I haven't had to deal with the security stuff before now, and I can't seem
to get started. I have a web service, and I want to log to the event log.
When I try to create my event source I get a security exception that it
can't write to the registry. I have tried using the framework configuration
tool to mark the code as fully trusted (not a good thing, but I just wanted
to see if the code was working), but that didn't work.

Any idea on what I have to put into the code to make this happen?

Also, anyone know any good books or articles on using the security model?

Thanks

It is probably a Windows-based security error (UnauthorizedAccessException)
instead of a .NET Code Access Security problem (SecurityException).
Generally, the ASP.NET account does not have permission to create event
sources or check to see if they exist. It can only write to them.

Normally I solve this problem by creating the event log at install time
using Administrator privileges. You can also elevate the privileges of the
ASP.NET account, but that isn't a good idea, especially if this is the only
reason you need to do that.

Also, if you are on Win2K3, there are some issues with creating custom event
logs as well. If that applies to you, you might want to search this group
or MS support for more info.

Joe K.

"Michael Bird" <birdm @ symbol . com> wrote

Actually, it is a SecurityException; and even if I put the IUSR and IWAM
accounts into the Administrators group just to check, I still get the
exception.


"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan (AT) removethis (DOT) accenture.com> wrote
in message news:#mfiUmGWEHA.2844 (AT) TK2MSFTNGP09 (DOT) phx.gbl...

Strike one for Kaplan! The error you are getting is not the more common
scenario then.

Is the web application configured to run in partial trust mode? Is there
anything in the securityPolicy element in web.config?

Typically, web applications run with Full Trust, so CAS doesn't enter into
the picture, but it sounds like that is not the case here.

The config element may be up the chain in one of the higher level web.config
files or in machine.config.

Joe K.


"Michael Bird" <birdm @ symbol . com> wrote

Your first suggestion of fixing the problem by creating the event log source
ahead of time did the trick. Thanks for that one. Now I still need to
better understand how code-access security works and where the limit to not
allow the code to write to the registry was coming from since it wasn't the
trust on the code or the user account priveleges...


"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan (AT) removethis (DOT) accenture.com> wrote
in message news:#l1$HaIWEHA.3740 (AT) TK2MSFTNGP12 (DOT) phx.gbl...

Glad that worked. I'm still confused about what the actual problem was too.
You said it was a SecurityException which leads me to believe it was a CAS
problem (partial trust), but that isn't clear it was the case. Maybe
someone else will chime in.

Joe K.

"Michael Bird" <birdm @ symbol . com> wrote