I usually hate posting these types of questions as normally I find that the best way to really learn is to figure out the answer yourself.
However, I need an answer to this question really quickly as I have a client who can't run her business due to this problem.
Yesterday my ASP.NET host provider moved my application from a server running .NET 1.1 to one running .NET 1.1 and 2.0. My problem is that when I test the move the main site page (Default.aspx) will not load
"Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."
[SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint) +147
System.Net.HttpRequestCreator.Create(Uri Uri) +26
System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase) +298
System.Net.WebRequest.Create(Uri requestUri) +28
System.Web.Services.Protocols.WebClientProtocol.GetWebRequest(Uri uri) +30
System.Web.Services.Protocols.HttpWebClientProtocol.GetWebRequest(Uri uri) +12
System.Web.Services.Protocols.SoapHttpClientProtocol.GetWebRequest(Uri uri) +4
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) +52
PilatesPlusDublin.PilatesPlusDublinws.PilatesPlus.InsertException(String sModuleName, String sException, Int32 iUserID) +97
PilatesPlusDublin.MainDefault.Page_Load(Object sender, EventArgs e) +144
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +47
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +7350
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.maindefault_aspx.ProcessRequest(HttpContext context) +4
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +358
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64"
If WebPermission isn't available at the hosting site, how do I configure my site to allow access to the page? Is there some tags that need to be put into the web.config? Note - we have no access to machine.config or any other IIS settings.
I understand that people hate reading and answering these types of question but any help on what I, or my hosting site need to do to fix this would be appreciated enormously
Not sure if this will help, but I once had a client with the same type of problem. Their webhosting company made some changes, resulting in their website throwing similar kinds of errors. Managed to get things working again by adding the following just inside the System.Web section in web.config:
<trust level="Full" />
If this doesn't solve your problem and the webhosting can't fix things on their until the new year, I'd seriously consider switching hosting providers.
Just as an FYI to anyone that might have the same problem - I got this exact error message and couldn't figure out what was wrong since I hadn't changed any settings on my local box.
I realized after a couple minutes that I had accidentally opened the project from a network share on Windows Server 2008. Of course the permissions weren't correct! Really stupid move, but if it helps someone I am willing to be humiliated :)
I am posting this in case it helps anyone else. Be warned before they move an existing ASP.NET site hosted by your provider to another sever.
MAKE SURE YOU ASK THEM ABOUT WEBPERMISSIONS AND TRUST LEVELS.
This was my providers reply....
"Thank you for your email.
It's failing because WebPermission isn't available in a medium trust environment.
We can't make any changes to these servers at the moment, since we plan to migrate all sites on to a pair of new clusters by the end of this year. I'm confident that the new Windows cluster will have WebPermission available, since it's enabled on the current Namesco Windows cluster. "
So they expect my client's site to be offline and losing business until the New Year.
Is your web application calling a web service or accessing external web sites? If so, you might need to talk with your hosting provider and ask for the URI to be added to the list of allowed connection endpoints.
Related
I have a Web service call, which is already tested in Local Environment , Works Great no exceptions, I have tested it in one of our servers and it works great there as well. But here comes the main server were i need to set up the Web service , I did deploy my code, got the Web Service up and Running .. Now a part of my calls 50% work great( where only few fields are sent out in a call) , they get me responses and the other part (where there are many fields )just return an exception.."Object Reference Not Set to an Instance of Object".
I have avoided all the possibilities for an null reference exception to occur, But still i get that, and I am kind of lost as i don't know what exact point the Code is failing, I have enabled tracing, it doesn't help.. I tried getting the exception information by turning on the NullReferenceException in CLR
[FaultException: Server was unable to process request. ---> Object reference not set to an instance of an object.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +14799942
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +622
WebServiceX.OrderingSoap.ProcessTeleReseller(ProcessTeleResellerRequest request) +0
WebServiceX.OrderingSoapClient.ProcessTeleReseller(OrderHeader Ord_Header, Int32 Num_PotsLines) +105
WFTransmitOrder2.SaveOrder() +997
WFTransmitOrder2.IBTransmit_Click(Object sender, ImageClickEventArgs e) +24
System.Web.UI.WebControls.ImageButton.OnClick(ImageClickEventArgs e) +134
System.Web.UI.WebControls.ImageButton.RaisePostBackEvent(String eventArgument) +204
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3804
this doesn't help much either, as i want to know the line number inside my Web Service class.
