.NET 2.0 Trust issue on Hosted Server

Discussion in 'ASP .Net Security' started by Cindy Lee, May 19, 2006.

  1. Cindy Lee

    Cindy Lee Guest

    I'm using a .net 2.0 Hosted server, IIS has trust level I think I medium,
    which I can't over-ride.

    I'm working off the Personal Website wizard. I get this security issue
    usually after I log in and come back. Sometimes I get it, and sometimes I
    don't. I can't repeat it all the time.
    How should I set my token key? i just use what's in the config file:
    b77a5c561934e089.
    I know I can't do full Trust because it get's overridden.
    There's nothing on my pages that is a big security issue. I don't care who
    has access to it. Is there anything I should do to change my config file.
    This is my error below, and my config file is below that

    Description: The application attempted to perform an operation not allowed
    by the security policy. To grant this application the required permission
    please contact your system administrator or change the application's trust
    level in the configuration file.

    Exception Details: System.Security.SecurityException: Request for the
    permission of type 'System.Security.Permissions.FileIOPermission, mscorlib,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.


    Conifg
    <?xml version="1.0"?>
    <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <connectionStrings>
    <remove name="LocalSqlServer"/>
    <add name="LocalSqlServer" connectionString="Data
    Source=SQLB1.webcontrolcenter.com;Initial Catalog=loftladb;Persist Security
    Info=True;User ID=xxx;Password=xxx"/>
    <add name="Personal" connectionString="Data
    Source=SQLB1.webcontrolcenter.com;Initial Catalog=loftladb;Persist Security
    Info=True;User ID=xxx;Password=xxx"
    providerName="System.Data.SqlClient" />
    <add name="loftladbConnectionString1" connectionString="Data
    Source=SQLB1.webcontrolcenter.com;Initial Catalog=loftladb;Persist Security
    Info=True;User ID=xxx;Password=xxx"
    providerName="System.Data.SqlClient" />
    </connectionStrings>
    <system.web>
    <pages styleSheetTheme="White"/>
    <customErrors mode="Off"/>
    <compilation debug="true"/>
    <membership defaultProvider="YourSqlProvider">
    <providers>
    <add connectionStringName="LocalSqlServer" applicationName="LoftLAApp"
    minRequiredPasswordLength="6"
    minRequiredNonalphanumericCharacters="0" name="YourSqlProvider"
    type="System.Web.Security.SqlMembershipProvider" />
    </providers>
    </membership>
    <authentication mode="Forms">
    <forms loginUrl="default1.aspx" protection="Validation" timeout="300" />
    </authentication>
    <authorization>
    <allow users="*"/>
    </authorization>
    <globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
    <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider" />
    <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    <providers>
    <add name="XmlSiteMapProvider" description="SiteMap provider which reads in
    ..sitemap XML files." type="System.Web.XmlSiteMapProvider, System.Web,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
    </providers>
    </siteMap>
    </system.web>
    <location path="Admin">
    <system.web>
    <authorization>
    <allow roles="Administrators"/>
    <!-- deny users="*"/ -->
    </authorization>
    </system.web>
    </location>
    </configuration>
     
    Cindy Lee, May 19, 2006
    #1
    1. Advertising

  2. Cindy Lee

    Cindy Lee Guest

    Oh, I forgot to add, when I refresh 1-10 times it will work.

    "Cindy Lee" <> wrote in message
    news:...
    > I'm using a .net 2.0 Hosted server, IIS has trust level I think I medium,
    > which I can't over-ride.
    >
    > I'm working off the Personal Website wizard. I get this security issue
    > usually after I log in and come back. Sometimes I get it, and sometimes I
    > don't. I can't repeat it all the time.
    > How should I set my token key? i just use what's in the config file:
    > b77a5c561934e089.
    > I know I can't do full Trust because it get's overridden.
    > There's nothing on my pages that is a big security issue. I don't care who
    > has access to it. Is there anything I should do to change my config file.
    > This is my error below, and my config file is below that
    >
    > Description: The application attempted to perform an operation not allowed
    > by the security policy. To grant this application the required permission
    > please contact your system administrator or change the application's trust
    > level in the configuration file.
    >
    > Exception Details: System.Security.SecurityException: Request for the
    > permission of type 'System.Security.Permissions.FileIOPermission,

    mscorlib,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
    >
    >
    > Conifg
    > <?xml version="1.0"?>
    > <configuration

    xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    > <connectionStrings>
    > <remove name="LocalSqlServer"/>
    > <add name="LocalSqlServer" connectionString="Data
    > Source=SQLB1.webcontrolcenter.com;Initial Catalog=loftladb;Persist

    Security
    > Info=True;User ID=xxx;Password=xxx"/>
    > <add name="Personal" connectionString="Data
    > Source=SQLB1.webcontrolcenter.com;Initial Catalog=loftladb;Persist

    Security
    > Info=True;User ID=xxx;Password=xxx"
    > providerName="System.Data.SqlClient" />
    > <add name="loftladbConnectionString1" connectionString="Data
    > Source=SQLB1.webcontrolcenter.com;Initial Catalog=loftladb;Persist

