C# 匿名用户调用时,Web 服务无法写入事件日志
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1168038/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Web service cannot write to Event Log when called by anonymous user
提问by John Adams
SUMMARY: How to configure a web service such that writing to the Event Log is always possible (regardless of caller)? DETAILS: I have a web service which writes an entry to the Application Log. I established the event source for this by means of a little console application and I think I understand that part of things. When I test this WS, I see I am successfully writing my entry to the Event log.
总结:如何配置 Web 服务,以便始终可以写入事件日志(无论调用方如何)?详细信息:我有一个 Web 服务,可将条目写入应用程序日志。我通过一个小的控制台应用程序为此建立了事件源,我想我理解这部分内容。当我测试这个 WS 时,我看到我成功地将我的条目写入事件日志。
The virtual directory which hosts this WS does NOTallow anonymous access and is configured for Integrated Windows Auth only.
虚拟目录哪些主机此WS确实不是允许匿名访问和配置为仅集成的Windows身份验证。
I have a web client application that calls this Webservice. When the web client site is configured for Integrated Windows Auth only, calls to the Webservice result in logging as desired.
我有一个调用此 Web 服务的 Web 客户端应用程序。当 Web 客户端站点仅配置为集成 Windows 身份验证时,对 Web 服务的调用会根据需要生成日志记录。
Yet, if I change the web client site to allow anonymous access then the Webservice attempt to log results in an InvalidOperationException. I ignore it but it would be nice to know how to get logging in the webservice regardless of how it is called. Here is a bit of my code:
然而,如果我更改 Web 客户端站点以允许匿名访问,那么 Web 服务尝试记录的结果是 InvalidOperationException。我忽略了它,但很高兴知道如何登录 web 服务,而不管它是如何调用的。这是我的一些代码:
public FileService()
{
try
{
if (!EventLog.SourceExists(g_EventSource))
EventLog.CreateEventSource(g_EventSource, g_EventLog);
System.Security.Principal.WindowsIdentity UserIdentityInfo;
UserIdentityInfo = System.Security.Principal.WindowsIdentity.GetCurrent();
string AuthType = UserIdentityInfo.AuthenticationType;
if (AuthType == "Kerberos")
{ engineWSE.Credentials = System.Net.CredentialCache.DefaultCredentials; }
else
{ engineWSE.Credentials = new System.Net.NetworkCredential("u", "p", "domain"); }
EventLog.WriteEntry(g_EventSource,
"Caller: " + UserIdentityInfo.Name +
" AuthType: " + UserIdentityInfo.AuthenticationType,
EventLogEntryType.Information, 1);
}
catch (InvalidOperationException e)
{
// do nothing to ignore: "Cannot open log for source 'myAppSourceName'. You may not have write access."
}
}
The example in the constructor above is sort of contrived for here (I am mainly interested in being able to write out info related to errors in the web service).
上面构造函数中的示例在这里有点人为设计(我主要感兴趣的是能够写出与 Web 服务中的错误相关的信息)。
I hope there is a way to configure the web service virtual directory (or the code within) so that logging is possible regardless of how it got called.
我希望有一种方法可以配置 Web 服务虚拟目录(或其中的代码),以便无论如何调用都可以进行日志记录。
采纳答案by Shiraz Bhaiji
You should also check your web.config.
您还应该检查您的 web.config。
If IIS is set to anonymous and web.config is set to windows / impersonate. Then it will be the anonymous IIS user that is trying to write to the event log.
如果 IIS 设置为匿名且 web.config 设置为 windows / impersonate。然后,匿名 IIS 用户将尝试写入事件日志。
回答by Mark Brackett
Network Service is allowed to writeto the Event Log, but not create an event source. you could give permissions to HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\to allow it to create - but if you've already created it at install time, there's no need.
网络服务是允许到写事件日志,但不能创建一个事件源。您可以授予权限以HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\允许它创建 - 但如果您已经在安装时创建了它,则没有必要。
It's possible that it's failing on the SourceExistsas well - since that requires enumerating the same registry key. I'd probably just remove the SourceExists/Create check and trust that it's there - if you're anonymous, you can't create it anyway.
它也可能失败SourceExists- 因为这需要枚举相同的注册表项。我可能只是删除 SourceExists/Create 检查并相信它在那里 - 如果你是匿名的,你无论如何都不能创建它。
