Monday, June 20, 2011

Microsoft Patterns and Practices and Add-in Exception Logging

This post shows how to use the Microsoft Patterns and Practices (MSPP) Logging Block, and related Security Block, within an Access add-in to log exceptions to the Windows Event Viewer. MSPP is a collection of application blocks to assist developers with implementing common enterprise development scenarios.  Since sensitive logging data could be viewed by an unauthorized user, the post also introduces how to use the MSPP Security Block to prevent unauthorized access to the event log. Along with an introduction to using the security block, SharePoint Foundation 2010 base permission’s are demonstrated as an example authorization provider.


  • Microsoft Patterns and Practices Logging Block
  • Microsoft Patterns and Practices Security Block
  • SharePoint 2010 Base Permissions

Sample Code

Sample code accompanying this post can be viewed and downloaded from The Microsoft Enterprise Library 5.0 is required to compile and use the CodePlex sample.
Logging Block

The MSPP Logging Block is designed to address a wide range of enterprise application logging scenarios including logging exceptions, workflow logs and performance monitoring. This post discusses how to use the Logging Block, along with the Security Block, to enable Access add-in exception logging. Exception logging can be particularly handy to diagnose add-in issues.
 You can read the full document for this post at:

A user with proper permissions can view add-in event entries from within Access.

Logging Dialog Form

Steps to authorize a user:

Step 1 An AuthorizationRuleProvider configuration type configured in msaccess.exe.config defines a RuleProvider
<add type="Microsoft.Practices.EnterpriseLibrary.Security
    .AuthorizationRuleProvider, Microsoft.Practices.EnterpriseLibrary.Security"

Step 2 An AuthorizationProvider also defines authorization Rules
<add expression="R:ManageLog" name="ReadEventViewerLog" />

Step 3
Get the RuleProvider defined in msaccess.exe.config
IAuthorizationProvider ruleProvider =

Step 4
Get the current user identity
WindowsIdentity identity = WindowsIdentity.GetCurrent();

Step 5 Get an IPrincipal object that maps an identity to a role
IPrincipal principal = new GenericPrincipal
  (WindowsIdentity.GetCurrent(), new string[] { "ManageLog" });

Note In a production application, the user’s rule expression would be stored in a secure data store such as a SQL Server Database or the SharePoint Permissions service.
Step 6 A RuleProvider.Authorize() method  determines whether an IPrincipal has ReadEventViewerLog authorization.
canReadEventViewerLog = ruleProvider.Authorize(principal, "ReadEventViewerLog");