:DataGrid id="dgPositions"... -
About: [SECURITY] [DSA-358-1] New kernel source and i386
What's not clear to me (unless I just missed in my coffee-less state) is what is required, if anything since I'm using: ii kernel-source-... -
why doesn't this script creation, from .aspx.vb work, for this event handler???
where szStartDate, szEndDate, szStatus, szMsgType, szClient, szFilter are all strings declared and containing data as this code executes... '... -
Joe Kaplan \(MVP - ADSI\) #2 Re: Event Log Source creation security hang up.
You should create the event log in advance with the privileged account.
That is the normal pattern for this type of issue. You can use a script or
an installer or do it by hand; whatever works.
It is a pain from your application's perspective, but in general you are
much better off from a security perspective if the ASP.NET account has as
few privileges as possible.
Joe K.
"Eric" <glorfindel02@hotmail.com> wrote in message
news:us4FJEQHEHA.2656@TK2MSFTNGP12.phx.gbl...not> I want to have my trace statements log to the event viewer and have the
> following test code in Page_Load:
> If Not Page.IsPostBack Then
>
> Try
>
> System.Diagnostics.Trace.Listeners.Add(New
> System.Diagnostics.EventLogTraceListener("CustomSo urce"))
>
> System.Diagnostics.Trace.WriteLine("TestMsg", "Info-Test")
>
> Catch e1 As Exception
>
> Dim str As String = e1.Message
>
> End Try
>
> End If
>
> I get a SecurityException with the message "Required registry access is> allowed"
>
> I'm not doing anything beyond the default with security at the moment.
> Web.config is the default as far as security is concerned.
>
> I am not sure the best approach. I may have to alter the ASPNET account's
> permissions, or create the event log by hand (or in any future install
> script) but I am reluctant do alter permissions of any accounts. I could
> probably create the event log using a RegistryActions install segment but
> I'm wondering if there is a better way to do it? Would I need to
> impersonate an actual user? Would this work with Forms authentication?
>
> Thanks.
>
>
>
>
Joe Kaplan \(MVP - ADSI\) Guest
-
Eric #3 Re: Event Log Source creation security hang up.
Thanks. I had sort of settled on that as the way to go. I'm not sure how
to create the event log source in an installation script, though. If I go
directly to the registry, I could use a Registry Editor action, or a Custom
Action if want to write some code to do it, which may be the way to go.
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OIQlXjQHEHA.3200@TK2MSFTNGP10.phx.gbl...or> You should create the event log in advance with the privileged account.
> That is the normal pattern for this type of issue. You can use a scriptaccount's> an installer or do it by hand; whatever works.
>
> It is a pain from your application's perspective, but in general you are
> much better off from a security perspective if the ASP.NET account has as
> few privileges as possible.
>
> Joe K.
>
> "Eric" <glorfindel02@hotmail.com> wrote in message
> news:us4FJEQHEHA.2656@TK2MSFTNGP12.phx.gbl...> not> > I want to have my trace statements log to the event viewer and have the
> > following test code in Page_Load:
> > If Not Page.IsPostBack Then
> >
> > Try
> >
> > System.Diagnostics.Trace.Listeners.Add(New
> > System.Diagnostics.EventLogTraceListener("CustomSo urce"))
> >
> > System.Diagnostics.Trace.WriteLine("TestMsg", "Info-Test")
> >
> > Catch e1 As Exception
> >
> > Dim str As String = e1.Message
> >
> > End Try
> >
> > End If
> >
> > I get a SecurityException with the message "Required registry access is> > allowed"
> >
> > I'm not doing anything beyond the default with security at the moment.
> > Web.config is the default as far as security is concerned.
> >
> > I am not sure the best approach. I may have to alter the ASPNETcould> > permissions, or create the event log by hand (or in any future install
> > script) but I am reluctant do alter permissions of any accounts. Ibut> > probably create the event log using a RegistryActions install segment>> > I'm wondering if there is a better way to do it? Would I need to
> > impersonate an actual user? Would this work with Forms authentication?
> >
> > Thanks.
> >
> >
> >
> >
>
Eric Guest
-
Joe Kaplan \(MVP - ADSI\) #4 Re: Event Log Source creation security hang up.
I was thinking the custom action route with an installer class and an
installer you build in VS. I think that is easiest by a long shot.
Joe K.
"Eric" <glorfindel02@hotmail.com> wrote in message
news:uRf3vfSHEHA.3528@TK2MSFTNGP09.phx.gbl...Custom> Thanks. I had sort of settled on that as the way to go. I'm not sure how
> to create the event log source in an installation script, though. If I go
> directly to the registry, I could use a Registry Editor action, or aas> Action if want to write some code to do it, which may be the way to go.
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:OIQlXjQHEHA.3200@TK2MSFTNGP10.phx.gbl...> or> > You should create the event log in advance with the privileged account.
> > That is the normal pattern for this type of issue. You can use a script> > an installer or do it by hand; whatever works.
> >
> > It is a pain from your application's perspective, but in general you are
> > much better off from a security perspective if the ASP.NET account hasthe> > few privileges as possible.
> >
> > Joe K.
> >
> > "Eric" <glorfindel02@hotmail.com> wrote in message
> > news:us4FJEQHEHA.2656@TK2MSFTNGP12.phx.gbl...> > > I want to have my trace statements log to the event viewer and haveis> > > following test code in Page_Load:
> > > If Not Page.IsPostBack Then
> > >
> > > Try
> > >
> > > System.Diagnostics.Trace.Listeners.Add(New
> > > System.Diagnostics.EventLogTraceListener("CustomSo urce"))
> > >
> > > System.Diagnostics.Trace.WriteLine("TestMsg", "Info-Test")
> > >
> > > Catch e1 As Exception
> > >
> > > Dim str As String = e1.Message
> > >
> > > End Try
> > >
> > > End If
> > >
> > > I get a SecurityException with the message "Required registry accessauthentication?> account's> > not> > > allowed"
> > >
> > > I'm not doing anything beyond the default with security at the moment.
> > > Web.config is the default as far as security is concerned.
> > >
> > > I am not sure the best approach. I may have to alter the ASPNET> could> > > permissions, or create the event log by hand (or in any future install
> > > script) but I am reluctant do alter permissions of any accounts. I> but> > > probably create the event log using a RegistryActions install segment> > > I'm wondering if there is a better way to do it? Would I need to
> > > impersonate an actual user? Would this work with Forms>> >> > >
> > > Thanks.
> > >
> > >
> > >
> > >
> >
>
Joe Kaplan \(MVP - ADSI\) Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
