That assembly does not allow partially trusted callers

Discussion in 'ASP .Net' started by =?Utf-8?B?TWFydHluIEZld3RyZWxs?=, May 2, 2007.

  1. From the amount of articles about this one I’m sure this gets asked a lot,
    but I haven’t yet found a succinct article which explains what is required in
    its entirety.

    I work using Visual Studio 2005 SP1 mainly in ASP.Net using VB.Net 2.0.

    I have an application which runs without error on my development server so I
    believe that the underlying code is correct.

    Most of my applications including this one runs on a shared server (Win
    2003) that my hosting provider runs in medium trust. I understand from
    background reading that because of the trust issue certain ASP.Net 2.0
    assemblies require additional alterations to their compilations files to
    allow other assemblies to call there methods etc.

    The application is set up so that the main application (project) has a
    reference to a second project (the business layer) within the solution, where
    most of the code is kept and maintained. Compilation of the business layer
    passes the dll to the bin folder of the main application and then the
    application including the dll in the bin folder is copied across to the live
    server.

    When I run the application on the live server I get the error “That assembly
    does not allow partially trusted callersâ€

    After background reading I added the line –

    <Assembly: AllowPartiallyTrustedCallersAttribute()>

    into the AssemblyInfo.vb file along with an “Imports System.Securityâ€

    I could find no mention of where in the file this line should be added so I
    assume this is of no importance.

    I recompiled the application and uploaded it again but the error was still
    present. Further research suggested that the assembly should have a “Strong
    Name†so I went to the signing tab of the project settings and ticked the box
    to “Sign the assembly†I then created a new “strong name key file†there were
    none before this and the key “keyname.pfx†appeared in the business layer
    project folder.

    This is where I became stuck! I can find no reference explaining what I am
    supposed to do with the key although I assume it is required on the live
    server so that the business layer dll file can be referenced. I have uploaded
    the new dll but the application still fails. I tried adding the key to the
    bin folder on the live application but that didn’t help matters.

    Any advice on the above or anybody know one good article which explains the
    whole thing.
    --
    Regards

    Martyn Fewtrell
    =?Utf-8?B?TWFydHluIEZld3RyZWxs?=, May 2, 2007
    #1
    1. Advertising

  2. wow, slow your roll. There's no reason for this to fail on the shared server
    if it works on the dev machine, after all, the assemblies on the dev machine
    are (hopefully) the same ones on the share. Couple questions: What assembly
    is it complaining about partial trust? This may quite possibly be a security
    issue related to accessing the assembly on a shared drive, masquerading as
    an aptca issue. The way to confirm/eliminate that issue is to turn CAS
    policy off on the production machine and see if you get the message.

    --
    Regards,
    Alvin Bruney
    ------------------------------------------------------
    Shameless author plug
    Excel Services for .NET is coming...
    OWC Black book on Amazon and
    www.lulu.com/owc
    Professional VSTO 2005 - Wrox/Wiley


    "Martyn Fewtrell" <> wrote in message
    news:...
    > From the amount of articles about this one I'm sure this gets asked a lot,
    > but I haven't yet found a succinct article which explains what is required
    > in
    > its entirety.
    >
    > I work using Visual Studio 2005 SP1 mainly in ASP.Net using VB.Net 2.0.
    >
    > I have an application which runs without error on my development server so
    > I
    > believe that the underlying code is correct.
    >
    > Most of my applications including this one runs on a shared server (Win
    > 2003) that my hosting provider runs in medium trust. I understand from
    > background reading that because of the trust issue certain ASP.Net 2.0
    > assemblies require additional alterations to their compilations files to
    > allow other assemblies to call there methods etc.
    >
    > The application is set up so that the main application (project) has a
    > reference to a second project (the business layer) within the solution,
    > where
    > most of the code is kept and maintained. Compilation of the business layer
    > passes the dll to the bin folder of the main application and then the
    > application including the dll in the bin folder is copied across to the
    > live
    > server.
    >
    > When I run the application on the live server I get the error "That
    > assembly
    > does not allow partially trusted callers"
    >
    > After background reading I added the line -
    >
    > <Assembly: AllowPartiallyTrustedCallersAttribute()>
    >
    > into the AssemblyInfo.vb file along with an "Imports System.Security"
    >
    > I could find no mention of where in the file this line should be added so
    > I
    > assume this is of no importance.
    >
    > I recompiled the application and uploaded it again but the error was still
    > present. Further research suggested that the assembly should have a
    > "Strong
    > Name" so I went to the signing tab of the project settings and ticked the
    > box
    > to "Sign the assembly" I then created a new "strong name key file" there
    > were
    > none before this and the key "keyname.pfx" appeared in the business layer
    > project folder.
    >
    > This is where I became stuck! I can find no reference explaining what I am
    > supposed to do with the key although I assume it is required on the live
    > server so that the business layer dll file can be referenced. I have
    > uploaded
    > the new dll but the application still fails. I tried adding the key to the
    > bin folder on the live application but that didn't help matters.
    >
    > Any advice on the above or anybody know one good article which explains
    > the
    > whole thing.
    > --
    > Regards
    >
    > Martyn Fewtrell
    Alvin Bruney [MVP], May 3, 2007
    #2
    1. Advertising

