Writing to the EventLog from a Web Application

Introduction

When I was a young lad in college, I wrote undetectable viral hacks, keyboard sniffers, and collected more passwords than I care to count. (Thankfully, the statute of limitations—this was 20 years ago—has run out.) I never stole anything or wrecked anyone's data, but I did encourage a young fellow to send roses to his girlfriend and hooked a football player, Napolean XXXXXXX (last name omitted), up on a blind date. I understand the allure of going and being places one isn't allowed, but this crap makes life a pain in the butt for the rest of us.

I wonder whether you should hate hackers and those nitwits who tweak Trojans, so the rest of us have to keep sending money to McAfee?! I also wonder if maybe the sparring and jousting among programmers, Microsoft and hackers, and cyber thieves aren't necessary to push the technology forward, at least as far as security is concerned, so we all are protected from worse—cyber terrorists. With the economy in the shape it's in, an effective cyber terror attack could push the economy into the trash compactor and send normally sane people running for the bunker. The unfortunate net effect in my little community is like taking off my shoes at airport security—I have to re-learn how to do little things over.
 Clearly mucking about in the Registry or event logs could be a hugely potential security risk, so this is just one of many areas where the wheel-of-torture that is security gets tightened down. If you have had any difficulties creating and using the event log for ASP.NET, this article should help you "learn" to do it right (again).

Writing to the EventLog

If you wanted to write to the EventLog, you can still create an instance of the EventLog and call WriteEntry. By default, your entry will be written to the Application log. If you wanted to create a new log source—a dictionary entry for your application—you could write code like that shown in Listing 1.
 Listing 1: Code that tries to create an event source but is doomed to fail due to a lack of permissions to the Security log.
 


Imports System.Diagnostics

Partial Class _Default
   Inherits System.Web.UI.Page

   Protected Sub Page_Load(ByVal sender As Object, _
      ByVal e As System.EventArgs) Handles Me.Load

      If (Not EventLog.SourceExists("MyApp")) Then
         EventLog.CreateEventSource(("MyApp", "Application")
      End If

      'Write entry here
      EventLog.WriteEntry(SOURCE, "Test")
   End Sub
End Class
The code checks to see whether the source exists; if not, it creates it. The EventLog uses queuing (it might be DCOM, I don't remember and it's not important right now), but there can be a latency between doing things to the EventLog and those tasks actually completing. In short, this means that it is better to create an event source in advance of needing it.
 The problem with the preceding code is that it won't work. If you try to create or use a custom log, you are going to get a security exception (see Figure 1)—for sure under Windows Vista, Visual Studio 2008, and IIS 7 (and Cassini). I am not sure how many other back-combinations will cause this error; the point is that it's going to be a challenge going forward. Worse, having searched the Web thoroughly, Google returns blogs and articles that instruct one to hack the Registry security permissions for EventLogs (bad idea and not a sustainable approach) or write a look that edits the Registry with code (also clumsy). The best approach is none of these.
See full detail: http://www.codeguru.com/vb/vb_internet/aspnet/article.php/c15905/

Comments

Post a Comment

Popular posts from this blog

Basic concept and fundamentals of ASP.NET MVC (Model View Controller) Architecture

Image
This is basic concepts and fundamentals of ASP.NET Model View Controller (MVC) architecture workflow. MVC is stands for MODEL VIEW CONTROLLER. ASP.NET MVC is an architecture to develop ASP.NET web applications in a different manner than the traditional ASP.NET web development. Web applications developed with ASP.NET MVC are even more SEO (Search Engine) friendly. Microsoft .Net Framework 3.5 is minimum requirement to develop ASP.net MVC application.   MVC (Model View Controller) Interaction with Browser Like a normal web server interaction, MVC application also accepts requests and responds to the web browser in the same way.   Inside MVC Architecture The entire ASP.NET MVC architecture is based on Microsoft .NET Framework 3.5 and in addition uses LINQ to SQL Server. What is a Model? MVC   model   is basically a C# or VB.NET class A   model   is accessible by both   controller   and   view A   model   can be used to pass data ...
Read more

MVC Architecture Model In ASP.NET

Image
When developing ASP.NET applications the need of reducing code duplication increases along with their complexity. This is because testing and performing changes become very difficult tasks when having many different sources of code with the same functionality. Model View Controller architecture (or pattern) allows us to separate different parts of our applications into tiers to fulfill this need. MVC Overview Model View Controller architecture aims to separate an application into three parts: Model:  It is the business logic of an application. From an object oriented perspective it would consist of a set of classes that implement the critical functionality of an application from a business point of view. View:  It can consist of every type of interface given to the user. In ASP.NET the view is the set of web pages presented by a web application. Controller:  This part of the architecture is the most difficult to explain, hence the most difficult to implement in ...
Read more

ASP.NET MVC 3 Introduction

Image
This article will explain you the basics of ASP.NET MVC 3 Web application by using Microsoft Visual Web Developer 2010 Express Service Pack 1, which is a free version of Microsoft Visual Studio 2010.  Make sure you've installed the prerequisites listed below before you start. You can install all prerequisites by clicking this link:  Web Platform Installer . OR, you can individually install the prerequisites by the following links: Visual Studio Web Developer Express SP1 prerequisites ASP.NET MVC 3 Tools Update SQL Server Compact 4.0  (runtime + tools support) If you're using Visual Studio 2010 instead of Visual Web Developer 2010, install the prerequisites by clicking the following link:  Visual Studio 2010 prerequisites . A Visual Web Developer project with C# source code is available to accompany this topic.  Download the C# version . If you prefer Visual Basic, switch to the  Visual Basic version  of this tutorial. What You'll Build You'...
Read more