ExamGuru IT/.Net Guru : Forms authentication and code security on ASPFriends.com 'aspngsec' list

.NETGURU

Forms authentication and code security

Messages

Related Types

This message was discovered on ASPFriends.com 'aspngsec' list.

Michael Lang

-- Moved from [aspngfreeforall] to [aspngsec] by Sheik Yerbouti <Click here to reveal e-mail address> --

I'm writing a ASP.NET Web application using using forms based security =
and I'd like to be able to write to the event log with my ASP.NET =
application. When I attempt to do this I receive an exception:-

Exception Details: System.Security.SecurityException: Requested registry =
access is not allowed.
Source Error:=20
Line 21: internal static void LogWriteError(string message)
Line 22: {
Line 23: EventLog.WriteEntry(EventLogCategory, message, =
EventLogEntryType.Error);
Line 24: }
Line 25:=20

What do I need to do give my application the necessary permissions ?
Is there a way to do this through an entry in the web.config file ?

Michael Lang=20
Fusion Technology Group=20

Reply to this message...

Alex Dresko

I believe it's the ASPNET user on the server that needs appropriate
rights to access the registry unless you're using impersonation.

Just taking a stab at that one.

Alex Dresko
Three Point Oh!

-----Original Message-----
From: Michael Lang [mailto:Click here to reveal e-mail address]
Sent: Tuesday, July 02, 2002 8:21 PM
To: aspngsec
Subject: [aspngsec] Forms authentication and code security

-- Moved from [aspngfreeforall] to [aspngsec] by Sheik Yerbouti
<Click here to reveal e-mail address> --

I'm writing a ASP.NET Web application using using forms based security =
and I'd like to be able to write to the event log with my ASP.NET =
application. When I attempt to do this I receive an exception:-

Exception Details: System.Security.SecurityException: Requested registry
=
access is not allowed.
Source Error:=20
Line 21: internal static void LogWriteError(string message)
Line 22: {
Line 23: EventLog.WriteEntry(EventLogCategory, message, =
EventLogEntryType.Error);
Line 24: }
Line 25:=20

What do I need to do give my application the necessary permissions ?
Is there a way to do this through an entry in the web.config file ?

Michael Lang=20
Fusion Technology Group=20
| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

Reply to this message...

Michael Lang

That would be correct. So when using ASP.NET Forms Authentication is =
Impersonation......

<identity impersonate=3D"true" name=3D"domain\user" password=3D"pwd"/>

.....the only means by which I can grant a user the rights to access the =
eventlog or write to the hard disk ?

-----Original Message-----
From: Alex Dresko [mailto:Click here to reveal e-mail address]
Sent: Wednesday, 3 July 2002 10:50 PM
To: aspngsec
Subject: [aspngsec] RE: Forms authentication and code security

I believe it's the ASPNET user on the server that needs appropriate
rights to access the registry unless you're using impersonation.=20

Just taking a stab at that one.=20

Alex Dresko
Three Point Oh!

-----Original Message-----
From: Michael Lang [mailto:Click here to reveal e-mail address]=20
Sent: Tuesday, July 02, 2002 8:21 PM
To: aspngsec
Subject: [aspngsec] Forms authentication and code security

-- Moved from [aspngfreeforall] to [aspngsec] by Sheik Yerbouti
<Click here to reveal e-mail address> --

I'm writing a ASP.NET Web application using using forms based security =
=3D
and I'd like to be able to write to the event log with my ASP.NET =3D
application. When I attempt to do this I receive an exception:-

Exception Details: System.Security.SecurityException: Requested registry
=3D
access is not allowed.
Source Error:=3D20
Line 21: internal static void LogWriteError(string message)
Line 22: {
Line 23: EventLog.WriteEntry(EventLogCategory, message, =3D
EventLogEntryType.Error);
Line 24: }
Line 25:=3D20

What do I need to do give my application the necessary permissions ?
Is there a way to do this through an entry in the web.config file ?

Michael Lang=3D20
Fusion Technology Group=3D20
| [aspngsec] member Click here to reveal e-mail address =3D YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp =3D JOIN/QUIT
| http://www.asplists.com/search =3D SEARCH Archives

| [aspngsec] member Click here to reveal e-mail address =3D YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp =3D JOIN/QUIT
| http://www.asplists.com/search =3D SEARCH Archives

Reply to this message...

Brad Kingsley

You could always enable security auditing on the registry to see which user
is trying to access it and which hive it's trying to read/write.

~Brad Kingsley
Microsoft MVP - ASP
Windows 2000 MCSE

http://www.orcsweb.com/
Powerful Web Hosting Solutions
#1 in Service and Support

----- Original Message -----
From: "Michael Lang" <Click here to reveal e-mail address>
To: "aspngsec" <Click here to reveal e-mail address>
Sent: Wednesday, July 03, 2002 8:21 PM
Subject: [aspngsec] RE: Forms authentication and code security

That would be correct. So when using ASP.NET Forms Authentication is
Impersonation......

<identity impersonate="true" name="domain\user" password="pwd"/>

.....the only means by which I can grant a user the rights to access the
eventlog or write to the hard disk ?

-----Original Message-----
From: Alex Dresko [mailto:Click here to reveal e-mail address]
Sent: Wednesday, 3 July 2002 10:50 PM
To: aspngsec
Subject: [aspngsec] RE: Forms authentication and code security

I believe it's the ASPNET user on the server that needs appropriate
rights to access the registry unless you're using impersonation.

Just taking a stab at that one.

Alex Dresko
Three Point Oh!

-----Original Message-----
From: Michael Lang [mailto:Click here to reveal e-mail address]
Sent: Tuesday, July 02, 2002 8:21 PM
To: aspngsec
Subject: [aspngsec] Forms authentication and code security

-- Moved from [aspngfreeforall] to [aspngsec] by Sheik Yerbouti
<Click here to reveal e-mail address> --

I'm writing a ASP.NET Web application using using forms based security =
and I'd like to be able to write to the event log with my ASP.NET =
application. When I attempt to do this I receive an exception:-

Exception Details: System.Security.SecurityException: Requested registry
=
access is not allowed.
Source Error:=20
Line 21: internal static void LogWriteError(string message)
Line 22: {
Line 23: EventLog.WriteEntry(EventLogCategory, message, =
EventLogEntryType.Error);
Line 24: }
Line 25:=20

What do I need to do give my application the necessary permissions ?
Is there a way to do this through an entry in the web.config file ?

Michael Lang=20
Fusion Technology Group=20
| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail scanned for viruses by Declude Virus]

Reply to this message...

	System.Diagnostics.EventLog
	System.Diagnostics.EventLogEntryType
	System.Security.SecurityException

ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification

Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews

.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT

Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project

FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.

Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials

	Copyright © ExamGuru, Inc. 2001-2006
	Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification