Re: security exception within Microsoft Application Block ExceptionManager.vb

From: Hazzard (hazz_at_sonic.net)
Date: 05/29/03 

Date: Wed, 28 May 2003 16:09:33 -0700

Thank you Matjaz !
Back to work. I am in the registry now.
I guess I should have continued on into Building Secure ASP.NET....
Page 174 and 175. Accessing the Event Log was right there in the table of
contents.
I will post a reply after I have reached the light at the other end. Thank
you for the flashlight.

Appreciatively,
Greg Hazzard

"Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
news:e0TquLWJDHA.336@tk2msftngp13.phx.gbl...
> If you set impersonation = true that you were impersonating IUSR account
(If
> you had enabled anonymous on your IIS). To verify use
> WindowsIdentity.GetCurrent().Name in your ASP.NET application.
> ASPNET account doesn't have permission to create EventLog's, so it is
> advised (also in the pdf you mentioned) , to pre-create EventLog's by
> installation program. Don't leave you ASP.NET application in charge of
> creating Event's log.
> Quote taken from Building Secure ASP.NET....
>
> Accessing the Event Log
> Least privileged accounts have sufficient permissions to be able to write
> records to the event log by using existing event sources. However, they do
> not have sufficient permissions to create new event sources. This requires
a
> new entry to be placed beneath the following registry hive.
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\<log>
> To avoid this issue, create the event sources used by your application at
> installation time, when administrator privileges are available. A good
> approach is to use a .NET installer class, which can be instantiated by
the
> Windows Installer (if you are using .msi deployment) or by the
> InstallUtil.exe system utility if you are not.
>
> If you are unable to create event sources at installation time, you must
add
> permission to the following registry key and grant access to the ASP.NET
> process account (of any impersonated account if your application uses
> impersonation).
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
> The account(s) must have the following minimum permissions:
>
> a.. Query key value
> b.. Set key value
> c.. Create subkey
> d.. Enumerate subkeys
> e.. Notify
> f.. Read
> The following code can be used to write to the Application event log from
> ASP.NET once permissions have been applied to the registry:
>
> string source = "Your Application Source";
> string logToWriteTo = "Application";
> string eventText = "Sample Event";
>
> if (!EventLog.SourceExists(source))
> {
> EventLog.CreateEventSource(source, logToWriteTo);
> }
> EventLog.WriteEntry(source, eventText, EventLogEntryType.Warning,
> 234);
> Regards
>
> Matjaz Ladava
>
> "Hazzard" <hazz@sonic.net> wrote in message
> news:u%23bR6CWJDHA.1656@TK2MSFTNGP10.phx.gbl...
> > 70 KB .JPG attached as reference - Exhibit A.
> >
> > How do I solve this? Impersonation = true in machine.config or
web.config
> > does not work.
> >
> > I did remove ASP.NET from Group Administrator Policy - which not only
did
> > not solve the problem but also would likely give away the store in a
> virtual
> > looting as I understand and do not want to ever test.
> >
> > I feel like I a well rounded solutions provider but I moments like this
> put
> > me in the 'developer in distress' category.
> >
> > I am getting better on the theory - impersonation - delegation - iis -
> > IUSR - windows authentication --- but I am still in the paint by number
> mode
> > here.
> >
> > I was ready to plunge back into the 608 pages of secnet.pdf - Building
> > Secure ASP.NET Applications..well, I am plunging back into it as I
write..
> >
> > but if someone can help....I would be very grateful. (shouldn't it be
> > greatfull?) i would be full of great...
> >
> > Appreciatively,
> >
> > Greg Hazzard
> >
> >
> >
>
>

Relevant Pages

  • Re: installing games so other users can access and save their game
    ... Okay here's what I've found in the registry looking at the permissions in the ... " or "OWNER" or my account (which is actually the Owner ... Hit a few times and exited the registry and the rebooted. ... below labeled "Change owner to:" it listed 2 names, "Administrators ...
    (microsoft.public.games)
  • Re: Modifying the Registry
    ... Permissions, other boxes unchecked ... "Will Denny" wrote in message ... Right click on the appropriate setting in the Registry and select ... What have you got enabled for your User Account? ...
    (microsoft.public.windowsxp.general)
  • Re: Windows Service - Event Log
    ... writing to the registry (HKLM). ... that I am too) are talking about creating an Event Log, ... Administrators group on the local machine, or the local System account. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Quickbooks Pro 2002 in limited user account
    ... I am having a simular problem with a photo editing program I purchased, "Corel Paint Shop Pro XI" where it refuses to run properly under a Limited Account & is continually attempting to self-install under the Guest Account. ... It is throwing out error after error in Event Viewer and the Corel technical department claims "registry permissions is not covered under the warranty". ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Server Application Unavailable
    ... had some permissions problem a few weeks ago that I managed to fix. ... and over produces no record of a problem in the event log. ... directory allow access to the configured account. ... That user must have permissions on quite a few folders to get things to ...
    (microsoft.public.dotnet.framework.aspnet)