Re: Security- access to Event Viewer- SOS
From: Patrick (patl_at_reply.newsgroup.msn.com)
Date: 04/27/04
- Next message: Emmie: "Error"
- Previous message: Patrice: "Re: problems with UTF-8 encoded text in the database"
- In reply to: Patrick: "Re: Security- access to Event Viewer- SOS"
- Next in thread: Steven Cheng[MSFT]: "Re: Security- access to Event Viewer- SOS"
- Reply: Steven Cheng[MSFT]: "Re: Security- access to Event Viewer- SOS"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Apr 2004 16:47:57 +0100
Note, my test.aspx works on IIS6 on Windows 2003 but not IIS5 on Windows
2000 with SP4, although the Windows 2000 SP4 server is a bit more locked
down. e.g. it has the the High Security Template for Domain Controller
(c:\winnt\security\hisecdc.inf) applied using the Security Configuration &
Analysis snap in. But note that the the ACL has been completely relaxed on
c:\winnt\system32\config\AppEvt.cfg (the file for the Application Event
Log), to give everyone Full control to that file, but still no
joy!.......................
"Patrick" <patl@reply.newsgroup.msn.com> wrote in message
news:e6yb0UGLEHA.1192@TK2MSFTNGP11.phx.gbl...
> Also, with reference to
>
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=ub8KGufqDHA.976%40tk2msftngp13.phx.gbl&rnum=1&prev=/groups%3Fq%3DSecurity%2520Permission%2520Event%2520Viewer%2520write%2520windows%25202000%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26sa%3DN%26tab%3Dwg
>
> how come someone managed to do something very similar to what I am trying
to
> do, but I can't?!
> :'(
> "Steven Cheng[MSFT]" <v-schang@online.microsoft.com> wrote in message
> news:fcALKnCLEHA.3564@cpmsftngxa10.phx.gbl...
> > Hi Patrick,
> >
> > I have tested the test.aspx file and the code in Logging.cs. By default
> > both failed.
> >
> > Actually, if an web application must create a new event log category,
the
> > application must create a registry key under the HKEY_LOCAL_MACHINE
> > registry hive, which the ASPNET account cannot do (If we set
> > username="machine", the ASP.NET web application run with the "ASPNET"
> > account).
> >
> > To create the category at run time, you must enable impersonation, and
> then
> > you must impersonate an account that has more access rights.
> Alternatively,
> > an administrator can create the category, and the application can write
to
> > the category at run time.
> >
> > I have created one sample for reference. Before creating the new event
log
> > category, I impersonate in the code to the local administrator. After
the
> > new event log category is created, I convert the account to ASPNET
again.
> >
> > The following is the list for the code behind the page:
> >
> > using System;
> > using System.Collections;
> > using System.ComponentModel;
> > using System.Data;
> > using System.Drawing;
> > using System.Web;
> > using System.Web.SessionState;
> > using System.Web.UI;
> > using System.Web.UI.WebControls;
> > using System.Web.UI.HtmlControls;
> > using System.Diagnostics;
> > using System.Security.Principal;
> > using System.Runtime.InteropServices;
> >
> >
> > namespace eventtest
> > {
> > /// <summary>
> > /// Summary description for WebForm1.
> > /// </summary>
> > public class WebForm1 : System.Web.UI.Page
> > {
> > protected System.Web.UI.WebControls.Button Button1;
> >
> > private void Page_Load(object sender, System.EventArgs e)
> > {
> > // Put user code to initialize the page here
> > }
> >
> > #region Web Form Designer generated code
> > override protected void OnInit(EventArgs e)
> > {
> > //
> > // CODEGEN: This call is required by the ASP.NET Web Form Designer.
> > //
> > InitializeComponent();
> > base.OnInit(e);
> > }
> >
> > /// <summary>
> > /// Required method for Designer support - do not modify
> > /// the contents of this method with the code editor.
