Re: Event Log Source creation security hang up.
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 04/08/04
- Next message: Anthony Christianson: "PrincipalPermission Attribute and Nested Groups"
- Previous message: Simon Storr: "Get DefaultCredentials of one web app into another?"
- In reply to: Eric: "Re: Event Log Source creation security hang up."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 8 Apr 2004 12:44:56 -0500
I was thinking the custom action route with an installer class and an
installer you build in VS. I think that is easiest by a long shot.
Joe K.
"Eric" <glorfindel02@hotmail.com> wrote in message
news:uRf3vfSHEHA.3528@TK2MSFTNGP09.phx.gbl...
> Thanks. I had sort of settled on that as the way to go. I'm not sure how
> to create the event log source in an installation script, though. If I go
> directly to the registry, I could use a Registry Editor action, or a
Custom
> Action if want to write some code to do it, which may be the way to go.
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:OIQlXjQHEHA.3200@TK2MSFTNGP10.phx.gbl...
> > You should create the event log in advance with the privileged account.
> > That is the normal pattern for this type of issue. You can use a script
> or
> > an installer or do it by hand; whatever works.
> >
> > It is a pain from your application's perspective, but in general you are
> > much better off from a security perspective if the ASP.NET account has
as
> > few privileges as possible.
> >
> > Joe K.
> >
> > "Eric" <glorfindel02@hotmail.com> wrote in message
> > news:us4FJEQHEHA.2656@TK2MSFTNGP12.phx.gbl...
> > > I want to have my trace statements log to the event viewer and have
the
> > > following test code in Page_Load:
> > > If Not Page.IsPostBack Then
> > >
> > > Try
> > >
> > > System.Diagnostics.Trace.Listeners.Add(New
> > > System.Diagnostics.EventLogTraceListener("CustomSource"))
> > >
> > > System.Diagnostics.Trace.WriteLine("TestMsg", "Info-Test")
> > >
> > > Catch e1 As Exception
> > >
> > > Dim str As String = e1.Message
> > >
> > > End Try
> > >
> > > End If
> > >
> > > I get a SecurityException with the message "Required registry access
is
> > not
> > > allowed"
> > >
> > > I'm not doing anything beyond the default with security at the moment.
> > > Web.config is the default as far as security is concerned.
> > >
> > > I am not sure the best approach. I may have to alter the ASPNET
> account's
> > > permissions, or create the event log by hand (or in any future install
> > > script) but I am reluctant do alter permissions of any accounts. I
> could
> > > probably create the event log using a RegistryActions install segment
> but
> > > I'm wondering if there is a better way to do it? Would I need to
> > > impersonate an actual user? Would this work with Forms
authentication?
> > >
> > > Thanks.
> > >
> > >
> > >
> > >
> >
> >
>
>
- Next message: Anthony Christianson: "PrincipalPermission Attribute and Nested Groups"
- Previous message: Simon Storr: "Get DefaultCredentials of one web app into another?"
- In reply to: Eric: "Re: Event Log Source creation security hang up."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
