Event ID: 1000

Event ID: 1000

am 05.12.2006 19:48:01 von WadeBarrett

My question is, what 's the difference between the machine.config Security
Hole and giving the APSNET user Full access to the system. What am i missing
here ?

Read !!!!!!!!!!!!!!!!!!!!!!!!!

The biggest problem surrounding the move into production of an ASP.NET
application that updates performance counters is permissions. By default, in
order to increment a performance counter, the user needs to have
Administrator or Power User rights. You could change the process Model value
in Machine.Config to System, but that leaves a security hole. Which is
another way of saying, “Don't do this!!!!!”

Error:

For completeness, the event log entry that appear as a result of the lack of
permissions is as follows:

Event ID: 1000
Source: Perflib
Access to performance data was denied to ASPNET as attempted from
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

Also, on the actual call to increment the Performance Counter, the following
exception is thrown:

System.ComponentModel.Win32Exception: Access is denied

With the stack trace pointing to the GetData method in the Performance
Monitor class.

Solution:

As it turns out, the permission set that is required is much smaller than
running as “System”. In the registry key HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Perflib, set the Access Control List so that the ASPNET
user has Full Control. the problem goes away.

It's not that there is an entry for Access Control List. What needs to
happen is that the permissions on the Perf registry key needs to be set. The
easiest way to do this is with the regedt32.exe command. Execute regedt32
through Start|Run and navigate to the registry key. Then select the
Edit|Permissions menu item. In the dialog that comes up, assign Full Control
to the ASPNET user. If you don't see ASPNET in the list at the top of the
dialog, use the Add button to add it. Then allow Full Control access and
click OK.



My question is, what 's the difference between the machine.config Security
Hole and giving the APSNET user Full access to the system. What am i missing
here ?