Writing to an event log in ASP.NET on Windows Server 2008 IIS7

Question

I\'m trying to use log4net to write to a customer event log under IIS7 on Windows Server 2008 SP1. However, account doesn\'t seem to have access to write to the event log. D

Answer 1

IIS 8 permission solving answer

I am lazy and didn't create a special log in my code, instead I used:

System.Diagnostics.EventLog.WriteEntry("MyAppName", "Bla Bla SQL ERROR: "+sx.Message);

Just to complete Michael's answer In IIS8 the user used by IIS when running server side code is : IIS_IUSRS

(actually its more complicated because there are virtual accounts within IIS_IUSRS but they get permissions from that account, see IIS_IUSRS and IUSR permissions in IIS8 form more details)

That user only requires READ permission on this registry node:

HKLM\System\CurrentControlSet\Services\Eventlog\Security

The reason for this is that when a new log source is written to, before creating it, the system wants to check that it doesn't exist so it needs to READ the source names.

Also, if you are using the iis express of visual studio, it will run under your personal credentials, so if you don't have read access permission to the registry node above you will need to add it too when debugging under visual studio.

(If administrators has permission to the node and your are in that group, it is not enough, you need to run visual studio 'as administrator' - which will work only from visual studio shortcut and not the sln shortcut)

Another note: If the computer is in a domain and you can't find the IIS_IUSRS account when editing registry permissions, it is likely you are looking in the wrong 'location', searching for the account on the domain active directory instead of the local computer)