Why does this kind of issues happen, what is the relationship between Web Services and servers ? These Web Services are hosted on IIS on one of our communications servers for different company's . It is working on the servers we have hosted but not on the Customer Servers
Any Help is highly appreciated..I have been stuck on this issue for a while now :)
Thanks
I know this was posted here so many times and had a valuable suggestions and suggested fixes. But none of them helped.
We have an e commerce site which is online ordering system. Our web site is hosted on IIS 7.0 with .net framework 4.0.(this is the only website running on IIS ). In our testing environment everything worked fine and we deployed it.
Now we are getting MAC ERROR when user is trying to access the site or if he is in the site and browsing to other pages, user is facing this error. Here is the stack trace.
Exception: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
Stack Trace: System.Web.HttpException
Stack Trace:
at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) at System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter2.Deserialize(String serializedState, Purpose purpose) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose) at System.Web.UI.HiddenFieldPageStatePersister.Load() at System.Web.UI.Page.LoadPageStateFromPersistenceMedium() at System.Web.UI.Page.LoadAllState() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.pages_usagereports_index_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
We started getting this issue when we implemented a code to fix CSRF issue in the base page.
If we take out the code and tested with a user, we are not getting any error.
So far we have tried these solutions
1) Applied machine key to the website even though we are not web farm environment.
2) We don’t want to disable the enableviewstate to false or the viewstateencryption mode to never as it is preferred not to do that. We even tried this but didn’t help.
3) We tried assigning different combinations for the base.viewstateuserkey like combination of userhostaddress and user Agent but it didn't help.
4) We used Microsoft .net web protection library from this link
http://software-security.sans.org/developer-how-to/developer-guide-csrf
After this we started getting another error
Inner Exception Type: System.InvalidOperationException
Inner Exception: Validation of Anti-XSRF token failed.
Inner Stack Trace:
at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.signin_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Now we are getting two errors. MAC error and Anti XSRF error.
Searched on this error and I saw number of posts but i tried them. None of them helped.
Any suggestions on this are much appreciated.
Thanks in advance
The MAC for the ViewState is derived using the ANtiXsrfTokenKey generated in your master page. If the token is not present when the user accesses your site (cookies disabled or the value in the cookie changed or deleted) then the page will generate a new token. What then happens, if there is a ViewState in the page being posted back, is that the MAC will be checked with the new Token and won't match the old token, that is the first error you can see.
The Xsrf check in your master page is slightly confusing but uses the Xsrf token stored in a cookie and matches it to the value stored in the page. Usually these will match but if another site attempts to make an illegal request to your site, their site won't send the Xsrf cookie and the check will fail. The reason that this is confusing is that if you have a ViewState, this will fail before the Xsrf check.
Another issue with the Xsrf check is that it uses the logged in user's name as part of the check. If a user is logged in and then the auth cookie is deleted or expires, this part of the check will fail and you will see an Xsrf failure which is misleading, the real error is that "the authentication has expired causing the Xsrf check to fail".
I have re-worked the functions in Site.Master.cs several times to make these errors more clear.
Hope that helps.
I have made a web application, which reads/writes from/to Active Directory. In my web.config file there is
<identity impersonate="true"/>
and
<authentication mode="Windows"/>
When I display
System.Web.HttpContext.Current.User.Identity.Name
in some label, it shows mydomain\myusername, so I think impersonation works.
