如何获取EventLog将用户名记录到Window Event Log中? [英] How to get EventLog to record user name into Window Event Log?
问题描述
我正在写 Windows事件日志使用C#.我可以设置mmc.exe计算机管理"工具中可见的每个字段,但用户"字段除外.
I'm writing to the windows event log using C#. I can set every field visible in the mmc.exe "Computer Management" tool, except for the User field.
客户端应用程序是ASP.NET,并使用表单身份验证.
The client application is ASP.NET and uses forms authentication.
public static void WriteOnce()
{
EventLog log = new EventLog("MyApp");
if (!EventLog.SourceExists("MySource"))
{
EventSourceCreationData data = new EventSourceCreationData("MySource", "MyApp");
EventLog.CreateEventSource(data);
}
log.Source = "MySource";
log.WriteEntry("Hello World", EventLogEntryType.Information,123,456,new byte[]{1,2,3});
}
更新:我在ASP.NET中进行了检查,即使设置了identityimpersonation = true&身份验证= Windows,仍然没有用户.
UPDATE: I checked, in ASP.NET even if set identity impersonation=true & authentication=windows and still no user.
我还在控制台应用程序中检查了没有用户.
I also checked, in a console app, no user.
推荐答案
尽管似乎没有完全托管的方法,但我找到了一个博客文章来说明如何做到这一点.要捕获用户ID,您必须使用pinvoke/本机方法调用.
I found a blog entry that explains how to do it, although there doesn't seem to be a completely managed way to do it. To capture the user Id, you have to use pinvoke/native method calls.
http://www.infosysblogs.com/microsoft/2007/09 /logging_events_with_user_detai_1.html
对于上述情况,它将用户登录为ASPNET或NETWORK SERVICES,或者将用户登录为控制台应用程序. api调用本身采用指向SID的指针参数.我没有尝试过欺骗的可能性.
For the above, it logs the user as ASPNET or NETWORK SERVICES, or the logged in user for console apps. The api call itself takes a pointer parameter to a SID. I didn't try to see if spoofing was possible.
JPucket可能是正确的,在系统事件日志中获取表单身份验证用户ID的唯一方法是通过消息字段.
JPucket may be right, that the only way to get the ID of a forms authenticated user in the System Event Log is via the message field.
这篇关于如何获取EventLog将用户名记录到Window Event Log中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
