ASP.NET semantic logging to database with user impersonation uses app pool identity instead

Topics: Semantic Logging Application Block
Mar 19, 2014 at 2:52 PM

I am using the semantic logging block (in-process) in an ASP.NET application to log messages to a SQL Server database. The application runs with user impersonation and the calls to my custom event source are definitely being made with the client's credentials. However, the connection to the database for logging is being made with the app pool identity. I was hoping the connection would be made with the impersonated identity so I could add that identity to the written record.

In the normal logging block I remember an option to stop impersonation being reversed before logging, but I can't see an equivalent for semantic logging.

Is it possible to maintain the impersonated identity for ASP.NET using semantic logging to log to a database?

Mar 20, 2014 at 1:12 PM
The Semantic Logging Block doesn't explicitly perform or revert any impersonation. I think the issue you are seeing is that the SqlDatabaseSink uses a BufferedEventPublisher. So, when the sink receives an event it adds it to the publisher and at some later point these messages are flushed to the destination (on a different thread). In that scenario there is no impersonation context available to use so the app pool identity is used.

What you could do is create a custom sink that writes synchronously to the database -- that should use the identity of the web request.

Randy Levy
Enterprise Library support engineer
Support How-to
Mar 20, 2014 at 2:03 PM
Hi Randy,

Many thanks for the reply. That all makes perfect sense. If I want to keep the performance benefit of the buffering, I guess the client's identity needs to be passed explicitly as a parameter to the event source's WriteEvent calls. Or maybe our web site won't be so busy, so a custom sink with synchronous writing might be OK! :-)