Trust level required for AppDomain.CurrentDomain.UnhandledExcept

[Chuck P]

I was trying to reduce the trust level in a web application.
I am a newbie at playing with trust levels.

<trust level="High" originUrl="" processRequestInApplicationTrust = "true" />
We use a non-Gac dll in it that has this code:

AppDomain.CurrentDomain.UnhandledException += new
UnhandledExceptionEventHandler(OnUhe);


I get an exception:
System.Security.SecurityException: Request for the permission of type
'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Is their a good way to get rid of the exception?
Is their a way from the documentation to tell what trust level is required?

 

[Steven Cheng[MSFT]]

Hi Chuck,

As for .NET CAS permision, you can use the "permcalc.exe" utility(in .net
sdk) to inspect the required permissions. For testing, you can put the
function call that register the AppDomain.UnhandledException event into an
empty class library assembly and use permcalc.exe to calculate the mininum
required CAS permissionset.

Based on my test, registering unhandled appdomain exceptin require the
"System.Security.Permissions.SecurityPermission" with "ControlAppDomain"
flag. Below is the permcalc.exe calculated report fragment:

<?xml version="1.0"?>
<Sandbox>
<PermissionSet version="1" class="System.Security.PermissionSet">
<IPermission version="1"
class="System.Security.Permissions.SecurityPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
Flags="Execution, ControlAppDomain" />
....................
</Sandbox>
<<<<<<<<<<<<<<<<<<<<<<<<

I think the ASP.NET "high" trust level doesn't include this permission by
default. For your case, is the application hosetd on a public host or
still under your control and you can adjust the CAS trust level or policy
setting? For cases that we need our ASP.NET application be able to execute
some restricted(BY CAS) code, following options are available:

** escalate trust level

** modify or customize the existing trust level's policy setting( add some
small permissions into it)

** or encapsulate the privileged function calls in a wrapper assembly and
put it in CAC. The following articles should also mentioned this approach:

#How To: Use Medium Trust in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998341.aspx

#How To: Use Code Access Security in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998326.aspx


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Dominick Baier]

use these instruction to get the REAL reason:

http://www.leastprivilege.com/ViewingSecurityExceptions.aspx

permcalc is awkward and not very precise IMO

or

simply look at the docs

they say

"SecurityPermission to add an event handler for this event. Associated enumeration:
SecurityPermissionFlag.ControlAppDomain"