I'm having issues getting my permissions in order to allow my application (running in an IIS7 AppPool) to delete/add Performance Counter Categories and their data. I have code like so:
if (!PerformanceCounterCategory.Exists(CategoryName))
{
var counters = new CounterCreationDataCollection();
var opsIn = new CounterCreationData
{
CounterName = "Test Counter",
CounterHelp = "Test Counter Help",
CounterType = PerformanceCounterType.RateOfCountsPerSecond32
};
counters.Add(opsIn);
PerformanceCounterCategory.Create(CategoryName, "Service Layer Instrumentation",
PerformanceCounterCategoryType.SingleInstance,
counters);
}
The intent is to create performance counters on a system that doesn't yet have them created, so I'm not bound to a static installer behavior (I want to be able to alter counters without a lot of fuss). So far, when this works, it works well.
When I run this code in an executable, as admin, there are no problems. However, when I run it inside an IIS service, the AppPool does not have the correct permissions to execute the category alterations. I know for a fact that it's possible to get the WMI permissions to work correctly, because I did it once before for a demo with a test server... but that was months ago, I was tired, and it was last minute. The whole thing's a blur. I'm unable to reproduce my results now that I'm going back trying to formalize the install process to include the necessary security changes.
Google is only marginally helpful, and I distinctly recall having to hodgepodge together instructions from several pages before the thing worked. Does anyone have a recommendation for the complete instructions to enable Performance Counter Category editing for an IIS app pool?
If you do not want to run your performance counter code in a separate process then you can do the following below by elevating permissions.
http://msdn.microsoft.com/en-us/library/bd20x32d(v=vs.71).aspx
The above link explains performance counters in ASP.NET applications, and how ASP.NET by default does not have permission to create custom performance counters and can not read performance counters. Below is a quote from the article.
If you are using a PerformanceCounter component in an ASP.NET application, the default settings of the ASPNET user account restrict access to performance counters. The ASPNET user account, by default, can write to but not read from performance counters, and it cannot create new categories. You can use impersonation with the ASPNET account to allow creation of new categories. The impersonation identity must have sufficient privileges to create categories. If your application needs performance counters that can be specified before deployment, they can be created by the deployment project. For more information, see ASP.NET Web Application Security.
You can impersonate asp to run as a separate account that you could grant privileges too. Sample code from the ASP.NET impersonation article is below, of course you can encrypt this user name and password also. The article explains how to encrypt the username and password.
http://msdn.microsoft.com/en-us/library/aa719560(v=vs.71).aspx