httphander pagehanderfactory medium trust security exception.

Discussion in 'ASP .Net Security' started by Andrew Bourne, Jan 12, 2009.

  1. Hi all i have a strang issue when using a custom http hander in a medium
    trust enviroment, thats enforced by my webhost

    for sake of ease and to rule out my custom code i have a http handler
    defined as below. This assembly is signed.

    namespace SimpleHTTPHandler
    {

    [PermissionSetAttribute(SecurityAction.LinkDemand, Unrestricted = true)]
    [PermissionSetAttribute(SecurityAction.InheritanceDemand, Unrestricted =
    true)]
    public class Handler : PageHandlerFactory, IRequiresSessionState
    {

    public override IHttpHandler GetHandler(HttpContext context, string
    requestType, string virtualPath, string path)
    {
    return base.GetHandler(context, requestType, virtualPath, path);
    }

    }
    }

    in my web.config httphandlers are defined as bellow.

    <httpHandlers>
    <remove verb="*" path="*.asmx" />
    <add verb="*" path="*.aspx" type="SimpleHTTPHandler.Handler,
    SimpleHTTPHandler" validate="false" />
    </httpHandlers>


    when browsing to an aspx page in the hosted enviroment i get a security
    exception

    Exception Details: System.Security.SecurityException: Request failed.

    Source Error:

    An unhandled exception was generated during the execution of the current web
    request. Information regarding the origin and location of the exception can
    be identified using the exception stack trace below.

    Stack Trace:


    [SecurityException: Request failed.]
    System.Reflection.Assembly._GetType(String name, Boolean throwOnError,
    Boolean ignoreCase) +0
    System.Reflection.Assembly.GetType(String name, Boolean throwOnError,
    Boolean ignoreCase) +41

    System.Web.Compilation.CompilationUtil.GetTypeFromAssemblies(AssemblyCollection assembliesCollection, String typeName, Boolean ignoreCase) +176
    System.Web.Compilation.BuildManager.GetType(String typeName, Boolean
    throwOnError, Boolean ignoreCase) +325
    System.Web.Configuration.ConfigUtil.GetType(String typeName, String
    propertyName, ConfigurationElement configElement, XmlNode node, Boolean
    checkAptcaBit, Boolean ignoreCase) +38


    i can simulate this is the dev enviroment by inserting a trust level into
    the web.config

    <trust level="Medium"/>

    however i cant see what the issue is here as my handler actually does
    nothing, other than be a custom implementation of pagehandlerfactory.

    am i missing some code based security stuff , or are custom httphandlers not
    allows in medium trust?

    would appericiate and help :)
    Andrew Bourne, Jan 12, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul Hatcher

    Medium Level Trust and Reflection

    Paul Hatcher, Feb 25, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    479
    Paul Hatcher
    Feb 25, 2005
  2. Michael Howes
    Replies:
    0
    Views:
    484
    Michael Howes
    Jan 26, 2006
  3. Replies:
    1
    Views:
    963
  4. Linda
    Replies:
    1
    Views:
    537
    Dominick Baier
    Aug 31, 2006
  5. Shahar Nechmad

    EnterpriseLibrary.Security and medium trust level

    Shahar Nechmad, Oct 18, 2006, in forum: ASP .Net Security
    Replies:
    0
    Views:
    153
    Shahar Nechmad
    Oct 18, 2006
Loading...

Share This Page