  3. Hi Martyn,

    As for the problem you met, it is likely a typical .NET(ASP.NET) Code
    access security issue. As the error message indicate some assembly not
    allow partial trusted caller, I agree with Alvin that you should first
    check which assembly is the exact one that raise this error. Normally in a
    public service hoster(with restricted code access permission policy), this
    is common issue. And it is not necessarily your assembly, but could be some
    other assemblies(system assembies) your assembly uses that raise this
    error.

    Generally, at development time, since your ASP.NET application is running
    under Full Trust policy, there won't raise such CAS problem. At publich
    shared hoster, CAS policy is restricted, if your application has called
    some privileged code(according to .NET CAS permission), it may raise some
    error. As for the "strong-name" or "AllowPartiallyTrustedCallers"
    attribute, it is a typical approach use to create a wrapper assembly which
    call those privileged code and install it into GAC. Here is a good MSDN
    article detailedly describe ASP.NET 2.0 code access security and how to
    deal with some common issues. You can have a look:

    #How To: Use Code Access Security in ASP.NET 2.0
    http://msdn2.microsoft.com/en-us/library/ms998326.aspx#paght000017_wrappingp
    rivilegedcode

    If you have any more specific questions, please feel free to post here.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    ==================================================

    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.



    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.

    ==================================================



    This posting is provided "AS IS" with no warranties, and confers no rights.
    Steven Cheng[MSFT], May 3, 2007
    #3
  4. Hi there and thanks for the reply

    To expand a little the error is as follows:

    -----------------------------------------------

    [SecurityException: That assembly does not allow partially trusted callers.]
    BusinessLayer.exRateFactory.SerializeClass(exRate _exRate, String Path)
    in exRateFactory.vb:91
    BusinessLayer.exRateFactory.GetExRate() in exRateFactory.vb:26
    Test.Page_Load(Object sender, EventArgs e) in
    D:\networkclub2couk\wwwroot\webservices\exRate\Test.aspx.vb:9
    System.Web.UI.Control.OnLoad(EventArgs e) +99
    System.Web.UI.Control.LoadRecursive() +47
    System.Web.UI.Page.ProcessRequestMain(Boolean
    includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
    System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint,
    Boolean includeStagesAfterAsyncPoint) +154
    System.Web.UI.Page.ProcessRequest() +86
    System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
    System.Web.UI.Page.ProcessRequest(HttpContext context) +49
    ASP.test_aspx.ProcessRequest(HttpContext context) +29

    System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
    System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    completedSynchronously) +64

    -----------------------------------------------

    exRateFactory and exRate are classes in the business layer. The two methods
    which are called are GetexRate which basically sets a number of values on the
    exRate class and SerializeClass which serializes the exRate class once the
    values are loaded. Basically the exRateFactory either calculates new values
    or takes the values from the serialized class according to certain perameters.

    As far as I understand it when I build the solution the BusinesLayer.dll is
    copied to the bin foilder of the main application. The main application then
    calls the classes from within the BusinessLayer.dll. This works without issue
    on the devlopment server.

    When I upload the application to the Shared hosting environments all the
    contents of the bin folder are copied to the bin folder on the live
    application.

