I've got an ASP.NET WebForms app that I've written, which uses the ASP.NET AJAX Toolkit. I've put the MultiView control onto the web form, and it worked fine, when I had it under Vista. Well, I had to replace my machine (HD failed) and I went to Windows 7 Ultimate. I tried copying the ASP.NET app from the system (before it finally failed for good) and put it onto the Windows 7 machine. I can bring up the app fine, go to all pages, but the one with these controls on it. When I do I get the following error:
Security Exception
Description: The application attempted to perform an operation not allowed by the
security policy. To grant this application the required permission please contact your
system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of
type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' failed.
What's going on? How do I fix it?
I was able to fix this in my dev environment (local machine) by changing an advanced setting on my Default Application Pool. The section titled 'Process Model' has a setting 'Load User Profile'. When I changed this to 'True' the issue stopped happening.
Related
I am receiving the following error message:
Server Error in '/' Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: System.Security.Permissions.SecurityPermission
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: System.Security.Permissions.SecurityPermission]
MySql.Data.MySqlClient.MySqlClientFactory..cctor() +23
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272
MySQL: mysql-connector-net-6.7.4
The problem only occurs if run from the shared web hosting environment. The site works great locally. I know the version of the .Net connector that my shared hosting environment uses, as that was another issue that I resolved and I was in communication with the hosting provider.
The error is interesting. I can go to the default page, no issues, the very first time. I then go to bring up a popup dialog, which throws another error message box.
Exception has been thrown by the target of an invocation.
The above is everything, except for the okay button.
I can bring up the first popup, a sign in dialog, which comes up. That dialog does not invoke MySQL. I bring up the second dialog, a registration dialog, which then throws the "Exception has been thrown..." message box. After that, I cannot go back into the sign-in dialog, as I get the "Exception has..." message box. If I press F5 to refresh the browser (IE or Chrome), I get the error from above. The above error indicates MySQL and some permissions.
I am suspecting that the "Exception has been thrown..." error is the result of the same MySQL, just the page has memory. Closing the browser window and launching the browser window again does not help, although on Chrome that works, just the browser window there really has to close down all the way.
I am in a shared hosting environment, so I have access to basically nothing, so I do not have access to any logs, at least that I can think of.
One final thought that may or may not be relevant. Yesterday and previous days my development work was done on a system with Windows 7 Professional and Visual Studio 2012 Professional (all latest service packs and updates), whereas today I am working at a different computer of mine, which is a system with Windows 8 Professional and Visual Studio 2012 Ultimate (all latest service packs and updates on the OS and VS). I was reading some other posts on unrelated issues that people with VS2012 Ultimate had issues, so I am not sure that has anything to do with it, but that is something that changed from yesterday to today.
Yes, I deleted everything off of the server and uploaded everything anew. I did a clean solution first, built the release, and then published. I still received the same error.
Any thoughts?
By default most hosts use "Medium" trust level. You can change your web.config as below to get full trust:
<configuration>
<system.web>
<trust level="Full" />
</system.web>
</configuration>
Using .NET 4.0, I have a small ASP.NET app that utilized the ReportViewer object, I have created a web page that takes some user input and generates a report that is displayed using the ReportViewer control with ProcessingMode set to local.
Naturally, it works perfectly when run via VS 2010 in debugging mode and if I publish it to IIS running on my local machine. However, when I push it to production, I get the following error when actually trying to run the report
For the image impaired:
Failed to load expression host assembly. Details: Could not load file or assembly 'Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. Access is denied.
I have verified that the assembly (as well as the other reportviewer dependencies) is in the GAC. There don't seem to be any errors in the event log on the server.
Any ideas what the permission problem might be?
What authentication are you using in IIS? (e.g. windows, anonymous, ASP.NET impersonation)
As it happens, the production environment I was deploying to is a web farm and the virtual directories point to a location on a network drive. When I tried deploying to a non farm server, with a virtual directory located on the server itself, this worked. The permissions are identical in the two environments, so I can only assume that something about this control didn't like being located on a different box than IIS and ASP.NET.
I'm not sure if this is actually an "answer", so apologies in advance if I've handled this wrong from a stackover perspective.
I have an ASP.NET application, using LINQ to connec to a SQL Server 2008 R2 databse.
My connection string:
Data Source=[SqlServerIp];Initial Catalog=[databaseName]User Id=newLogin;Password=newPassword;
When I deploy the application on my local IIS (which is not the same machine as database server) it works fine, but when I deploy application on other IIS (the same machine as SQL Server) it throws an exception:
System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Anyone knows how to fix it? Maybe it is due to some bad configuration of IIS?
I would get this error when trying to run a Web Service in debug mode. I found that it was because code was on a network drive (in my case my documents was on the home drive).
I would suggest checking that the code in not a network drive.
I had faced the same problem, and I resolved this way:
Changing the app pool identity that my application uses in IIS to pre-built account NetworkService.
The default identity is ApplicationPoolIdentity, and looks like it doesn't have enough privileges to access network resources.
The security context under which your ASP.net application is running does not have permissions to load that sql client assembly. The out of the box context, ASPNET, does, so there's problem been some custom configuration that has broken it...it's difficult to say what without being able to look at the box.
