1

I have developed a quite simple ASP.NET web application that reads the system event logs entries.

When I am debugging or running it from VS 2017 (hosted in IIS Express) I am able to read the log entries without any issue.

Once I deploy/publish this asp.net web app on IIS 8 and try to read the system event log entries it doesn't work. If I check the event viewer I get something like this (translated from Spanish) :

System.InvalidOperationException: Unable to open the Application record on the computer Windows has not provided an error code. ---> System.ComponentModel.Win32Exception: Access Denied"

I have read other questions but are related to writing in the event log. I'm just interested in being able to read system event log entries. I guess it has something to do with permissions but I don't know which permissions I would have to set and to which user.

Here there are some parts of my code:

System.Diagnostics.EventLog  eventLog = new EventLog(LogName, machineName);
...
EventLogEntryCollection entries = eventLog.Entries; //This is where I get the Acces denied Exception.

Answer (workaround)

It may be not the proper way to solve it (for security issues), but as it is for the moment an internal application, I have made it work like this. That is, read the log Events from several remote machines through the use of impersonate on my web.config file

<system.web>   
   <identity impersonate="true" userName="SomeDomainUserWithRigtsToread" password="itsPwd"/>
Sebastian Inones
  • 1,561
  • 1
  • 19
  • 32
  • 1
    You need permissions to read the event log. When you debug your web app, it's running under your account and has your permissions. In production it's running under the application pool's account and using *its* permissions. You need to allow the application pool account to read the Event log or use an account that has this permission. – Panagiotis Kanavos Jul 23 '18 at 13:24
  • I haven't been able to (_probably to lack of know-how_) to allow the application pool account to read the Event log. I have sorted out through the use of **impersonate** – Sebastian Inones Jul 30 '18 at 07:43
  • It's good that you found an answer & letting us know here , however could you move that part (which you added into the question) into an Answer? This is common practice and more clear than when it's strapped onto the question. – Peter B Jul 30 '18 at 07:57
  • 1
    Thanks @PeterB for your feedback on how to properly answer this. – Sebastian Inones Jul 30 '18 at 09:13

1 Answers1

1

Note: It may be not the proper way to solve it (for security issues), but as it is for the moment an internal application, I have made it work, that is, read the log Events from several remote machines through the use of impersonate on my web.config file

<system.web>   
   <identity impersonate="true" userName="SomeDomainUserWithRigtsToread" password="itsPwd"/>
Sebastian Inones
  • 1,561
  • 1
  • 19
  • 32