XslTransform "Invalid Xml" Security Problem

M

Matthias Truxa

Hello,

I've got a serious Problem from out of nowhere that I'm not able to solve.
Can someone please help me here?

I'm trying to instantiate a Xslt document build in as a resource using:

htmlTransformator = new XslTransform();
using (Stream mrs =
typeof(MyType).Assembly.GetManifestResourceStream("MyNSp.my.xslt"))
{
XmlTextReader r = new XmlTextReader(mrs);
htmlTransformator.Load (r, null, typeof(MyType).Assembly.Evidence); //
<<< "Invalid Xml"
r.Close();
}

The document is valid, well-formatted and is not the source of error since I
tried to pass a nearly empty one and it didn't work out neither.
All the procedure has run for a long time. The error occurred as I wanted to
change the Xsl (I already undid this for test).
You may not reproduce this error since it seems to be only not working on my
local machine.
I've found a similar thing at
http://www.dotnet247.com/247reference/msgs/48/241599.aspx.
All things as restarting computer and webserver, clearing the caches,
resetting security policies didn't solve the prob.

So I think its a local security problem, based on the stack trace I get:
[ArgumentException: Ungültiger Xml.]
System.Security.Policy.PolicyStatement.FromXml(SecurityElement et,
PolicyLevel level) +570
System.Security.Policy.PolicyLevel.CheckCache(Int32 count, Char[]
serializedEvidence, Boolean& xmlError) +164
System.Security.Policy.PolicyLevel.Resolve(Evidence evidence, Int32
count, Char[] serializedEvidence) +54
System.Security.PolicyManager.Resolve(Evidence evidence, PermissionSet
request) +147
System.Security.SecurityManager.ResolvePolicy(Evidence evidence) +133
System.Xml.Xsl.Compiler.Compile(NavigatorInput input, XmlResolver
xmlResolver, Evidence evidence) +372
System.Xml.Xsl.XslTransform.Compile(XPathNavigator stylesheet,
XmlResolver resolver, Evidence evidence) +215
System.Xml.Xsl.XslTransform.Load(XPathNavigator stylesheet, XmlResolver
resolver, Evidence evidence) +124
System.Xml.Xsl.XslTransform.Load(XmlReader stylesheet, XmlResolver
resolver, Evidence evidence) +74

Does someone have had this problem and solved it?

Thanx for any assistence.
Matt
 
J

Joseph Bittman MCAD

July 13, 2005

I'm not quite sure, but which line is causing the crash? I have a feeling
it is the htmlTransformator.load method. You might check and make sure that
your assembly/web application has the "Allow Evidence Control" under the
SecurityPermission. I do believe it is caused by this because of the stack
walk. Please check this out and let me know..... Thanks and have a great
day! :)

--
Joseph Bittman
Microsoft Certified Application Developer

Web Site: http://71.39.42.23
Static IP
 
M

Matthias Truxa

Sorry for my late answer, I didn't expect one to my question either *]. So
thanx for yours.

You may be right. I've got another assembly doing nearly the same without
problems.
I could not figure out the differences between the two. But I disassembled
the routine where the error occurs
(System.Security.Policy.PolicyLevel.CheckCache(int count, char[]
serializedEvidence, out bool xmlError)).
There should be such any Security Exception instead of an Argument
Exception, so I thought of kind of a bug.
Btw, how do I check whether my assembly/web application has the "Allow
Evidence Control" permission?

Here's the code (see "<<<" for error position):

private PolicyStatement CheckCache(int count, char[] serializedEvidence, out
bool xmlError)
{
char[] chArray1;
PolicyStatement statement2;
PolicyStatement statement1 = null;
xmlError = false;
if (!Config.GetCacheEntry(this.m_configId, count, serializedEvidence,
out chArray1))
{
return null;
}
statement1 = new PolicyStatement();
Parser parser1 = null;
try
{
parser1 = new Parser(chArray1);
statement1.FromXml(parser1.GetTopElement()); // <<<
ArgumentException "Invalid Xml"
statement2 = statement1;
}
catch (XmlSyntaxException)
{
xmlError = true;
statement2 = null;
}
return statement2;
}

Thanx for your advice,
Matt


Joseph Bittman MCAD said:
July 13, 2005

I'm not quite sure, but which line is causing the crash? I have a feeling
it is the htmlTransformator.load method. You might check and make sure
that your assembly/web application has the "Allow Evidence Control" under
the SecurityPermission. I do believe it is caused by this because of the
stack walk. Please check this out and let me know..... Thanks and have a
great day! :)

--
Joseph Bittman
Microsoft Certified Application Developer

Web Site: http://71.39.42.23
Static IP




Matthias Truxa said:
Hello,

I've got a serious Problem from out of nowhere that I'm not able to
solve. Can someone please help me here?

I'm trying to instantiate a Xslt document build in as a resource using:

htmlTransformator = new XslTransform();
using (Stream mrs =
typeof(MyType).Assembly.GetManifestResourceStream("MyNSp.my.xslt"))
{
XmlTextReader r = new XmlTextReader(mrs);
htmlTransformator.Load (r, null, typeof(MyType).Assembly.Evidence); //
<<< "Invalid Xml"
r.Close();
}

The document is valid, well-formatted and is not the source of error
since I tried to pass a nearly empty one and it didn't work out neither.
All the procedure has run for a long time. The error occurred as I wanted
to change the Xsl (I already undid this for test).
You may not reproduce this error since it seems to be only not working on
my local machine.
I've found a similar thing at
http://www.dotnet247.com/247reference/msgs/48/241599.aspx.
All things as restarting computer and webserver, clearing the caches,
resetting security policies didn't solve the prob.

So I think its a local security problem, based on the stack trace I get:
[ArgumentException: Ungültiger Xml.]
System.Security.Policy.PolicyStatement.FromXml(SecurityElement et,
PolicyLevel level) +570
System.Security.Policy.PolicyLevel.CheckCache(Int32 count, Char[]
serializedEvidence, Boolean& xmlError) +164
System.Security.Policy.PolicyLevel.Resolve(Evidence evidence, Int32
count, Char[] serializedEvidence) +54
System.Security.PolicyManager.Resolve(Evidence evidence, PermissionSet
request) +147
System.Security.SecurityManager.ResolvePolicy(Evidence evidence) +133
System.Xml.Xsl.Compiler.Compile(NavigatorInput input, XmlResolver
xmlResolver, Evidence evidence) +372
System.Xml.Xsl.XslTransform.Compile(XPathNavigator stylesheet,
XmlResolver resolver, Evidence evidence) +215
System.Xml.Xsl.XslTransform.Load(XPathNavigator stylesheet, XmlResolver
resolver, Evidence evidence) +124
System.Xml.Xsl.XslTransform.Load(XmlReader stylesheet, XmlResolver
resolver, Evidence evidence) +74

Does someone have had this problem and solved it?

Thanx for any assistence.
Matt
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

strange xsl security exception under asp.net 0
Cryptographic Exception 0
Evidence bug? 0
Help! The wrong namespace was used for XSL. 0
Access Denied w/Impersonate=true 4

Members online

Total: 31 (members: 2, guests: 29)
Robots: 172

Forum statistics

Threads
473,755
Messages
2,569,534
Members
45,008
Latest member
Rahul737

Latest Threads

Top