    I'm assuming from the error message that the offending assembly is the
    BusinessLayer.dll

    I have quite a few applications on this host built with the same basic
    architecture (using BusinessLayer.dll) buit have never come across this issue
    before. As a result I am somewhet confused!

    The development server and live server are set up as close to the same as
    possible, same versions of ASP.Net etc but I have no control over the live
    server as it is not mine. My hosting provider is however very helpfull.

    I apologise if my explanations are muddled but despite reading several
    articles on this im not entirly sure I fully understand the problems.

    --
    Regards

    Martyn Fewtrell


    "Steven Cheng[MSFT]" wrote:

    > Hi Martyn,
    >
    > As for the problem you met, it is likely a typical .NET(ASP.NET) Code
    > access security issue. As the error message indicate some assembly not
    > allow partial trusted caller, I agree with Alvin that you should first
    > check which assembly is the exact one that raise this error. Normally in a
    > public service hoster(with restricted code access permission policy), this
    > is common issue. And it is not necessarily your assembly, but could be some
    > other assemblies(system assembies) your assembly uses that raise this
    > error.
    >
    > Generally, at development time, since your ASP.NET application is running
    > under Full Trust policy, there won't raise such CAS problem. At publich
    > shared hoster, CAS policy is restricted, if your application has called
    > some privileged code(according to .NET CAS permission), it may raise some
    > error. As for the "strong-name" or "AllowPartiallyTrustedCallers"
    > attribute, it is a typical approach use to create a wrapper assembly which
    > call those privileged code and install it into GAC. Here is a good MSDN
    > article detailedly describe ASP.NET 2.0 code access security and how to
    > deal with some common issues. You can have a look:
    >
    > #How To: Use Code Access Security in ASP.NET 2.0
    > http://msdn2.microsoft.com/en-us/library/ms998326.aspx#paght000017_wrappingp
    > rivilegedcode
    >
    > If you have any more specific questions, please feel free to post here.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    >
    > ==================================================
    >
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    >
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >
    > ==================================================
    >
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
    >
    =?Utf-8?B?TWFydHluIEZld3RyZWxs?=, May 3, 2007
    #4
  5. Hi there

    I have now identified what the problem is. As this post is now rather old
    and partially irrelevant I'll start a new thread.

    Thanks for your advice.
    --
    Regards

    Martyn Fewtrell


    "Martyn Fewtrell" wrote:

