implementing ICertificatePolicy causes security exception under hosted environment

Discussion in 'ASP .Net Security' started by C.W., Dec 19, 2005.

  1. C.W.

    C.W. Guest

    I need to establish an SSL connection with another in my application.
    However, I have run into a security exception when I run my code under
    hosted environment.

    In particular, I have the following class:

    Class AcceptAllCertificatesPolicy

    Implements ICertificatePolicy



    Public Function CheckValidationResult(ByVal srvPoint As
    System.Net.ServicePoint, ByVal certificate As
    System.Security.Cryptography.X509Certificates.X509Certificate, ByVal request
    As System.Net.WebRequest, ByVal certificateProblem As Integer) As Boolean
    Implements System.Net.ICertificatePolicy.CheckValidationResult

    Return True

    End Function

    End Class



    When I call this class using

    ServicePointManager.CertificatePolicy = New AcceptAllCertificatesPolicy

    I get a security exception

    Description: The application attempted to perform an operation not allowed
    by the security policy. To grant this application the required permission
    please contact your system administrator or change the application's trust
    level in the configuration file.

    Exception Details: System.Security.SecurityException: Request for the
    permission of type System.Security.Permissions.SecurityPermission, mscorlib,
    Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.


    Line 418: req.ClientCertificates.Add(X509Cert)
    Line 419:
    Line 420: ServicePointManager.CertificatePolicy = New
    AcceptAllCertificatesPolicy
    Line 421:
    Line 422: Dim reqWriter As StreamWriter = New
    StreamWriter(req.GetRequestStream())



    Stack Trace:
    [SecurityException: Request for the permission of type
    System.Security.Permissions.SecurityPermission, mscorlib,
    Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
    failed.]
    System.Security.CodeAccessSecurityEngine.CheckHelper(PermissionSet
    grantedSet, PermissionSet deniedSet, CodeAccessPermission demand,
    PermissionToken permToken) +666
    System.Security.CodeAccessSecurityEngine.Check(PermissionToken permToken,
    CodeAccessPermission demand, StackCrawlMark& stackMark, Int32 checkFrames,
    Int32 unrestrictedOverride) +0
    System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap,
    StackCrawlMark& stackMark) +88
    System.Security.CodeAccessPermission.Demand() +62
    System.Net.ServicePointManager.set_CertificatePolicy(ICertificatePolicy
    value) +45



    I gather this must be due to security restrictions set up by the webhost.
    Can I change my code to somehow get around this or only the web host can fix
    this issue?

    Thanks in advance
    C.W., Dec 19, 2005
    #1
    1. Advertising

  2. The SDK docs indicate that accessing the
    ServicePointManager.CertificatePolicy requires SecurityPermission with the
    UnmanagedCode flag. If you are running your code under partial trust
    (sounds like you are), you must have that permission.

    The alternative might be to fix the SSL issues that are causing you to want
    to override certificate errors.

    Joe K.

    "C.W." <c.w@nospam_com> wrote in message
    news:...
    >I need to establish an SSL connection with another in my application.
    >However, I have run into a security exception when I run my code under
    >hosted environment.
    >
    > In particular, I have the following class:
    >
    > Class AcceptAllCertificatesPolicy
    >
    > Implements ICertificatePolicy
    >
    >
    >
    > Public Function CheckValidationResult(ByVal srvPoint As
    > System.Net.ServicePoint, ByVal certificate As
    > System.Security.Cryptography.X509Certificates.X509Certificate, ByVal
    > request As System.Net.WebRequest, ByVal certificateProblem As Integer) As
    > Boolean Implements System.Net.ICertificatePolicy.CheckValidationResult
    >
    > Return True
    >
    > End Function
    >
    > End Class
    >
    >
    >
    > When I call this class using
    >
    > ServicePointManager.CertificatePolicy = New AcceptAllCertificatesPolicy
    >
    > I get a security exception
    >
    > Description: The application attempted to perform an operation not allowed
    > by the security policy. To grant this application the required permission
    > please contact your system administrator or change the application's trust
    > level in the configuration file.
    >
    > Exception Details: System.Security.SecurityException: Request for the
    > permission of type System.Security.Permissions.SecurityPermission,
    > mscorlib, Version=1.0.5000.0, Culture=neutral,
    > PublicKeyToken=b77a5c561934e089 failed.
    >
    >
    > Line 418: req.ClientCertificates.Add(X509Cert)
    > Line 419:
    > Line 420: ServicePointManager.CertificatePolicy = New
    > AcceptAllCertificatesPolicy
    > Line 421:
    > Line 422: Dim reqWriter As StreamWriter = New
    > StreamWriter(req.GetRequestStream())
    >
    >
    >
    > Stack Trace:
    > [SecurityException: Request for the permission of type
    > System.Security.Permissions.SecurityPermission, mscorlib,
    > Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
    > failed.]
    > System.Security.CodeAccessSecurityEngine.CheckHelper(PermissionSet
    > grantedSet, PermissionSet deniedSet, CodeAccessPermission demand,
    > PermissionToken permToken) +666
    > System.Security.CodeAccessSecurityEngine.Check(PermissionToken
    > permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32
    > checkFrames, Int32 unrestrictedOverride) +0
    > System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap,
    > StackCrawlMark& stackMark) +88
    > System.Security.CodeAccessPermission.Demand() +62
    > System.Net.ServicePointManager.set_CertificatePolicy(ICertificatePolicy
    > value) +45
    >
    >
    >
    > I gather this must be due to security restrictions set up by the webhost.
    > Can I change my code to somehow get around this or only the web host can
    > fix this issue?
    >
    > Thanks in advance
    >
    >
    Joe Kaplan \(MVP - ADSI\), Dec 19, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. James X. Li
    Replies:
    1
    Views:
    394
    Jerry Boone
    Jan 2, 2004
  2. =?Utf-8?B?TW9l?=
    Replies:
    1
    Views:
    564
    Bruce Barker
    May 12, 2005
  3. Scott Leonard

    Security Exception - Winform usercontrol hosted in ASP.NET

    Scott Leonard, Dec 3, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    256
    Scott Leonard
    Dec 22, 2004
  4. Replies:
    0
    Views:
    153
  5. Rob Edwards

    Need a secure ICertificatePolicy...

    Rob Edwards, Nov 17, 2005, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    107
    Rob Edwards
    Nov 17, 2005
Loading...

Share This Page