This deals with .NET and IIS.
This issue has to do with security when accessing a web service anonymously and trying to write to appliication event log.
**** <identity impersonate="true" />
IIS anonymous account = domain\ProxyAccount
With the above setting when trying to write to the application event log I receive:
Source: security
Catagory: Privilege Use
Type: Failure Audit
Event Id: 578
Privileges: SeBackupPrivilege
User: ProxyAccount
I understand that SeBackupPrivilege is required by the RegSaveKey and RegSaveKeyExfunctions.
The thing I don't understand is when I use the following which is to hardcode the userName and password into the web.config I no longer see this error.
**** <identity impersonate="true" userName="domain\ProxyAccount" password="WhatEver" />
The goal is not to hardcode the username and password.
I have to get an explanation for management why using the domain account when not hardcoding it (impersonate="true": using the anonymous IIS) does not allow writing to the event log but when hardcoding the same domain account it does allow writing to the event log.
the "domain\ProxyAccount" does have the correct permissions on the server to write to the Event Log (file and registry).
I don't know but it seems like the hardcoded account gets the correct/all of the permissions and privleges but when impersonating the IIS anonymous account it does not.
Is there any articles on this that I am missing. I have been researching this and not finding a concrete explaination of why.
Also is there a fix for this issue.
Thanks!!
This issue has to do with security when accessing a web service anonymously and trying to write to appliication event log.
**** <identity impersonate="true" />
IIS anonymous account = domain\ProxyAccount
With the above setting when trying to write to the application event log I receive:
Source: security
Catagory: Privilege Use
Type: Failure Audit
Event Id: 578
Privileges: SeBackupPrivilege
User: ProxyAccount
I understand that SeBackupPrivilege is required by the RegSaveKey and RegSaveKeyExfunctions.
The thing I don't understand is when I use the following which is to hardcode the userName and password into the web.config I no longer see this error.
**** <identity impersonate="true" userName="domain\ProxyAccount" password="WhatEver" />
The goal is not to hardcode the username and password.
I have to get an explanation for management why using the domain account when not hardcoding it (impersonate="true": using the anonymous IIS) does not allow writing to the event log but when hardcoding the same domain account it does allow writing to the event log.
the "domain\ProxyAccount" does have the correct permissions on the server to write to the Event Log (file and registry).
I don't know but it seems like the hardcoded account gets the correct/all of the permissions and privleges but when impersonating the IIS anonymous account it does not.
Is there any articles on this that I am missing. I have been researching this and not finding a concrete explaination of why.
Also is there a fix for this issue.
Thanks!!
