Security Exception when creating object

Discussion in 'ASP .Net Security' started by Jeff, Apr 4, 2004.

  1. Jeff

    Jeff Guest

    Hi,

    I am deploying my web application to a new host site and am having
    problems setting up the email. The site does not support ASP.NET
    user.

    There is an .asp file that works correctly with the following code:

    set smtp = Server.CreateObject("Bamboo.SMTP")

    I am trying to migrate this to the vb code behind (aspx). Since the
    set statement is not supported, I tried the following code

    Dim smtp as object
    smtp = Server.CreateObject("Bamboo.SMTP")

    This caused a security exception (The application attempted to perform
    an operation not allowed by the security policy. To grant this
    application the required permission please contact your system
    administrator or change the application's trust level in the
    configuration file.)

    I modified the web.config with:

    <trust level="Medium" />

    but the site administrator has locked access to this section using
    <location allowOverride="false"> from an inherited configuration file.
    I also tried <identity impersonate="true"/> with same results.

    I then tried
    Dim smtpType = Type.GetTypeFromProgID("Bamboo.SMTP")

    but this gets a security exception too.

    I have considered leaving the functionality in the asp file, but would
    rather not.

    Is there a solution to this?

    Thanks for any help!

    Jeff
     
    Jeff, Apr 4, 2004
    #1
    1. Advertising

  2. Jeff,

    I don’t know your host provider. I will assume some facts

    Your host company responsibly locks your application so your code doesn’t execute anything harmful. Probably they implement the Least Privilege Principle and you should contact them to get authorization. If you can instantiate the object from ASP I think it will be OK for them to let you perform the same from ASP.NET

    First, you will be required to sign your assembly (give it a strong name). Then they will apply .NET configuration policy to your assembly to let it call what you require and nothing else. You will be dealing with what is called Code Access Security

    That’s good. It means that your host provider is securing web applications on a shared web server. It could also mean that other developers can’t access your code or data; neither vice versa

    A possible solution could be to share state between ASP and ASP.NET so you can instantiate the object in ASP and then access it from ASP.NET. For more info see “Sharing ASP State with ASP.NET by: David Gerdingâ€

    Hope it helps

    -Javier M
     
    Javier Miranda, Apr 6, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. RC
    Replies:
    0
    Views:
    364
  2. Samuel
    Replies:
    3
    Views:
    277
    Samuel
    Jun 22, 2007
  3. Hemant shastri
    Replies:
    2
    Views:
    247
    Rai Yawar Ijaz
    Jul 29, 2005
  4. RC
    Replies:
    0
    Views:
    151
  5. Moses
    Replies:
    2
    Views:
    87
    Moses
    Feb 23, 2007
Loading...

Share This Page