Auditing and logging should be performed across the tiers of your application to avoid potential repudiation threats where users deny performing certain transactions or key operations.
If your Web application or Web service is configured for impersonation, the identity of the original caller automatically flows to an Enterprise Services application and is available using SecurityCallContext.OriginalCaller . This is useful for auditing in the middle tier . The following code shows how to access this information:
[ComponentAccessControl] public class YourServicedComponent : ServicedComponent { public void ShowCallers() { SecurityCallers callers = SecurityCallContext.CurrentCall.Callers; foreach(SecurityIdentity id in callers) { LogEvent(id.AccountName); } } private void LogEvent(string message) { try { if (!EventLog.SourceExists(appName)) { EventLog.CreateEventSource(appName, eventLog); } EventLog.WriteEntry(appName, message, EventLogEntryType.Information ); } catch (SecurityException secex) { throw new SecurityException( "Event source does not exist and cannot be created.", secex); } } }
To successfully write to the event log, an event source must exist that associates the Enterprise Services application with a specific event log. The above code creates the event source at run time, which means that the serviced component process account must have the relevant permissions in the registry.
Task To enable the serviced component process identity to create event sources
Use regedit32.exe to update the permissions on the following registry key to grant access to the serviced component process account:
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog
The account(s) must have the following minimum permissions:
Query key value
Set key value
Create subkey
Enumerate subkeys
Notify
Read
An alternate strategy is to use an Installer class and create the event source for the application at installation time, when administrator privileges are available. For more information about this approach, see "Auditing and Logging" in Chapter 10 "Building Secure ASP.NET Web Pages and Controls."