Trouble getting Asp.Net + Logging Application Block to log to Windows Application Event Log

Question

So I'm trying to get an Asp.Net application running on Windows 2008R2 / IIS 7.5 to log to the Windows Application Event Log using EntLib Logging Application Block.

It works great on our dev/test machines, but when we push to a more restricted environment we don't get any logs.

On the server in question we have in fact, created the event source as an admin using the powershell command New-EventLog -LogName "Application" -Source "MyApp", and configured EntLib correctly.

The usual fix I've seen is that you give your users full control in the registry to read/write to the Windows Event Log. However on the IIS/Asp.Net side we are using Windows Authentication + Impersonation, which means it would be very hard to give ALL the users this.

All of our users do exist within 4 Active Directory groups however, could I use this to give them the necessary permissions for the logging to work? Or is there another way?

Answer 1

Setting it up to Log to the Windows Event Log would have been too much work/insecure for our hosting environment, so we went with a Rolling Text Log file instead.

Answer 2

Maybe the simplest way would be to create some kind of service endpoint in a separate virtual directory or running under a different app pool that does not do impersonation, and send the log events to that.

Otherwise your best bet is to make sure all your users are in a specific group and give the group permissions to write to the event log. Trying to give each individual user the same permission would get old really quick.