"Access Denied" when ASP.Net accesses Eventlog

An ASP.Net applicatin may return an "Access Denied" error when it is accessing the Eventlog.

If it is not a GPO permission issue from your domain controller, you may need to check the SDDL string specified in the registry for the EventLog.

For example, if the identity of the App pool is the "Network service" account, "impersonation" in the web.config is true and authentication is enabled, you may need to add a WRITE access (A;;0x2;;;AU) for the authenticated users to the following registry key.

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\CustomSD
        
        
        (A;;0x2;;;AU)             Note: AU means "Authenticated Users"

Similarly, you can grant permissions for the "Network service" account. 

        (A;;0x2;;;NS)              Note: NS means "Network service" account

What (A;;0x2;;;AU) is? You can check out Microsoft's SDDL (Security Descriptor Definition Language) on MSDN.

See also

  • SQL: Use Dynamic SQL Query Correctly
  • SQL 2005: Use DMV and CROSS APPLY to Get Cached Plans
  • SQL 2005: Discontinued or Deprecated Features in SQL Server 2005
  • SQL 2005: Default Trace Enabled Option
  • SQL 2005: Column Level Permissions
  • SQL 2005: SQLCMD Supports Parameterized Variables and Macro Features
  • SQL 2005: DTS Has Become SSIS now
  • SQL 2005: Microsoft SQL Server 2005 JDBC Driver
  • SQL 2005: Query Notifications in ADO.Net 2.0
  • SQL 2005: Overcome SQL Index Size Limit
  • SQL 2005: DDL Triggers
  • SQL 2005: Why Should Use 64 Bit Now
  • SQL 2005: How to Rebuild The Master Database
  • SQL 2005: A Little Trick to Install SQL 2005 Onto Your Dirty DEV Machine
  • SQL 2005: New Resource Database
  • SQL 2005: Alter Index Rebuild
  • SQL 2005: XQuery Sample
  • SQL 2005: How to Move Database
  • SQL: Use COALESCE to Generate a List
  • SQL: How to Debug SQL Deadlocks
  • .Net: How to Bypass Strong Name Check
  • Agile: Lean Software Development - An Agile Toolkit
  • ORM: How to Use nHibernate 1.2 to Call Stored Procedure to Return a Dataset Without a Mapping Entity
  • AJAX: ASP.NET AJAX Tips
  • .Net: Debugging Commands
  • .Net: How to Run NUnit And Debug Your Test Fixtures Directly from VS 2005
  • .Net: How to Add Domain User to Local Group
  • .Net: Lock Value Type?
  • .Net: How to Create an Instance of a Generic Type with Parameters
  • .Net: How to Get Address of a Managed Type
  • ORM: New Features of nHibernate 1.2
  • .Net: How to Get System Error Message from HRESULT in Managed Code
  • .Net: Use Windows PowerShell Now
  • WMI: Use WMI to Run Commands on Remote Machine
  • API: GetLogicalProcessorInformation to Detect CPUs
  • .Net: How to Implement Singleton Correctly
  • .Net: There is no MTS object context (Exception from HRESULT: 0x8004E004)
  • .Net: The Net Objectives Pattern Repository
  • Web: Access Denied When ASP.Net Accesses Eventlog
  • Nant: Error Loading GUID of Project
  • AJAX: Ajax in Action
  • DTC: DtcGetTransactionManager Fails
  • .Net: Run .Net 1.1 COM+ Serviced Components Under .Net 2.0 Framework
  • .Net: Debugging Managed Code Tip
  • .Net: Assembly Binding Log Viewer (Fuslogvw.exe)
  • .Net: .Net Framework Design Guidelines
  • .Net: Use Global Catalog and CheckTokenMembership to Check AD Group Membership



    • THIS POST IS PROVIDED "AS-IS" WITH NO WARRANTIES AND CONFERS NO RIGHTS. Build time: Sun 03/30/2008 . ©2007 Dalun Software. All rights reserved. Back to Article List