    Security
    > Info=True;User ID=xxx;Password=xxx"
    > providerName="System.Data.SqlClient" />
    > </connectionStrings>
    > <system.web>
    > <pages styleSheetTheme="White"/>
    > <customErrors mode="Off"/>
    > <compilation debug="true"/>
    > <membership defaultProvider="YourSqlProvider">
    > <providers>
    > <add connectionStringName="LocalSqlServer" applicationName="LoftLAApp"
    > minRequiredPasswordLength="6"
    > minRequiredNonalphanumericCharacters="0" name="YourSqlProvider"
    > type="System.Web.Security.SqlMembershipProvider" />
    > </providers>
    > </membership>
    > <authentication mode="Forms">
    > <forms loginUrl="default1.aspx" protection="Validation" timeout="300" />
    > </authentication>
    > <authorization>
    > <allow users="*"/>
    > </authorization>
    > <globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
    > <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider" />
    > <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    > <providers>
    > <add name="XmlSiteMapProvider" description="SiteMap provider which reads

    in
    > .sitemap XML files." type="System.Web.XmlSiteMapProvider, System.Web,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    > siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
    > </providers>
    > </siteMap>
    > </system.web>
    > <location path="Admin">
    > <system.web>
    > <authorization>
    > <allow roles="Administrators"/>
    > <!-- deny users="*"/ -->
    > </authorization>
    > </system.web>
    > </location>
    > </configuration>
    >
    >
    >
     
    Cindy Lee, May 19, 2006
    #2
    1. Advertising

  3. I would set the trust level to medium on my local copy too and try to debug...

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Oh, I forgot to add, when I refresh 1-10 times it will work.
    >
    > "Cindy Lee" <> wrote in message
    > news:...
    >
    >> I'm using a .net 2.0 Hosted server, IIS has trust level I think I
    >> medium, which I can't over-ride.
    >>
    >> I'm working off the Personal Website wizard. I get this security
    >> issue
    >> usually after I log in and come back. Sometimes I get it, and
    >> sometimes I
    >> don't. I can't repeat it all the time.
    >> How should I set my token key? i just use what's in the config file:
    >> b77a5c561934e089.
    >> I know I can't do full Trust because it get's overridden.
    >> There's nothing on my pages that is a big security issue. I don't
    >> care who
    >> has access to it. Is there anything I should do to change my config
    >> file.
    >> This is my error below, and my config file is below that
    >> Description: The application attempted to perform an operation not
    >> allowed by the security policy. To grant this application the
    >> required permission please contact your system administrator or
    >> change the application's trust level in the configuration file.
    >>
    >> Exception Details: System.Security.SecurityException: Request for the
    >> permission of type 'System.Security.Permissions.FileIOPermission,
    >>

    > mscorlib,
    >
    >> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
    >> failed.
    >>
    >> Conifg
    >> <?xml version="1.0"?>
    >> <configuration

    > xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    >
    >> <connectionStrings>
    >> <remove name="LocalSqlServer"/>
    >> <add name="LocalSqlServer" connectionString="Data
    >> Source=SQLB1.webcontrolcenter.com;Initial Catalog=loftladb;Persist

    > Security
    >
    >> Info=True;User ID=xxx;Password=xxx"/>
    >> <add name="Personal" connectionString="Data
    >> Source=SQLB1.webcontrolcenter.com;Initial Catalog=loftladb;Persist

    > Security
    >
    >> Info=True;User ID=xxx;Password=xxx"
    >> providerName="System.Data.SqlClient" />
    >> <add name="loftladbConnectionString1" connectionString="Data
    >> Source=SQLB1.webcontrolcenter.com;Initial Catalog=loftladb;Persist

    > Security
    >
    >> Info=True;User ID=xxx;Password=xxx"
    >> providerName="System.Data.SqlClient" />
    >> </connectionStrings>
    >> <system.web>
    >> <pages styleSheetTheme="White"/>
    >> <customErrors mode="Off"/>
    >> <compilation debug="true"/>
    >> <membership defaultProvider="YourSqlProvider">
    >> <providers>
    >> <add connectionStringName="LocalSqlServer"
    >> applicationName="LoftLAApp"
    >> minRequiredPasswordLength="6"
    >> minRequiredNonalphanumericCharacters="0" name="YourSqlProvider"
    >> type="System.Web.Security.SqlMembershipProvider" />
    >> </providers>
    >> </membership>
    >> <authentication mode="Forms">
    >> <forms loginUrl="default1.aspx" protection="Validation" timeout="300"
    >> />
    >> </authentication>
    >> <authorization>
    >> <allow users="*"/>
    >> </authorization>
    >> <globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
    >> <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider"
    >> />
    >> <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
    >> <providers>
    >> <add name="XmlSiteMapProvider" description="SiteMap provider which
    >> reads

    > in
    >
    >> .sitemap XML files." type="System.Web.XmlSiteMapProvider, System.Web,
    >> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    >> siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
    >> </providers>
    >> </siteMap>
    >> </system.web>
    >> <location path="Admin">
    >> <system.web>
    >> <authorization>
    >> <allow roles="Administrators"/>
    >> <!-- deny users="*"/ -->
    >> </authorization>
    >> </system.web>
    >> </location>
    >> </configuration>
     
    Dominick Baier [DevelopMentor], May 19, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. dda

    ISP uses Hosted level of Trust

    dda, May 17, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    371
    TDAVISJR
    May 17, 2005
  2. Jordan M.
    Replies:
    1
    Views:
    527
    Mark Fitzpatrick
    Jun 23, 2007
  3. Mukesh
    Replies:
    3
    Views:
    557
    Steven Cheng[MSFT]
    Jul 10, 2007
  4. Replies:
    1
    Views:
    1,016
  5. Linda
    Replies:
    1
    Views:
    554
    Dominick Baier
    Aug 31, 2006
Loading...

Share This Page