locked
ASP 1.1 Application Error on a Server 2008 box RRS feed

  • Question

  • User1784016505 posted

    I have to de-commsion a 2003 server - and i need to move a particualr internal website over to a server 2008 box - the site runs in .net 1.1 though.

    Website runs using app pool identity, and windows auth

    I have followed the guide on installing 1.1 on server 2008.

    I have added in the IgnorePaths in machine.config

    I have added ASP.Net Machine account, APP Pool, IUSR to the Eventlog registry key.

    The app pool has modify rights over the sites home directory.

    When i hit the site, i login and i then get the following error

    Security Exception

    Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

    Exception Details: System.Security.SecurityException: Requested registry access is not allowed.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


    Stack Trace:

    [SecurityException: Requested registry access is not allowed.]
       Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable) +473
       System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly) +295
       System.Diagnostics.EventLog.SourceExists(String source, String machineName) +79
       System.Diagnostics.EventLog.SourceExists(String source) +11
       Intranet.IntranetBas.LogError(String txtMsg) in \\server\wwwroot$\Intranet\IntranetBas.vb:88
       Intranet.IntranetBas.GetSettings(ConnectUDT& ConnectSettings) in \\server\wwwroot$\Intranet\IntranetBas.vb:149
       Intranet.IntranetBas.ConnStr() in \\server\wwwroot$\Intranet\IntranetBas.vb:172
       Intranet.SalesOrderData.GetCustomers(SqlDataReader& drReader) in \\server\wwwroot$\Intranet\SalesOrderData.vb:125
       Intranet.SalesOrder.PopCombo() in \\server\wwwroot$\Intranet\SalesOrder.aspx.vb:304
       Intranet.SalesOrder.Page_Load(Object sender, EventArgs e) in \\server\wwwroot$\Intranet\SalesOrder.aspx.vb:149
       System.Web.UI.Control.OnLoad(EventArgs e) +67
       System.Web.UI.Control.LoadRecursive() +35
       System.Web.UI.Page.ProcessRequestMain() +2112
       System.Web.UI.Page.ProcessRequest() +218
       System.Web.UI.Page.ProcessRequest(HttpContext context) +18
       System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute() +179
       System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87
    

     


    Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032

    I am at a loss now of where to go from here.

    Any suggestions please?

    Friday, May 23, 2014 6:45 AM

Answers

  • User-484054684 posted

    Hi Mrast,

    Background of the issue: There is some error thrown from your application and it tries to write the error into the event log (eventviewer - i.e., eventvwr). But there are permission issues to create the eventlog. You may create the appropriate event source name etc during the installation process or you would also like to create these during the run time if the event source doesn't exist. In your scenario, probably the application is trying search the eventsource if exists before creating the event source.

    I could see you have tweaked on the permissions on registry key as well. However, please see if you have changed the identity and switched back to original to make sure the credentials are reloaded and also, try to restart the IIS after these changes are applied.

    The complete steps for eventlog permission is as below:

    1. in IIS console, go to application pool managing your site, and note the identity running it (usually Network Service) - You might have already done this.

    2. make sure this identity can read KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog (rigth-click, authorisations) - You might have done this as well.

    3. More importantly: Now change the identity of this application pool to Local System, apply, and switch back to Network Service - Please try this step, if not done already

             Credentials will be reloaded and EventLog reacheable

             Reference: http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx
                               http://stackoverflow.com/a/9067391

             Another good reference: http://www.christiano.ch/wordpress/2009/12/02/iis7-web-application-writing-to-event-log-generates-security-exception/

    Hope this helps

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, May 23, 2014 11:21 AM

All replies

  • User-484054684 posted

    Try this in your web.config under system.web section:

    <system.web><trust level="Full"/>

    Friday, May 23, 2014 6:52 AM
  • User1784016505 posted

    Hi Siva,

    Still the same im afraid. :-/

    Friday, May 23, 2014 9:32 AM
  • User-484054684 posted

    Hi Mrast,

    Background of the issue: There is some error thrown from your application and it tries to write the error into the event log (eventviewer - i.e., eventvwr). But there are permission issues to create the eventlog. You may create the appropriate event source name etc during the installation process or you would also like to create these during the run time if the event source doesn't exist. In your scenario, probably the application is trying search the eventsource if exists before creating the event source.

    I could see you have tweaked on the permissions on registry key as well. However, please see if you have changed the identity and switched back to original to make sure the credentials are reloaded and also, try to restart the IIS after these changes are applied.

    The complete steps for eventlog permission is as below:

    1. in IIS console, go to application pool managing your site, and note the identity running it (usually Network Service) - You might have already done this.

    2. make sure this identity can read KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog (rigth-click, authorisations) - You might have done this as well.

    3. More importantly: Now change the identity of this application pool to Local System, apply, and switch back to Network Service - Please try this step, if not done already

             Credentials will be reloaded and EventLog reacheable

             Reference: http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx
                               http://stackoverflow.com/a/9067391

             Another good reference: http://www.christiano.ch/wordpress/2009/12/02/iis7-web-application-writing-to-event-log-generates-security-exception/

    Hope this helps

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, May 23, 2014 11:21 AM