> > /// </summary>
> > private void InitializeComponent()
> > {
> > this.Button1.Click += new System.EventHandler(this.Button1_Click);
> > this.Load += new System.EventHandler(this.Page_Load);
> >
> > }
> > #endregion
> >
> > private void Button1_Click(object sender, System.EventArgs e)
> > {
> > Logging.LogError("an error message");
> >
> > }
> > }
> >
> > public class Logging
> > {
> > private const string EVENT_SOURCE = "YJBWEBSITE";
> > private const string EVENT_LOG = "Applicaiton";
> >
> >
> >
> > public Logging()
> > {
> > //Default constructor
> > }
> >
> >
> > public static void LogEventViewer(string
> > strMessage,EventLogEntryType objLogEntryType)
> > {
> > try
> > {
> > EventLog objEventLog;
> >
> > if (!EventLog.SourceExists(EVENT_SOURCE))
> > {
> > WindowsImpersonationContext wic = CreateIdentity("administrator",
> > "machinename", "password").Impersonate();
> >
> > EventLog.CreateEventSource(EVENT_SOURCE,EVENT_LOG);
> >
> > wic.Undo();
> > }
> >
> > objEventLog = new EventLog();
> > objEventLog.Source = EVENT_SOURCE;
> >
> >
> > if ( objEventLog.Log.ToUpper() != EVENT_LOG.ToUpper() )
> > {
> > System.Console.WriteLine("Some other application is using the
> > source!");
> > return;
> > }
> >
> > objEventLog.WriteEntry(strMessage,objLogEntryType);
> >
> > }
> > catch (Exception e)
> > {
> >
> > System.Console.WriteLine(e);
> > return;
> > } //end try
> >
> > } //end LogEventViewer
> >
> >
> > public static void LogError(string strMessage)
> > {
> > LogEventViewer(strMessage,EventLogEntryType.Error);
> > }
> >
> > protected static WindowsIdentity CreateIdentity(string User, string
> > Domain, string Password)
> > {
> > // The Windows NT user token.
> > IntPtr tokenHandle = new IntPtr(0);
> >
> > const int LOGON32_PROVIDER_DEFAULT = 0;
> > const int LOGON32_LOGON_NETWORK = 3;
> >
> > tokenHandle = IntPtr.Zero;
> >
> > // Call LogonUser to obtain a handle to an access token.
> > bool returnValue = LogonUser(User, Domain, Password,
> > LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT,
> > ref tokenHandle);
> >
> > if (false == returnValue)
> > {
> > int ret = Marshal.GetLastWin32Error();
> > throw new Exception("LogonUser failed with error code: " + ret);
> > }
> >
> > System.Diagnostics.Debug.WriteLine("Created user token: " +
tokenHandle);
> >
> > //The WindowsIdentity class makes a new copy of the token.
> > //It also handles calling CloseHandle for the copy.
> > WindowsIdentity id = new WindowsIdentity(tokenHandle);
> > CloseHandle(tokenHandle);
> > return id;
> > }
> >
> > [DllImport("advapi32.dll", SetLastError=true)]
> > private static extern bool LogonUser(String lpszUsername, String
> > lpszDomain, String lpszPassword,
> > int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
> >
> > [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
> > private extern static bool CloseHandle(IntPtr handle);
> >
> >
> >
> > } //end class Logging
> > }
> >
> > If there is any problem, feel free to let me know.
> >
> > Regards,
> >
> > Steven Cheng
> > Microsoft Online Support
> >
> > Get Secure! www.microsoft.com/security
> > (This posting is provided "AS IS", with no warranties, and confers no
> > rights.)
> >
> > Get Preview at ASP.NET whidbey
> > http://msdn.microsoft.com/asp.net/whidbey/default.aspx
> >
> >
>
>
- Next message: Emmie: "Error"
- Previous message: Patrice: "Re: problems with UTF-8 encoded text in the database"
- In reply to: Patrick: "Re: Security- access to Event Viewer- SOS"
- Next in thread: Steven Cheng[MSFT]: "Re: Security- access to Event Viewer- SOS"
- Reply: Steven Cheng[MSFT]: "Re: Security- access to Event Viewer- SOS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
