EventLogPermission
I am getting an EventLogPermission exception when calling my assembly from an ASP.NET 2.0 app. I tried setting the assembly to FullTrust via caspol.exe, but I still get this exception.Firstly, I am not attempting to log from ASP.NET directly, but from a dependent assembly (albeit in the same process space - effectively the same thing, I assume). I am loading the web app and assemblies over UNC. I am also impersonating a Domain Admin account in my web.config. My trust level is the default setting of "Full". I have tried various caspol commands such as "caspol -m -fulltrust\\mydomain\dfsroot\dfslink\myapp\bin\myassembly.dll" with no luck. The full stack trace is as follows (with real names obscured to protect the innocent):
System.Security.SecurityException: Request for the permission of type 'System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
at System.Security.CodeAccessSecurityEngine.Check(PermissionToken permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32 checkFrames, Int32 unrestrictedOverride)
at System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap, StackCrawlMark& stackMark)
at System.Security.CodeAccessPermission.Demand()
at System.Diagnostics.EventLog.SourceExists(String source, String machineName)
at System.Diagnostics.EventLog.SourceExists(String source)
at MyException..ctor(Object oSource, Int32 nCode, String sMessage, Exception oInnerException, Boolean bLog)
at MyAssembly.Foo() in\\mydomain\dfsroot\dfslink\myapp\App_Code\Blah.cs:line 125 Thanks!
Hi,
Have u tried to do the same from the Runtime Security Policy UI from within
Administrative Tools->Microsoft .NET 1.1 Configuration.
Use the "Increase Assembly Trust" option and set it to full.
Regards,
Vikram
I suspect that the problem you are having is that the calling assembly does not have full trust. CAS (Code Access Security) requires that all assemblies in the call stack have appropriate permission to execute the desired method - in this case EventLogPermission. This is to prevent luring attacks where an attacker doesn't have permission to call a method, but asks a trusted assembly to call the method on its behalf. You have a few options:
- Trust the calling assembly.
- Strong name (i.e. sign) both with the same key pair and trust the signing key.
- Apply the [AllowPartiallyTrustedCallers] attribute to your trusted assembly.
The last option - [AllowPartiallyTrustedCallers] - should only be done after a full security review of your API to ensure that it is not subject to luring attacks or other exploits. (For a quick rundown, check out
http://msdn.microsoft.com/msdnmag/issues/03/08/SecurityBriefs/.) Option#2 is definitely my recommendation.
The previous post from James Kovacs offers up a good solution. I'd strong name the assembly, bring up the .NET Configuration Tool, go to Machine Runtime Security Policy, and create a new codegroup under the My_Computer_Zone that grants assembilies signed with that strong name fulltrust.
Shel Blauman
The suggestion to strong name the assembly and create a custom code group is definitely right. I would only add a couple of small things: 1) Don't just assign full trust to the assembly. Use the principle of least privilege and assign it ONLY the permission that it needs. (Assigning full trust is like writing an app that needs to run under an admin account.) In this case you should assign it all of the permissions from the intranet zone plus EventLogPermission. In general, you should never assign anything full trust unless there is a demand for the full trust permission set somewhere and your app explicitly needs full trust to run.
2) You only need to apply the AllowPartiallyTrustedCallers attribute if the assembly will be called by a partially trusted app. If your web app is running in full trust, there is no need to apply the attribute at all. Basically, whenever you strong name your assembly, the runtime automatically adds a link demand for full trust to all of your methods, which is a good thing. The AllowPartiallyTrustedCallers attribute turns this off. So, you should just run with the default and not apply APTCA if you can.
Stephen
