someone may have an easier way.. but.. first off - does the user you are trying to write to event log with:
1. have the "Manage auditing and Security log" user right 2. SeAuditPrivilege - local system and network service by default have that only secondly.. you could look at other routes as well if you need 'standard' audit items - the 'alarm' functions provided by Advapi32.dll (ex PrivilegedServiceAuditAlarm ) third - there are the Authz functions.. see a nice sample at: "Use Managed Code To Generate A Secure Audit Trail" http://msdn.microsoft.com/en-us/magazine/cc163718.aspx On Wed, Aug 13, 2008 at 7:24 AM, Ron O'Rourke <[EMAIL PROTECTED]> wrote: > The entire context of this post is in an attempt to get code to write an > entry to the Security event log (it's a a requirement on our software in > certain cases). The story takes some twists and turns, so it may appear to > go off-track. For that, I apologize in advance. I'm looking for guidance > to meet the original objective. I've abbreviated the exception detail > while > preserving the core issue reported by the exception. If for any portion of > this story more detail is needed, I can furnish the requested information > (I'm trying to avoid a novel here, but I feel it's turning into a short > story). If this does not belong in Advanced, I'll move the discussion over > to CLR. > > Environment: > Virtual machine (Virtual PC 2007) running WinXP SP2 w/ 1GB allocated > memory > Visual Studio 2008 targeting .NET 2.0 SP1 > > Prior to running any of the code in an attempt to write an event log entry, > I used to following code (well before running this example as suggested by > the MSDN help article > http://msdn.microsoft.com/en-us/library/k00ce235.aspx). > > // ErrorDialog is the name of the test project > EventSourceCreationData source = new > EventSourceCreationData("ErrorDialog", "Security"); > EventLog.CreateEventSource(source); > > The base code looked like this: > > using (EventLog el = new EventLog("Security", Environment.MachineName, > "ErrorDialog")) > { > el.WriteEntry("Test"); > } > > This results in an "InvalidOperationException: Cannot open log for source > 'ErrorDialog'. You may not have write access. > System.ComponentModel.Win32Exception: The handle is invalid." > I added this code before the WriteEntry call: > > EventLogPermission elp = new > EventLogPermission(EventLogPermissionAccess.Write, > Environment.MachineName); > elp.PermitOnly(); > > http://support.microsoft.com/kb/918122 suggests the permission access > should > be Administer instead of Write. Either way, this results in > "SecurityException: Request for the permission of type UIPermission > failed." > > Google led me to http://msdn.microsoft.com/en-us/library/aa302354.aspxwhich > I followed until I tried to import the assembly with a strong name > (ErrorDialog.exe). I was presented with a dialog stating: "The import > failed. The assembly does not appear to be valid." Googling for a solution > to this does not yield any satisfactory results. I finally added the snk > to > another assembly, added a reference to the assembly to ErrorDialog, and > copy/pasted the public key (from the project file) into the Create Code > Group dialog. Still, I receive the same exception when running the test > project. I believe I'm incorrectly creating the code group, but since I > don't yet have a firm understanding of what's going wrong it is not clear > what steps I should do to rectify the problem (side-issue for the moment). > > I added the following code above the EventLogPermission code: > > UIPermission uip = new UIPermission(PermissionState.Unrestricted); > uip.PermitOnly(); > > This led to "SecurityException: Request for the permission of type > EnvironmentPermission failed." > I added the following code above the UIPermission code: > > EnvironmentPermission ep = new > EnvironmentPermission(PermissionState.Unrestricted); > ep.PermitOnly(); > > This led to "SecurityException: Request for the permission of type > UIPermission failed." Two steps back. Adding the EnvironmentPermission > code after the UIPermission code results in "SecurityException: Stack walk > modifier must be reverted before another modification of the same type can > be performed." > > The last half of this post is probably "red herring" issues. Once they are > properly addressed, I'll encounter the real issue. I'll fully admit I'm > running semi-cargo cult programming mode on this. I don't like it, but > deadlines (as is typical) impede me from spending as much time as I would > like to better understand what's going on. > > Suggestions? Comments? Smart remarks? > > =================================== > This list is hosted by DevelopMentor(R) http://www.develop.com > > View archives and manage your subscription(s) at > http://discuss.develop.com > =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
