ASP.NET: Security Issues Surrounding Writing to the Event Log

By default, the ASPNET user does not have permissions to write to default event logs---even the Application log. One way to address this issue is to let your web application impersonate a user with the correct permissions by entering the impersonate element in the system.web element of the Web.config file:

&lt;system.web&gt;
    ...
    &lt;identity impersonate=&quot;true&quot; userName=&quot;MyUserName&quot; password=&quot;MyClearTextPassword&quot; /&gt;
    ...
&lt;/system.web&gt;

Another way is to use the Security > Permissions... command in regedt32 on this key:

HKEY_LOCAL_MACHINE&bsol;&bsol;System&bsol;&bsol;CurrentControlSet&bsol;&bsol;Services&bsol;&bsol;EventLog

Add the ASPNET account and grant Full Control.

mod date: 2003-09-21T22:43:38.000Z