Cannot write to event log when web application uses formsauthentication

Hi. I have created a web application. When using authentication
mode="Windows", writing to the events log (which I created in a
console application that was run as administrator.) works ok.
However, when I use forms authentication, it doesn't write to the
events log anymore. There are no error messages on the page displayed,
nor in the application log or security log. I have tried the following
(individually and separately), but none of it works (For your
information, the newly created event log name is "MyApp", the
eventSource is also "MyApp").

1. For the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es
\Eventlog\MyApp, I have granted full control for the user "ASPNET".

Then grant the permission on the file C:\windows\system32\config
\MyApp.evt to be full control for ASPNET.

2. For the key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\MyApp, I
have granted full control for the user "NETWORK SERVICE".

Then grant the permission on the file C:\windows\system32\config
\MyApp.evt to be full control for NETWORK SERVICE.


3. Append the value of the CustomSD key in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\MyApp
with

(A;;0x3;;;NS)

4. Add in <identity impersonate="true"/> in the web.config
and then append the value of the CustomSD key in


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\MyApp
with

(A;;0x3;;;AU).


Any help is appreciated. Thanks.

-Andrew

Hello,

to troubleshoot this kind of problems I suggest you start regmon or
processmonitor from microsoft (formerly sysinternals). This gives you the
ability to track down permission issues.

Kind regards,
Henning Krause

<ndrw_cheung (AT) yahoo (DOT) ca> wrote

Quote:

Hi. I have created a web application. When using authentication
mode="Windows", writing to the events log (which I created in a
console application that was run as administrator.) works ok.
However, when I use forms authentication, it doesn't write to the
events log anymore. There are no error messages on the page displayed,
nor in the application log or security log. I have tried the following
(individually and separately), but none of it works (For your
information, the newly created event log name is "MyApp", the
eventSource is also "MyApp").

1. For the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es
\Eventlog\MyApp, I have granted full control for the user "ASPNET".

Then grant the permission on the file C:\windows\system32\config
\MyApp.evt to be full control for ASPNET.

2. For the key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\MyApp, I
have granted full control for the user "NETWORK SERVICE".

Then grant the permission on the file C:\windows\system32\config
\MyApp.evt to be full control for NETWORK SERVICE.


3. Append the value of the CustomSD key in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\MyApp
with

(A;;0x3;;;NS)

4. Add in <identity impersonate="true"/> in the web.config
and then append the value of the CustomSD key in


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\MyApp
with

(A;;0x3;;;AU).


Any help is appreciated. Thanks.

-Andrew

Thanks for the tip. On further investigation, I found that it's a
problem with using impersonation. I use Regmon to get the trace
between impersonation and non, and both traces are the same. I then
use Filemon to get the trace between the two, and I found that for the
non-impersonation, there are requests for WRITE access to the log file
(in my case it is MyApp.evt) by services.exe:1176 and the result is
success. However, in the case for impersonation, these entries are
absent (i.e. there is no WRITE request at all).

Any ideas why?

-Andrew



On Dec 3, 12:35 pm, "Henning Krause [MVP - Exchange]"
<newsgroups_rem... (AT) this (DOT) infinitec.de> wrote:

Quote:

Hello,

to troubleshoot this kind of problems I suggest you start regmon or
processmonitor from microsoft (formerly sysinternals). This gives you the
ability to track down permission issues.

Kind regards,
Henning Krause

ndrw_che... (AT) yahoo (DOT) ca> wrote in message

news:e648bb08-b081-48a2-92be-92e1f87c9576 (AT) e25g2000prg (DOT) googlegroups.com...