Can anyone explain why the following happens:
My ASP.NET application requires access to Application event log.
When I access web application initially, it returns "Security" exception (which is expected, as I haven't granted permissions to write to Application event log yet).
Then I give read/write permissions to IIS_IUSRS group on the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlo开发者_Go百科g. As a result of this action my web application starts working.
Now I remove those permissions I've granted to IIS_IUSRS group. But my web application keeps working (although I'd expect "Security" exception raised again)
So, why web application keeps working, although permissions to write to Application log have been removed?
There is a difference between the permissions required to create an event source in the event log, and the permissions required to write to an existing event source. A higher permission is needed to create the event source.
Here's a source re accessing the event log:
Least privileged accounts have sufficient permissions to be able to write records to the event log by using existing event sources. However, they do not have sufficient permissions to create new event sources.
It could be so that the permission to open the event log is caches as long as you do not restart the ASP.NET application and/or IIS. Depends on how you have done in your code.
精彩评论