Re: EventLogPermission via caspol.exe

From: Nicole Calinoiu (calinoiu)
Date: 04/28/05

• Next message: poz: "wrapp RSA ACE/AGENT AUTHENTICATION API in C#"
• Previous message: xarky d_best: "Re: Securing an ASP.Net application"
• In reply to: Mark A. Richman: "Re: EventLogPermission via caspol.exe"
• Next in thread: Mark A. Richman: "Re: EventLogPermission via caspol.exe"
• Reply: Mark A. Richman: "Re: EventLogPermission via caspol.exe"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 28 Apr 2005 08:15:08 -0400

"Mark A. Richman" <nospam@nospam.com> wrote in message
news:uT1dDyySFHA.2324@TK2MSFTNGP10.phx.gbl...
> Nicole,
>
> Firstly, I am not attempting to log from ASP.NET directly, but from a
> dependent assembly (albeit in the same process space - effectively the
> same thing, I assume).

Pretty much. When EventLogPermission is demanded from within the .NET
Framework code you are calling, both the ASP.NET application and your
intermediary assembly must have the permission in order for the demand to
pass (at least under "usual" circumstances).

> I am loading the web app and assemblies over UNC.
> I am also impersonating a Domain Admin account in my web.config.

That's extremely risky. Are you doing this simply for troubleshooting
purposes, or do you plan to run the application under an admin account in
production? If the latter, you may want to reconsider...

> My trust
> level is the default setting of "Full". I have tried various caspol
> commands such as "caspol -m -fulltrust
> \\mydomain\dfsroot\dfslink\myapp\bin\myassembly.dll" with no luck.

Chances are good that you're not creating quite the right policy changes
when using caspol. However, before attempting to troubleshoot your caspol
use, have you confirmed that the application runs as expected if the
assemblies reside on the local machine rather than elsewhere on the network?

> The full stack trace is as follows (with real names obscured to protect
> the innocent):
>
> System.Security.SecurityException: Request for the permission of type
> 'System.Diagnostics.EventLogPermission, System, Version=2.0.0.0,
> Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
   at System.Security.CodeAccessSecurityEngine.Check(PermissionToken
permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32
checkFrames, Int32 unrestrictedOverride)
   at System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission
cap, StackCrawlMark& stackMark)
   at System.Security.CodeAccessPermission.Demand()
   at System.Diagnostics.EventLog.SourceExists(String source, String
machineName)
   at System.Diagnostics.EventLog.SourceExists(String source)
   at MyException..ctor(Object oSource, Int32 nCode, String sMessage,
Exception oInnerException, Boolean bLog)
   at MyAssembly.Foo() in
\\mydomain\dfsroot\dfslink\myapp\App_Code\Blah.cs:line 125
Thank you so much!

-- 
Mark A. Richman
  "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:u5d9fJySFHA.140@TK2MSFTNGP10.phx.gbl...
  Mark,
  What trust level is set for ASP.NET on your machine?  (You can check this
is
  in the %WINDIR%\Microsoft.NET\Framework\v2.0.<build>\CONFIG\web.config
  file.)  If it's not full trust, then you'll need to ensure that both your
  ASP.NET application and your other assembly are granted the necessary
  EventLogPermission under the policy specified in the appropriate
  web_<level>trust.config file.
  That said, writing to the event log from a web application is not
  necessarily such a wonderful idea in the first place.  If feasible, it
might
  be a better solution to log to a different target rather than adjusting
your
  application's permissions to allow writing to the event log.
  HTH,
  Nicole
  "Mark A. Richman" <nospam@nospam.com> wrote in message
  news:eGzLovqSFHA.3640@TK2MSFTNGP14.phx.gbl...
  > I am getting an EventLogPermission exception when calling my assembly
from
  > an ASP.NET 2.0 app. I tried setting the assembly to FullTrust via
  > caspol.exe, but I still get this exception. Any ideas? I am loading the
  > web app and assemblies over UNC.
  -- 
  MARK RICHMAN

---

• Next message: poz: "wrapp RSA ACE/AGENT AUTHENTICATION API in C#"
• Previous message: xarky d_best: "Re: Securing an ASP.Net application"
• In reply to: Mark A. Richman: "Re: EventLogPermission via caspol.exe"
• Next in thread: Mark A. Richman: "Re: EventLogPermission via caspol.exe"
• Reply: Mark A. Richman: "Re: EventLogPermission via caspol.exe"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: EventLogPermission via caspol.exe ... "Mark A. Richman" wrote in message ... "Nicole Calinoiu" wrote in message ... > web app and assemblies over UNC. ... (microsoft.public.dotnet.security) Re: EventLogPermission via caspol.exe ... at System.Diagnostics.EventLog.SourceExists(String source, String machineName) ... writing to the event log from a web application is not ... "Mark A. Richman" wrote in message ... > web app and assemblies over UNC. ... (microsoft.public.dotnet.security) Re: EventLogPermission via caspol.exe ... at System.Diagnostics.EventLog.SourceExists(String source, String machineName) ... writing to the event log from a web application is not ... "Mark A. Richman" wrote in message ... > web app and assemblies over UNC. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Adding Custom Naviation Page Item ... [MVP - Outlook] ... "Mark A. Richman" wrote in message ... > Is there any way to add a custom navigation pane button/item to the ... (microsoft.public.outlook) Assembly/Part origins in SW2006 ... parts into assemblies. ... The typical 'click green check mark' or 'click ... part origin onto the assy origin is NOT working. ... fixed components are moving to a new location. ... (comp.cad.solidworks)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2005-04