我有一个Web应用程序，它不会（AB）使用System.Diagnostics程序跟踪的。像往常一样，一切都很正常，直到我们到了生产这个星期，在那里没有我们的听众都被击中。

I have a web application which does (ab)use of System.Diagnostics Tracing. As usual, everything went fine until we hit production this week, where none of our listeners were being hit.

研究了一下，这显然是一个用户帐户权限问题。更改 ApplicationPoolIdentity 为本地系统似乎这样的伎俩。然而，在我们的生产环境改变运行到本地系统的用户是一个没有去。我怀疑它是与的安全权限的需要运行非托管code。

Researching a bit, it was clearly a User Account permission issue. Changing from ApplicationPoolIdentity to LocalSystem seemed to do the trick. However, in our production environment changing the User that runs to LocalSystem is a no go. I suspect it has something to do with the security permission needed to run unmanaged code.

有另一种方法，使ApplicationPoolIdentity根据跟踪的工作？或者（因为我们的系统管理员的建议），我们应该创建一个自定义帐户来运行ApplicationPool？

Is there another way to make Tracing work under ApplicationPoolIdentity? Or (as our system administrator suggested) Should we create a custom account to run that ApplicationPool?

推荐答案

你有什么证据证明你TraceListeners没有被打？似乎更有可能对我说，他们被打，但是他们没有权限访问一些所需的资源（如文件）。在这种情况下，解决方案可能是简单地给你ApplicationPoolIdentity权限相应的磁盘文件夹。

What evidence do you have that your TraceListeners weren't being hit? Seems more likely to me that they were being hit, but they didn't have permission to access some required resource (such as a file). In which case the solution might be as simple as giving your ApplicationPoolIdentity permissions on the appropriate disk folder.

我建议你发布你使用（听众的更多细节如＆LT; System.Diagnostics程序＆GT;你的web.config文件中的部分中的确切的，并你现在看到的错误。

I suggest you post more details of the listeners you're using (e.g. the <system.diagnostics> section of your web.config file, and of the exact errors you're seeing.

我怀疑它是与运行非托管code所需的安全权限。

I suspect it has something to do with the security permission needed to run unmanaged code.

哪你的跟踪监听器，你认为使用非托管code？

Which of your trace listeners do you think uses unmanaged code?

我们试图EventLogTraceListener甚至TextWriterListener上，用户应该有权限的文件夹。

We tried EventLogTraceListener and even TextWriterListener on a folder that the user should have permissions.

您需要明确授予权限的应用程序池标识< /一>，这将不会默认权限。

You need to explicitly give permissions to the application pool identity, which won't have permissions by default.

授予读/写权限使用TextWriterListener的文件夹设置为IIS程序池\默认应用或任何应用程序池的名称，你正在使用。

Give read/write permission to the folder used by TextWriterListener to "IIS AppPool\DefaultAppPool" or whatever application pool name you're using.

至于事件日志，非管理员通常不具有权限创建一个事件源，所以你应该手动应用程序安装过程中创建的事件来源，或者有可能使用现有的事件源（如.NET运行库）。

As for the event log, non-administrators don't typically have permission to create an Event Source, so you should either create the Event Source manually during application installation, or alternatively it might be possible to use an existing Event Source (such as ".NET Runtime").

我认为这不是一个具体的监听器，需要非托管code的权限，但整个跟踪功能。

I think that it's not a specific listener that needs unmanaged code permissions, but the whole tracing functionality.

您正在找错了树在这里。允许运行非托管code是一个 code使用安全许可，这将不会影响应用程序下运行的帐户。你说这在LocalSystem帐户下正常工作。

You're barking up the wrong tree here. Permission to run unmanaged code is a Code Access Security permission, which wouldn't be affected by the account the application runs under. And you say it works fine under the LocalSystem account.