Do you think passing in the current process' credentials as soon as
they are available would solve the problem?
I made a static event on Global called PreRequestHandlerExecute that
gets fired inside of Application_PreRequestHandlerExecute. This
appender subscribes to the event and executes code the first time the
PreRequestHandlerExecute event is fired. It then unsubscribes itself
from the event.
// untested
public class AspNetSecurityContextAdoNetAppender : AdoNetAppender
{
public override void ActivateOptions()
{
Global.PreRequestHandlerExecute +=
new EventHandler(this.OnPreRequestHandlerExecute);
base.ActivateOptions();
}
private void OnPreRequestHandlerExecute(object s, EventArgs e)
{
WindowsSecurityContext context = new WindowsSecurityContext();
context.Credentials =
WindowsSecurityContext.ImpersonationMode.Process;
context.ActivateOptions();
SecurityContext = context;
// System.Delegate.Remove ???
Global.PreRequestHandlerExecute -=
new EventHandler(this.OnPreRequestHandlerExecute);
}
}
--- Billy Barnum <[EMAIL PROTECTED]> wrote:
> Ah. I see now. I'm afraid you're S.O.L., Colin. (Unless someone else
> out
> there has a better idea?)
>
> You see, you need to be calling that configureandwatch() or
> configure() only
> once per application "session", yes? And for ASP.NET, that point is
> Application_Start(), when the web site is brought up. However - and
> this is
> a big however - there is no current user at that point.
> CurrentPrincipal is
> a big fat (thin?) null. Makes sense, right? No one has connected.
>
> So you're problem is not that log4net won't let you pass in current
> process
> credentials ... it's that there are none to pass at the time that
> configure() or configureandwatch() are called . Therefore you have to
> connect as a user, and in turn to do that you need to provide a
> domain and
> password, or use a database id.
>
> The only way I could see for the keepers of log4net to solve this
> problem
> would be to go back and try to re-fetch credentials at the point you
> log
> events to adoappenders in your code ... or any point after
> application
> startup. Might be possible, dunno. Prolly very expensive in
> performance,
> though, if it's even possible. I'd hafta think about it.
>
> Myself, I'd love it if this were possible, because I've started to
> use
> log4net as more than a debugging and tracing tool, I've made it part
> of
> *application* logic in certain areas and like you "logged" to
> relational
> databases; saved my clients time and $$$. But this security gotcha
> seems to
> be the price.
>
> Is there hope?
>
> -BillyB
>
> WILLIAM BARNUM
> [EMAIL PROTECTED]
