0

I'm currently working on a legacy asp.net webservice (asmx) hosted on an IIS 10 on Windows Server 2016.

In IIS the webservice is currently running with Identity ApplicationPoolIdentity. This can be changed.

I need to log Messages into the Windows Event Viewer, I use "Application Error" as the EventSource, as it apparently is an already existing event source on windows. Therefore I refer to this post and use the following C# code:

try
{
   System.Diagnostics.EventLog.WriteEntry("Application Error", "EventLog Test - Code EventLog", EventLogEntryType.Error);
}
catch (Exception ex)
{
    // log error to file
}

When I run the application, I only get the following error log:

Unable to open log for source Application Error. You may not have write access.

Which settings could I adjust in IIS/registry/C# to achieve a log into my Windows Event Viewer? Do you know how to solve this error?

Bender.
  • 71
  • 6

1 Answers1

1

This problem occurs because by default the user token of the application doesn't have the required user rights to write to the Windows event logs because of limited security access.

To provide the required permissions to the thread identity, modify the security of the event log through the below registry keys on the server machine. You should select the event log that your application is writing to:

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\System\CustomSD

The CustomSD registry value is of type REG_SZ and contains a security descriptor in Security Descriptor Definition Language (SDDL) syntax.

More information you can refer to this link: https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/aspnet/development/fail-write-event-log#resolution.

samwu
  • 3,857
  • 3
  • 11
  • 25