Re: How to audit application actions.

Jeffrey Tan[MSFT] wrote:
Hi Frank,

In .Net Winform, we should use Application.ThreadException event as the global unhandled exception handler to catch all the exceptions in main GUI thread. In this global unhandled exception handler, ThreadExceptionEventArgs.Exception.StackTrace property will reveal the call stack information of the crash exception. You may save it to the event log or some other suitable places.

I'll do that. Though i am not sure that it will work, because even though the app is of type Windows Application, all the processing happens in Program.cs and then the program exits. There are no actual GUI involved. So in that respect, it is almost like a Console app. The only reason it is not a console app is that other apps must be able to kick it off and the users don't want to see the black box quickly appear and disappear.

However, .Net Winform has set a default global unhandled exception for Application.ThreadException, which will pop up an error dialog with all the error information including the stack trace log. Please see the attached Default_ThreadException.jpg. So, I am actually surprised to see that your application will pop up a "Send Error To Microsoft" dialog on crash. Note: this Application.ThreadException event can only catch the exceptions thrown in main GUI thread.

Yes, I am surprised as well. Getting the crash with the dialog in your screenshot would be a welcome change - at least I could see the trace.


Based on the description, it seems that you have used big try...catch clauses to catch the crash exception, but when you are trying to log it to the disk file, it failed a second time. Because this problem only occurs under the limited user account, I suspect the second crash during the logging should be caused by the security issue. In .Net, there are 2 types of security: .Net Code Access Security and Windows account security.

No, I don't think it fails on logging because I am logging everything up to a certain point. Then the logging ceases and the "Send to MS dialog" pops up. Besides the directory it is logging to is totally open to everyone (i gave everyone full rights).

First, once your Winform application is launched from the local file system, the .Net CAS will full trust your application, so the .Net CAS should not cause any problem in this scenario. Then, the most possible problem is the Windows security exception. Can you tell me which location your application is trying to log? I suspect the limited user account may not have enough write NTFS permission to that location(such as file/directory). So when you are logging to that file, the Windows NTFS finds you do not have pemission to write to it, and an security exception is generated. For example, if the log file or the log directory is created by an Administrator, then the default NTFS security setting over this file/directory will not allow the limited user account to write to it.

The directory has full NTFS permissions on it.

If my assumption is correct, the solution is either changing the logging location to a private folder which the limited account have write permission or changing the NTFS security setting of the location to give this limited user account proper write permission.
.

Relevant Pages