从ASP.NET MVC应用程序,以书面方式在事件日志时安全异常 [英] Security exception when writting to an EventLog from an ASP.NET MVC application
问题描述
我有我与包括写入 System.Diagnostics.EventLog 例如一些业务逻辑创建的库。图书馆通常从一个Windows服务应用程序调用,但现在我想从我的ASP.NET MVC应用程序中调用这些相同的库函数。
I have a library that I created with some business logic that includes writing to a System.Diagnostics.EventLog instance. The library is normally called from a Windows Service application, but now I'm trying to call those same library functions from my ASP.NET MVC application.
我想这code我的控制器创建我传递到需要写入日志的方法的EventLog实例中。
I tried this code inside my controller to create the EventLog instance that I pass into the method that needs to write to the log.
Dim log = New EventLog("Application", My.Computer.Name, "MyMVCApp")
在库法中的code试图写入日志中生成以下错误:
The following error is generated when the code within the library method tries to write to the log:
[SecurityException: Requested registry access is not allowed.]
System.ThrowHelper.ThrowSecurityException(ExceptionResource resource) +51
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable) +7462217
System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData) +366
System.Diagnostics.EventLog.VerifyAndCreateSource(String sourceName, String currentMachineName) +194
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) +205
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type) +14
我的web应用程序运行在Windows Server 2003上运行IIS 6上的网络服务用户有什么我需要为了给注册表中的网络服务的用户访问办?
My web app is running as the Network Service user on Windows Server 2003 running IIS 6. Is there something I need to do in order to give the Network Service user access to the registry?
有没有更好的方式,将ASP.NET MVC应用程序创建中使用的事件日志实例?有没有已经被框架创建一个我只需要引用?
Is there a better way to create an EventLog instance for use in an ASP.NET MVC application? Is there one already created by the framework that I just need to reference?
推荐答案
从MSDN:应用程序运行使用的网络服务标识可以写入事件日志使用的现有的事件源,但他们的不能创建新的事件源,因为注册表权限不足。
From MSDN: "Applications that run using the Network Service identity can write to the event log by using existing event sources, but they cannot create new event sources because of insufficient registry permissions."
和...
如果源作为与事件日志实例相关联的事件日志的不存在,新的事件源创建。
"If the Source for the event log associated with the EventLog instance does not exist, a new event source is created."
所以看起来像你的事件日志源不存在,它试图创建一个使用网络服务的用户(这需要写入注册表,所以不会工作)一个新的事件日志源。
So looks like your event log source doesn't exist, and it's trying to create a new event log source using the Network Service User (which requires writing to the registry, so wont work).
启用ASP.NET应用程序中使用已经不存在的事件源写入事件日志中,你有两个选择:
"To enable your ASP.NET application to write to the event log using an event source that does not already exist, you have two options:"
- 创建应用程序在新的事件源安装时间
- 手动在注册表中创建新的事件源条目。
所以,需要在应用程序之外创建日志(无法与该用户做编程。要么做手工,或创建一个简单的命令行应用程序,以简化安装)。
So, need to create the log outside of the application (you can't do it programatically with this user. Do it either manually, or create a simple command line app to simplify installation).
有关完整的详细信息:
的http://msdn.microsoft.com/en-us/library/ms998320.aspx#paght000015_eventlogaccess
个人而言,我会建议你不要改变净用户权限,而是创建Web应用程序之外的日志源。我的preference是一个控制台应用程序(这将带您约5分钟写的,它也可以使用preP其他机器)。在启动VS.NET一个新的控制台应用程序,并添加code创建日志源。举个例子:
http://www.dotnetspider.com/资源/ 23593-CREATE-事件日志VB-NET.aspx
然后,只需运行CMD线,拥有适当权限登录时,控制台应用程序。
这篇关于从ASP.NET MVC应用程序,以书面方式在事件日志时安全异常的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