But the bottom line is that the security context of the application doesn't have perms to that assembly. The following steps should get you working:
Write a page that outputs the security context of the application:
Response.Write(System.Security.Principal.Current().WindowsIdentity.Name);
Add the user named on that page to the administrators group. This should allow the assembly to load.
Reduce the permissions of the specified user to a minimum downward from administrator.
After deployment of new version of our ASP.NET 2.0 application, it started to raise security exception: „System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.“.
After quick research on internet we were able to resolve this isse by setting „Load User Profile“ to True in IIS 7.5 application pool. This solution is also mentioned several times here on stackoverflow:
Strange ASP.NET error !
System.Web.AspNetHostingPermission Exception on New Deployment
Running a asp.net web application project on IIS7 throws exception
However we were unable to find reason why it has to be true. We reviewed all changes in new version (gladly there were only a few), but didn’t find anything suspicious (no access to registry or temp data as some articles suggested etc). Could anybody give us hints when an ASP.NET application hosted in IIS 7.5 needs „Load User Profile“ option set to True?
Details:
Application pool: .NET 2.0; Managed Pipeline Mode - Classic; Identity – custom domain account
In IIS 6.0 (W2K3): Old and new
version of application work fine
In IIS 7.5 (W2K8-R2): Old version of
application works fine; new version
of application raises security
exception – it starts to work after
setting „Load User Profile“ to True
Thank you!
EDIT:
We have finally found the cause of this problem! Our admin used different technique to copy the new version of application from staging environment to production environment. He used web server as intermediary. After donwloading zipped release build artifacts to production environment and then unzipping the files, they were still marked as "blocked" because they came from different computer. See also https://superuser.com/questions/38476/this-file-came-from-another-computer-how-can-i-unblock-all-the-files-in-a. ASP.NET then logically executes these binaries in partial trust instead of full trust and that was actually causing mentioned security exceptions in our application.
Setting "Load User Profile" to True fixed the security exceptions as a side-effect. If "Load User Profile" is set to False, then our application (not our code, maybe some .NET BCL or external assembly) is trying to query basic info about directory "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files" which the identity of application pool is not allowed to:
With full trust: access denied to this query operation doesn't raise any exception
With partial trust: access denied to this query operation raises security exception
If "Load User Profile" is set to True, then temporary profile in Users directory is created every time when application pool starts. Our application is then trying to query info about "Temporary Internet Files" directory of this profile, which the identity of application pool is allowed to. Thus no exception is raised even with partial trust.
Really nice troubleshooting session! :)
One more example when "Load User Profile" setting could helps you is usage of temporary files. Sometime this usege can be indirect. SQL Express for example can do this in some situations.
So my advice. Switch off "Load User Profile" and examine %TEMP%. Then try to give domain account used for application pool the full access (or change access) to the directory from %TEMP%. Probably it fix your problem.
One more advice is usage of Process Monitor (see http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) to locale which parts of user profile will be used (or receive "access denied" error) at the moment when you receive "System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission" exception.
Another area where LoadUserProfile might help is when configuring a trusted MSMQ binding in WCF. If the app pool is running under a trusted account, this won't load the SID unless the Application pool load user profile setting is set to true, and hence authentication will fail.
I also ran into the same problem and could resolve the problem by setting load user profile=true. However i have reverted the load user profile = false and restarted the app pool but now i dont get any exception.
I have gone through all the relavents posts on stackoverflow and also on Asp.net and iis forum pages.
Trying to get an ASP application deployed; it worked for a while but then started coming up with errors whenever the page is accessed:
Server Error in '/AppNameHere' Application.
Security Exception Description: The application attempted to perform
an operation not allowed by the security policy. To grant this
application the required permission please contact your system
administrator or change the application's trust level in the
configuration file.
Exception Details: System.Security.SecurityException: Request for the
permission of type 'System.Web.AspNetHostingPermission, System,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.
An IISreset didn't change anything, but rebooting the entire system got it to work for a few hours before the problem came back. The .config for the application is set to full trust.
What could be causing this, and how can it be fixed? (Or, if more information is needed, where do I go looking to find it)
Found the following on Jason Gaylord's blog:
System.Web.AspNetHostingPermission when Accessing Network or Intranet Projects using Visual Studio 2005
I rebuilt one of my development machines recently and attempted to access a project that I had out on a network share. I continually received project messages about the project not being trusted. I remembered that I had to change something but couldn't remember what it was until I found an old note I left in Outlook.
The message I would receive in Visual Studio 2005 was: ASP.NET runtime error: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
To resolve this issue, you must change your development machine .net security configuration since you are accessing items across the network. In the event that you need this ability at runtime, you must change the trust level in your config file to full. However, since this is only in development,
I can change my local PC's security
by going to Start > Control Panel >
Administrative Tools > Microsoft
.NET Framework 2.0 Configuration.
After it fully loads (sometimes
takes a bit), fully expand My
Computer in the navigation tree and
click Runtime Security Policy.
In the right hand pane, choose
Adjust Zone Security. Leave the
default option (Make changes to this
computer) and hit next.
Choose Local Intranet and change the
trust level to Full Trust. Then
choose next and then finish.
Restart Visual Studio 2005 and you
should be all set.
This worked for me ... so hopefully this will work for you!