0

I am working on WCF Logging module. I want to enable all Security logging with WCF Service. like there are three options in auditLogLocation="Application | Security | Default. I have used Application but I want to enable Security option. I read this link Auditing Security Events.

All I want to know how to enable SeAuditPrivilege and SeSecurityPrivilege in WCF Service.

Here is my configuration

<behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
          <serviceSecurityAudit auditLogLocation="Application" suppressAuditFailure="true" serviceAuthorizationAuditLevel="SuccessOrFailure"
            messageAuthenticationAuditLevel="SuccessOrFailure" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
Seymour
  • 7,043
  • 12
  • 44
  • 51
Ravi
  • 853
  • 8
  • 17

1 Answers1

1

You should be able to configure WCF Security Auditing, to log security events to the Windows event log, by specifying the following in the configuration file:

Service Behavior definition: (e.g.)

<behaviors>
   <behavior name="myAuditBehavior">
      <serviceSecurityAudit auditLogLocation="Application"
            suppressAuditFailure="false" 
            serviceAuthorizationAuditLevel="None" 
            messageAuthenticationAuditLevel="SuccessOrFailure" />
      </behavior>
</behaviors>

Service Behavior referenced in the service definition: 

<services>
    <service behaviorConfiguration=" myAuditBehavior" ...
       <endpoint

Reference: http://msdn.microsoft.com/en-us/library/ms734737(v=vs.110).aspx

Note: you do not show the service section of your configuration section, so you need to make sure the service is using correct behavior.

Regards,

Seymour
  • 7,043
  • 12
  • 44
  • 51
  • do we need to change `auditLogLocation="Application"` to `Security` ? – Ravi Dec 27 '13 at 11:22
  • I think you can decide where you want the events written, either the Application or Security event log. The following snippet explains: The AuditLogLocation enumeration has three values: Application, Security, or Default. The value specifies one of the logs visible in the Event Viewer, either the Security log or the Application log. – Seymour Dec 27 '13 at 11:30
  • When i use above Configuration with some changes like `Contract` its stops working – Ravi Dec 27 '13 at 11:33
  • You may want to check the WCF trace file to see why it "stops working". Reference: http://msdn.microsoft.com/en-us/library/ms733025(v=vs.110).aspx – Seymour Dec 27 '13 at 11:38