    > Hi there and thanks for the reply
    >
    > To expand a little the error is as follows:
    >
    > -----------------------------------------------
    >
    > [SecurityException: That assembly does not allow partially trusted callers.]
    > BusinessLayer.exRateFactory.SerializeClass(exRate _exRate, String Path)
    > in exRateFactory.vb:91
    > BusinessLayer.exRateFactory.GetExRate() in exRateFactory.vb:26
    > Test.Page_Load(Object sender, EventArgs e) in
    > D:\networkclub2couk\wwwroot\webservices\exRate\Test.aspx.vb:9
    > System.Web.UI.Control.OnLoad(EventArgs e) +99
    > System.Web.UI.Control.LoadRecursive() +47
    > System.Web.UI.Page.ProcessRequestMain(Boolean
    > includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
    > System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint,
    > Boolean includeStagesAfterAsyncPoint) +154
    > System.Web.UI.Page.ProcessRequest() +86
    > System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
    > System.Web.UI.Page.ProcessRequest(HttpContext context) +49
    > ASP.test_aspx.ProcessRequest(HttpContext context) +29
    >
    > System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
    > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
    > completedSynchronously) +64
    >
    > -----------------------------------------------
    >
    > exRateFactory and exRate are classes in the business layer. The two methods
    > which are called are GetexRate which basically sets a number of values on the
    > exRate class and SerializeClass which serializes the exRate class once the
    > values are loaded. Basically the exRateFactory either calculates new values
    > or takes the values from the serialized class according to certain perameters.
    >
    > As far as I understand it when I build the solution the BusinesLayer.dll is
    > copied to the bin foilder of the main application. The main application then
    > calls the classes from within the BusinessLayer.dll. This works without issue
    > on the devlopment server.
    >
    > When I upload the application to the Shared hosting environments all the
    > contents of the bin folder are copied to the bin folder on the live
    > application.
    >
    > I'm assuming from the error message that the offending assembly is the
    > BusinessLayer.dll
    >
    > I have quite a few applications on this host built with the same basic
    > architecture (using BusinessLayer.dll) buit have never come across this issue
    > before. As a result I am somewhet confused!
    >
    > The development server and live server are set up as close to the same as
    > possible, same versions of ASP.Net etc but I have no control over the live
    > server as it is not mine. My hosting provider is however very helpfull.
    >
    > I apologise if my explanations are muddled but despite reading several
    > articles on this im not entirly sure I fully understand the problems.
    >
    > --
    > Regards
    >
    > Martyn Fewtrell
    >
    >
    > "Steven Cheng[MSFT]" wrote:
    >
    > > Hi Martyn,
    > >
    > > As for the problem you met, it is likely a typical .NET(ASP.NET) Code
    > > access security issue. As the error message indicate some assembly not
    > > allow partial trusted caller, I agree with Alvin that you should first
    > > check which assembly is the exact one that raise this error. Normally in a
    > > public service hoster(with restricted code access permission policy), this
    > > is common issue. And it is not necessarily your assembly, but could be some
    > > other assemblies(system assembies) your assembly uses that raise this
    > > error.
    > >
    > > Generally, at development time, since your ASP.NET application is running
    > > under Full Trust policy, there won't raise such CAS problem. At publich
    > > shared hoster, CAS policy is restricted, if your application has called
    > > some privileged code(according to .NET CAS permission), it may raise some
    > > error. As for the "strong-name" or "AllowPartiallyTrustedCallers"
    > > attribute, it is a typical approach use to create a wrapper assembly which
    > > call those privileged code and install it into GAC. Here is a good MSDN
    > > article detailedly describe ASP.NET 2.0 code access security and how to
    > > deal with some common issues. You can have a look:
    > >
    > > #How To: Use Code Access Security in ASP.NET 2.0
    > > http://msdn2.microsoft.com/en-us/library/ms998326.aspx#paght000017_wrappingp
    > > rivilegedcode
    > >
    > > If you have any more specific questions, please feel free to post here.
    > >
    > > Sincerely,
    > >
    > > Steven Cheng
    > >
    > > Microsoft MSDN Online Support Lead
    > >
    > >
    > >
    > > ==================================================
    > >
    > > Get notification to my posts through email? Please refer to
    > > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > > ications.
    > >
    > >
    > >
    > > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > > where an initial response from the community or a Microsoft Support
    > > Engineer within 1 business day is acceptable. Please note that each follow
    > > up response may take approximately 2 business days as the support
    > > professional working with you may need further investigation to reach the
    > > most efficient resolution. The offering is not appropriate for situations
    > > that require urgent, real-time or phone-based interactions or complex
    > > project analysis and dump analysis issues. Issues of this nature are best
    > > handled working with a dedicated Microsoft Support Engineer by contacting
    > > Microsoft Customer Support Services (CSS) at
    > > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > >
    > > ==================================================
    > >
    > >
    > >
    > > This posting is provided "AS IS" with no warranties, and confers no rights.
    > >
    > >
    > >
    =?Utf-8?B?TWFydHluIEZld3RyZWxs?=, May 5, 2007
    #5
  6. Thanks for your reply Martyn,

    I haven't got replied due to some other urgent business. How are you doing
    and what's the problem you've identified? I think it is ok to continue to
    discuss here or if you want, you can also feel free to create a new thread.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Steven Cheng[MSFT], May 8, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. g3000
    Replies:
    4
    Views:
    19,999
    Scott Allen
    Jan 19, 2006
  2. Matt Culbreth
    Replies:
    1
    Views:
    518
    bruce barker
    Mar 29, 2007
  3. Joris van Lier
    Replies:
    3
    Views:
    903
    Alvin Bruney [ASP.NET MVP]
    Jul 8, 2008
  4. ASF
    Replies:
    1
    Views:
    1,476
    Mr. Arnold
    Jan 13, 2009
  5. Chris Davoli

    That assembly does not allow partially trusted callers

    Chris Davoli, Oct 5, 2006, in forum: ASP .Net Building Controls
    Replies:
    2
    Views:
    304
    Chris Davoli
    Oct 6, 2006
Loading...

Share This Page