tags:

views:

905

answers:

4
+1  Q: 

How to get EventLog to record user name into Window Event Log?

I'm writing to the windows event log using C#. I can set every field visible in the mmc.exe "Computer Management" tool, except for the User field.

The client application is ASP.NET and uses forms authentication.

public static void WriteOnce()
{
    EventLog log = new EventLog("MyApp");
    if (!EventLog.SourceExists("MySource"))
    {
        EventSourceCreationData data = new EventSourceCreationData("MySource", "MyApp");
        EventLog.CreateEventSource(data);
    }
    log.Source = "MySource";
    log.WriteEntry("Hello World", EventLogEntryType.Information,123,456,new byte[]{1,2,3});
}

UPDATE: I checked, in ASP.NET even if set identity impersonation=true & authentication=windows and still no user.

I also checked, in a console app, no user.

+2  A: 

Well the user is the current user your AppDomain is running as. This cannot be set and Windows won't allow you to "spoof" another user.

Andrew Hare  2009-06-08 15:03:30
But it doesn't event log any user, spoofed or otherwise.
MatthewMartin  2009-06-08 15:20:28
+2  A: 

The user name in the Event Log is based on the context in which your application is running. It cannot be explicitly set. If this is an ASP.NET application, it may be using the service account.

EDIT: I found a similar question. It proposes using the Win32 Api ReportEvent function in order to set the user information.

Jose Basilio  2009-06-08 15:04:40
I think the context gets ignored all together for my sample code. If I could get the logger to use the context, I'd be happy.
MatthewMartin  2009-06-08 15:22:46
Check out this similar question: http://stackoverflow.com/questions/147307/-net-how-to-set-user-information-in-an-eventlog-entry
Jose Basilio  2009-06-08 15:26:26
+1  A: 

System.Diagnostics allows your ASP.NET application direct access to the Windows Event log. Since your application is an ASP.NET app, you can use

HttpContext.Current.User.Identity.Name

to get the current username (in this case will be Form Auth token since you're using Forms Authentication).

Jonathan  2009-06-08 15:30:45
A: 

I found a blog entry that explains how to do it, although there doesn't seem to be a completely managed way to do it. To capture the user Id, you have to use pinvoke/native method calls.

http://www.infosysblogs.com/microsoft/2007/09/logging_events_with_user_detai_1.html

For the above, it logs the user as ASPNET or NETWORK SERVICES, or the logged in user for console apps. The api call itself takes a pointer parameter to a SID. I didn't try to see if spoofing was possible.

JPucket may be right, that the only way to get the ID of a forms authenticated user in the System Event Log is via the message field.

MatthewMartin  2009-06-08 16:30:19

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?