A
Alex Fedotov
Hello,
I am trying to write to a custom event log from a process that runs as a
regular user, not an administrator. I am receiving
System.Security.SecurityException with the additional information that
"requested registry access is not allowed". The call stack is as follows:
mscorlib.dll!Microsoft.Win32.RegistryKey.OpenSubKey(string name =
"Security", bool writable = false) + 0x221 bytes
system.dll!System.Diagnostics.EventLog.FindSourceRegistration(string source
= "Common Library", string machineName = ".", bool readOnly = true) + 0x1a2
bytes
system.dll!System.Diagnostics.EventLog.SourceExists(string source = "Common
Library", string machineName = ".") + 0xd9 bytes
system.dll!System.Diagnostics.EventLog.WriteEntry(string message = "...",
System.Diagnostics.EventLogEntryType type = Warning, int eventID = 0x0,
short category = 0x0, byte[] rawData = <undefined value>) + 0x160 bytes
system.dll!System.Diagnostics.EventLog.WriteEntry(string message = "...",
System.Diagnostics.EventLogEntryType type = Warning, int eventID = 0x0,
short category = 0x0) + 0x20 bytes
acme.common.dll!Acme.Common.Log.Write(string source = "Common Library",
System.Diagnostics.EventLogEntryType type = Warning, string format = "...",
System.Object[] args = {Length=0x2}) Line 104 + 0x15 bytes
As it can be seen from the call stack, it is the EventLogSourceExists method
that fails. As far as I understand the logic of this method, it opens all
registry keys below the EventLog service key looking for the specified event
source. When running as a regular user, not surprisingly, it fails to open
the registry key of the Security event log.
I see this as a bug in the .NET Framework, as it makes nearly impossible to
write events to a custom event log (writing to the Application log works,
probably because the Application key gets enumerated prior to the Security
key).
Can anyone confirm that such a problem exists? Is there any workaround
except than using P/Invoke to call the old good ReportEvent API?
-- Alex Fedotov
I am trying to write to a custom event log from a process that runs as a
regular user, not an administrator. I am receiving
System.Security.SecurityException with the additional information that
"requested registry access is not allowed". The call stack is as follows:
mscorlib.dll!Microsoft.Win32.RegistryKey.OpenSubKey(string name =
"Security", bool writable = false) + 0x221 bytes
system.dll!System.Diagnostics.EventLog.FindSourceRegistration(string source
= "Common Library", string machineName = ".", bool readOnly = true) + 0x1a2
bytes
system.dll!System.Diagnostics.EventLog.SourceExists(string source = "Common
Library", string machineName = ".") + 0xd9 bytes
system.dll!System.Diagnostics.EventLog.WriteEntry(string message = "...",
System.Diagnostics.EventLogEntryType type = Warning, int eventID = 0x0,
short category = 0x0, byte[] rawData = <undefined value>) + 0x160 bytes
system.dll!System.Diagnostics.EventLog.WriteEntry(string message = "...",
System.Diagnostics.EventLogEntryType type = Warning, int eventID = 0x0,
short category = 0x0) + 0x20 bytes
acme.common.dll!Acme.Common.Log.Write(string source = "Common Library",
System.Diagnostics.EventLogEntryType type = Warning, string format = "...",
System.Object[] args = {Length=0x2}) Line 104 + 0x15 bytes
As it can be seen from the call stack, it is the EventLogSourceExists method
that fails. As far as I understand the logic of this method, it opens all
registry keys below the EventLog service key looking for the specified event
source. When running as a regular user, not surprisingly, it fails to open
the registry key of the Security event log.
I see this as a bug in the .NET Framework, as it makes nearly impossible to
write events to a custom event log (writing to the Application log works,
probably because the Application key gets enumerated prior to the Security
key).
Can anyone confirm that such a problem exists? Is there any workaround
except than using P/Invoke to call the old good ReportEvent API?
-- Alex Fedotov