httphander pagehanderfactory medium trust security exception.

A

Andrew Bourne

Hi all i have a strang issue when using a custom http hander in a medium
trust enviroment, thats enforced by my webhost

for sake of ease and to rule out my custom code i have a http handler
defined as below. This assembly is signed.

namespace SimpleHTTPHandler
{

[PermissionSetAttribute(SecurityAction.LinkDemand, Unrestricted = true)]
[PermissionSetAttribute(SecurityAction.InheritanceDemand, Unrestricted =
true)]
public class Handler : PageHandlerFactory, IRequiresSessionState
{

public override IHttpHandler GetHandler(HttpContext context, string
requestType, string virtualPath, string path)
{
return base.GetHandler(context, requestType, virtualPath, path);
}

}
}

in my web.config httphandlers are defined as bellow.

<httpHandlers>
<remove verb="*" path="*.asmx" />
<add verb="*" path="*.aspx" type="SimpleHTTPHandler.Handler,
SimpleHTTPHandler" validate="false" />
</httpHandlers>


when browsing to an aspx page in the hosted enviroment i get a security
exception

Exception Details: System.Security.SecurityException: Request failed.

Source Error:

An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.

Stack Trace:


[SecurityException: Request failed.]
System.Reflection.Assembly._GetType(String name, Boolean throwOnError,
Boolean ignoreCase) +0
System.Reflection.Assembly.GetType(String name, Boolean throwOnError,
Boolean ignoreCase) +41

System.Web.Compilation.CompilationUtil.GetTypeFromAssemblies(AssemblyCollection assembliesCollection, String typeName, Boolean ignoreCase) +176
System.Web.Compilation.BuildManager.GetType(String typeName, Boolean
throwOnError, Boolean ignoreCase) +325
System.Web.Configuration.ConfigUtil.GetType(String typeName, String
propertyName, ConfigurationElement configElement, XmlNode node, Boolean
checkAptcaBit, Boolean ignoreCase) +38


i can simulate this is the dev enviroment by inserting a trust level into
the web.config

<trust level="Medium"/>

however i cant see what the issue is here as my handler actually does
nothing, other than be a custom implementation of pagehandlerfactory.

am i missing some code based security stuff , or are custom httphandlers not
allows in medium trust?

would appericiate and help :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top