Auditing and Logging

The default ASP.NET process identity for Web applications can write new records to the event log, but it does not have sufficient permissions to create new event sources. To address this issue, you have two choices. You can create an installer class, which is invoked at installation time when administrator privileges are available, or you can configure the permissions on the EventLog registry key to allow the ASP.NET process identity (or impersonated identity) to create event sources at run time. The former approach is recommended

 Task   To create an application event source at installation time

1. Right-click your project in the Solution Explorer window in Visual Studio .NET, point to Add, and then click Add Component .

2. Select Installer Class from the list of templates and provide a suitable class file name .

   This creates a new installer class annotated with the RunInstaller(true) attribute.

    RunInstaller(true) public class EventSourceInstaller : System.Configuration.Install.Installer {  . . . } 

3. Display the new installer class in Design view, display the Toolbox, and then click Components in the Toolbox. Drag an EventLogInstaller component onto the Designer work surface.

   Note	If EventLogInstaller does not appear in the Toolbox, right-click the Toolbox, and then click Add/Remove Items . Then select EventLogInstaller to add this component type.

4. Set the following EventLogInstaller properties:

   • Log . Set this property to "Application" which is the name of the event log you should use. You can use the default Application log or create an application-specific log.

   • Source . Set this property to the event source name. This is usually your application name.

5. Build your project and then create an instance of the installer class at installation time.

   Installer class instances are automatically created and invoked if you use a .NET Setup and Deployment project to create a Windows installer file (.msi). If you use xcopy or equivalent deployment, use the InstallUtil.exe utility to create an instance of the installer class and to execute it.

6. To confirm the successful generation of the event source, use a registry editor and navigate to:

    HKLM\System\CurrentControlSet\Services\EventLog\Application\{source name} 

   Confirm that the key exists and that it contains an EventMessageFile string value that points to the default .NET Framework event message file:

    \Windows\Microsoft.NET\Framework\{version}\EventLogMessages.dll 

If you have an existing application and do not want to create an installer class, you must grant the ASP.NET process identity the correct access rights on the event log registry key. For registry key details and the precise access rights that are required, see "Event Log" in Chapter 19, "Securing Your ASP.NET Application and Web Services."