Now to the question. When I access the application on the server, where the IIS web server is running, everything works great. But when I access the web application from a remote PC, I get an exception (the label still shows "mydomain\myusername").
I have traced the problem down. In the code behind when I call
Forest currentForest = Forest.GetCurrentForest();
the variable currentForest knows its currentForest.Name, currentForest.RootDomain or currentForest.ForestMode, but any call to currentForest.Domains, currentForest.Sites or currentForest.GlobalCatalogs results in
System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException.
Now I'm lost and don't know what to debug further. The account I'm using is member of Enterprise Admins (multi-domain forest). I have tried it on two different servers with different IIS versions (IIS 7.5 and IIS 6.0) with no luck.
And the thrown exception isn't of much help:
Exception Details: System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.
Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
DirectoryServicesCOMException (0x80072020): An operations error occurred.
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +557
System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) +98
System.DirectoryServices.ActiveDirectory.ADSearcher.FindAll() +46
System.DirectoryServices.ActiveDirectory.Forest.GetDomains() +543
[ActiveDirectoryOperationException: An operations error occurred.]
System.DirectoryServices.ActiveDirectory.Forest.GetDomains() +512484
System.DirectoryServices.ActiveDirectory.Forest.get_Domains() +44
myWebApp.ASPpage.Button_Click(Object sender, EventArgs e) in C:\Documents and Settings\myUser\documents\visual studio\Projects\MyWebApp\MyWebApp\ASPPage.aspx.cs:158
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981
EDIT: If it is not obvious, I want to use currentForest.Domains to search the whole forest (all domains) for a user given by UPN name.
I found the answer to my question in one of "Related questions" on this page. The answer was in this topic: Why does DirectoryServicesCOMException occur querying Active Directory from a machine other than the web server?
I found, that it was exactly my case. After reading the suggested Microsoft article, I learned, that impersonating works only for local resources on the IIS server. To access network resources (SQL, Active Directory), I have to set "Trust this computer for delegation" in the computer object in Active Directory.
It was because the IIS always authenticate therefore System.Web.HttpContext.Current.User.Identity.Name showsmydomain\myusername; to verify that the impersonation works you could use:
System.Security.Principal.WindowsIdentity.GetCurrent().Name, also the System.Security.Principal.WindowsIdentity.GetCurrent(true) returns null when it is not impersonating.
I wonder if someone could help me out with an issue I'm experiencing trying to get my site up and running on Goddaddy.
I'm trying to get extension-less url rewriting working using the ManagedFusion Rewriter (http://www.codeplex.com/urlrewriter/) Unfortunately I'm getting the following error:
Server Error in '/' Application.
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Web.Hosting.HostingEnvironment.get_ApplicationID() +61
IIS7Injector.TraceManager.TraceEvent(TraceEventType eventType, String message) +62
IIS7Injector.ConfigManager.IsSkippedUrl(HttpRequest request, String ContentType) +38
IIS7Injector.InjectedContentStream.Write(Byte[] buffer, Int32 offset, Int32 count) +153
ManagedFusion.Rewriter.FormActionFilter.Write(Byte[] buffer, Int32 offset, Int32 count) +485
System.Web.HttpWriter.FilterIntegrated(Boolean finalFiltering, IIS7WorkerRequest wr) +265
System.Web.HttpResponse.FilterOutput() +80
System.Web.CallFilterExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +54
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
Version Information: Microsoft .NET Framework Version:2.0.50727.1434; ASP.NET Version:2.0.50727.1434
I'm runnung using IIS 7 in integrated mode. I've modified my web.config file by following the instructions in the readme file here:
http://www.codeplex.com/urlrewriter/Release/ProjectReleases.aspx?ReleaseId=22618
Thank very much in advance.
I hit this same exception on a new install, changing the App pool identity to NetworkService / aspnet fixed it.
Additionally, enabling Load User Profile on the app pool also worked.
