System.Security.SecurityException when writing to Event Log
Solution 1
The solution was to give the "Network Service" account read permission on the EventLog/Security key.
Solution 2
To give Network Service
read permission on the EventLog/Security
key (as suggested by Firenzi and royrules22) follow instructions from http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx
- Open the Registry Editor:
- Select
Start
thenRun
- Enter
regedt32
orregedit
- Select
-
Navigate/expand to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security
Right click on this entry and select Permissions
Add the
Network Service
userGive it Read permission
UPDATE: The steps above are ok on developer machines, where you do not use deployment process to install application.
However if you deploy your application to other machine(s), consider to register event log sources during installation as suggested in SailAvid's and Nicole Calinoiu's answers.
I am using PowerShell function (calling in Octopus Deploy.ps1)
function Create-EventSources() {
$eventSources = @("MySource1","MySource2" )
foreach ($source in $eventSources) {
if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
[System.Diagnostics.EventLog]::CreateEventSource($source, "Application")
}
}
}
Solution 3
The problem is that the EventLog.SourceExists
tries to access the EventLog\Security
key, access which is only permitted for an administrator.
A common example for a C# Program logging into EventLog
is:
string sSource;
string sLog;
string sEvent;
sSource = "dotNET Sample App";
sLog = "Application";
sEvent = "Sample Event";
if (!EventLog.SourceExists(sSource))
EventLog.CreateEventSource(sSource, sLog);
EventLog.WriteEntry(sSource, sEvent);
EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Warning, 234);
However, the following lines fail if the program hasn't administrator permissions and the key is not found under EventLog\Application
as EventLog.SourceExists
will then try to access EventLog\Security
.
if (!EventLog.SourceExists(sSource))
EventLog.CreateEventSource(sSource, sLog);
Therefore the recommended way is to create an install script, which creates the corresponding key, namely:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App
One can then remove those two lines.
You can also create a .reg
file to create the registry key. Simply save the following text into a file create.reg
:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App]
Solution 4
For me ony granting 'Read' permissions for 'NetworkService' to the whole 'EventLog' branch worked.
Solution 5
This exception was occurring for me from a .NET console app running as a scheduled task, and I was trying to do basically the same thing - create a new Event Source and write to the event log.
In the end, setting full permissions for the user under which the task was running on the following keys did the trick for me:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
Related videos on Youtube
encee
Updated on January 26, 2021Comments
-
encee over 3 years
I’m working on trying to port an ASP.NET app from Server 2003 (and IIS6) to Server 2008 (IIS7).
When I try and visit the page on the browser I get this:
Server Error in ‘/’ Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.
Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and the location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.]
System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly) +562 System.Diagnostics.EventLog.SourceExists(String source, String machineName) +251
[snip]
These are the things I’ve done to try and solve it:
Give “Everyone” full access permission to the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
. This worked. But naturally I can’t do this in production. So I deleted the “Everyone” permission after running the app for a few minutes and the error re-appeared.I created the source in the Application log and the Security log (and I verified it exists via regedit) during installation with elevated permissions but the error remained.
I gave the app a full trust level in the
web.config
file (and usingappcmd.exe
) but to no avail.
Does anyone have an insight as to what could be done here?
PS: This is a follow up to this question. I followed the given answers but to no avail (see #2 above).
-
MordechayS about 9 yearsRelated: stackoverflow.com/questions/286060/…
-
MacGyver over 8 yearsAnother possible answer: Right click exe and choose "Run As Administrator"
-
h--n about 13 yearsI see similar solutions around. But I'm just wondering why it is like this. Because I can see that a lot of services are logged on as NetworkService and they must be able to read the event log /security. So why is it needed to add the permission for NetworkService ?
-
Allan almost 13 yearsFor those of us who don't normally crawl through the registry, this link may be helpful: social.msdn.microsoft.com/forums/en-US/…
-
Ben Barreth about 12 yearsNice link Allan. Point #3 by the accepted answer is important and has already bitten me once. i.e. Granting permission at the parent EventLog registry key does NOT propagate to "inaccessible logs" such as Security and Virtual Server, even though they are child keys in the registry. If you want full event log access you have to grant permission at BOTH the parent event log level and the child Security levels.
-
Grokodile about 11 yearsIn IIS7 you can assign the "NETWORK SERVICE" as the identity for an App Pool (you might find that ApplicationPoolIdentity is the default) or instead you can create a new user per Application Pool and set permissions on that "Custom account". see Specify an Identity for an Application Pool (IIS 7)
-
Zé Carlos about 11 yearsThe changes take only effect after you restart your aplication on IIS
-
Zé Carlos about 11 yearsThe changes take only effect after you restart your aplication on IIS
-
duck9 about 11 yearsI gave IIS_IUSRS permission to read/write the eventlog key, and read the Security key. My product needed write access on the eventlog key because it creates its own event source.
-
demoncodemonkey almost 11 yearsAlso try setting the application to run as LocalSystem, so the registry key is created, then you can change back to NetworkService afterwards.
-
thedrs almost 10 yearsduck9 i correct for IIS8, see here for more details : stackoverflow.com/questions/712203/…
-
Ruud Helderman over 9 yearsYou saved my day. BTW, read permission was sufficient on
eventlog\Application
andeventlog\Security
; full control required on theeventlog
root only. -
serge over 9 yearsthat is not very relevant, because the for the sub-keys like "Security" or "Virtual Server" need to grant read access individually, as permissions have been set to not inherity from the parent key.
-
wruckie over 9 yearsWhen troubleshooting in VS and got this error, this did fix it for me
-
CodeMonkey1313 about 9 yearsThis would error out because it's not VS that's invoking this call, it's the application which is likely running under a different security context.
-
Valo almost 9 yearsThis is exactly what I do for all my services. I believe that this is the right thing to do. In every service where I use the event log I have a .reg file like the one above. One little note the file must be saved as Unicode-32 (cp 1200.)
-
Maneesh Babu M almost 9 yearsThis answer describes the real reason behind the error. The check exists tries to enumerate the whole key. if it exists, checkExists works fine.
-
Anthony Horne over 8 yearsAlso look at serverfault.com/a/81246/219898 regarding App Pool Users and related permissions - for this solution. Thanks @Michael Freidgeim - was a big help.
-
Chris Fremgen about 8 yearsFor those who tried to Copy/Paste, make sure there is a space between the words "Network Service".
-
majestzim almost 8 yearsChanging the app pool from "ApplicationPoolIdentity" to "LocalSystem" solved the issue of creating/reading event logs for me.
-
Princa almost 8 yearsEventLog\Security this is the key to function, make sure you have permission on that.
-
Yousha Aleayoub over 4 yearsThis is not a right solution, especially for end-user.
-
needfulthing almost 4 yearsI followed steps 1-5 using a local account. It now has read access for the whole Security folder and sub-folders in the registry, but now I get an access error in RegistryKey.OpenSubKey().