Try the following:
App Pool -> Advanced Settings -> Load Users Profile = True
for me it was:
1. unblock all files
http://nicholasrogoff.wordpress.com/2010/09/01/how-to-bulk-unblock-files-in-windows-7-or-server-2008/
2.restart application pool
One cause for this problem is when you have done the totally odd thing of publishing you application on the server by using the server to download the application from the Internet. The files will then be marked as originating from the Internet, and security settings then prevent them from running.
The "downloaded-from-Internet" mark is stored in the file system as an NTFS alternative data stream. Use the "Streams" tool to display and remove the flags:
http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx
Then restart the application pool.
This is actually a known issue with GoDaddy's Medium Trust environment. However with the latest release of URL Rewriter 3.0 all these issues are now gone. Please get the latest release and let me know if you have any issues.
I had a similar issue with GoDaddy. Even though it didn't seem related at first since it's not in the stack trace (and may not apply to you since you're using third party code), removing Response.End() calls solved the issue in my case.
I had this issue because of a networked drive at work.When i moved my project to my desktop it started working again.
I am trying to install Subtext in a medium trust level environment (host: Crystaltech) and am getting the following error (see below). I was able to do the administration setup but when it tries to go to the blog for actual use, boom.
I know I could "upgrade" the environment to a full trust level but I want to understand why the error is happening and the ramifications of that moving to fUll trust before I do it.
To expand upon this question; what are the "Trust Levels"?
Security Exception
Description: The
application attempted to perform an
operation not allowed by the security
policy. To grant this application the
required permission please contact
your system administrator or change
the application's trust level in the
configuration file.
Exception Details:
System.Security.SecurityException:
Request for the permission of type
'System.Security.Permissions.SecurityPermission,
mscorlib, Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=b77a5c561934e089'
failed.
Source Error:
An unhandled exception was generated
during the execution of the current
web request. Information regarding the
origin and location of the exception
can be identified using the exception
stack trace below.
Stack Trace:
[SecurityException: Request for the
permission of type
'System.Security.Permissions.SecurityPermission,
mscorlib, Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=b77a5c561934e089'
failed.]
System.Web.Security.UrlAuthorizationModule.CheckUrlAccessForPrincipal(String
virtualPath, IPrincipal user, String
verb) +47
Subtext.Framework.UrlManager.UrlReWriteHandlerFactory.GetHandlerForUrl(String
url) +66
Subtext.Framework.UrlManager.UrlReWriteHandlerFactory.ProcessHandlerTypePage(HttpHandler
item, HttpContext context) +143
Subtext.Framework.UrlManager.UrlReWriteHandlerFactory.GetHandler(HttpContext
context, String requestType, String
url, String path) +340
System.Web.HttpApplication.MapHttpHandler(HttpContext
context, String requestType,
VirtualPath path, String
pathTranslated, Boolean useAppConfig)
+175 System.Web.MapHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+128 System.Web.HttpApplication.ExecuteStep(IExecutionStep
step, Boolean& completedSynchronously)
+161
I don't think there is another way to get around the error other than moving to full trust or removing the call to CheckUrlAccessForPrincipal() and recompiling.
But by the looks of things, this particular issue has already been corrected in the subtext SVN (revision 3290). They have also added a new build task for subtext 2.0.1 which should include the fix. I guess that will be released when it's ready.
Trust levels are really just pointers to some security.config files. The dafault trust levels are defined in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config, "Medium" trust pointing to web_mediumtrust.config.
As for the exception, taking a look at System.Web.Security.UrlAuthorizationModule.CheckUrlAccessForPrincipal() with reflector reveals that the method is attributed with [SecurityPermission(SecurityAction.Demand, Unrestricted=true)], meaning that it requires an unrestricted security permission, which it does not have running under medium trust.
More grist to add to the mill from csgero:
http://www.kowitz.net/archive/2008/08/15/upgrading-to-subtext-2.0-fail.aspx
There's a wee comment from Phil Haack, I guess he's busy with other stuff right now :)