XslTransform "Invalid Xml" Security Problem

Discussion in 'ASP .Net Security' started by Matthias Truxa, Jul 9, 2005.

  1. Hello,

    I've got a serious Problem from out of nowhere that I'm not able to solve.
    Can someone please help me here?

    I'm trying to instantiate a Xslt document build in as a resource using:

    htmlTransformator = new XslTransform();
    using (Stream mrs =
    typeof(MyType).Assembly.GetManifestResourceStream("MyNSp.my.xslt"))
    {
    XmlTextReader r = new XmlTextReader(mrs);
    htmlTransformator.Load (r, null, typeof(MyType).Assembly.Evidence); //
    <<< "Invalid Xml"
    r.Close();
    }

    The document is valid, well-formatted and is not the source of error since I
    tried to pass a nearly empty one and it didn't work out neither.
    All the procedure has run for a long time. The error occurred as I wanted to
    change the Xsl (I already undid this for test).
    You may not reproduce this error since it seems to be only not working on my
    local machine.
    I've found a similar thing at
    http://www.dotnet247.com/247reference/msgs/48/241599.aspx.
    All things as restarting computer and webserver, clearing the caches,
    resetting security policies didn't solve the prob.

    So I think its a local security problem, based on the stack trace I get:
    [ArgumentException: Ungültiger Xml.]
    System.Security.Policy.PolicyStatement.FromXml(SecurityElement et,
    PolicyLevel level) +570
    System.Security.Policy.PolicyLevel.CheckCache(Int32 count, Char[]
    serializedEvidence, Boolean& xmlError) +164
    System.Security.Policy.PolicyLevel.Resolve(Evidence evidence, Int32
    count, Char[] serializedEvidence) +54
    System.Security.PolicyManager.Resolve(Evidence evidence, PermissionSet
    request) +147
    System.Security.SecurityManager.ResolvePolicy(Evidence evidence) +133
    System.Xml.Xsl.Compiler.Compile(NavigatorInput input, XmlResolver
    xmlResolver, Evidence evidence) +372
    System.Xml.Xsl.XslTransform.Compile(XPathNavigator stylesheet,
    XmlResolver resolver, Evidence evidence) +215
    System.Xml.Xsl.XslTransform.Load(XPathNavigator stylesheet, XmlResolver
    resolver, Evidence evidence) +124
    System.Xml.Xsl.XslTransform.Load(XmlReader stylesheet, XmlResolver
    resolver, Evidence evidence) +74

    Does someone have had this problem and solved it?

    Thanx for any assistence.
    Matt
     
    Matthias Truxa, Jul 9, 2005
    #1
    1. Advertising

  2. July 13, 2005

    I'm not quite sure, but which line is causing the crash? I have a feeling
    it is the htmlTransformator.load method. You might check and make sure that
    your assembly/web application has the "Allow Evidence Control" under the
    SecurityPermission. I do believe it is caused by this because of the stack
    walk. Please check this out and let me know..... Thanks and have a great
    day! :)

    --
    Joseph Bittman
    Microsoft Certified Application Developer

    Web Site: http://71.39.42.23
    Static IP




    "Matthias Truxa" <> wrote in message
    news:...
    > Hello,
    >
    > I've got a serious Problem from out of nowhere that I'm not able to solve.
    > Can someone please help me here?
    >
    > I'm trying to instantiate a Xslt document build in as a resource using:
    >
    > htmlTransformator = new XslTransform();
    > using (Stream mrs =
    > typeof(MyType).Assembly.GetManifestResourceStream("MyNSp.my.xslt"))
    > {
    > XmlTextReader r = new XmlTextReader(mrs);
    > htmlTransformator.Load (r, null, typeof(MyType).Assembly.Evidence); //
    > <<< "Invalid Xml"
    > r.Close();
    > }
    >
    > The document is valid, well-formatted and is not the source of error since
    > I tried to pass a nearly empty one and it didn't work out neither.
    > All the procedure has run for a long time. The error occurred as I wanted
    > to change the Xsl (I already undid this for test).
    > You may not reproduce this error since it seems to be only not working on
    > my local machine.
    > I've found a similar thing at
    > http://www.dotnet247.com/247reference/msgs/48/241599.aspx.
    > All things as restarting computer and webserver, clearing the caches,
    > resetting security policies didn't solve the prob.
    >
    > So I think its a local security problem, based on the stack trace I get:
    > [ArgumentException: Ungültiger Xml.]
    > System.Security.Policy.PolicyStatement.FromXml(SecurityElement et,
    > PolicyLevel level) +570
    > System.Security.Policy.PolicyLevel.CheckCache(Int32 count, Char[]
    > serializedEvidence, Boolean& xmlError) +164
    > System.Security.Policy.PolicyLevel.Resolve(Evidence evidence, Int32
    > count, Char[] serializedEvidence) +54
    > System.Security.PolicyManager.Resolve(Evidence evidence, PermissionSet
    > request) +147
    > System.Security.SecurityManager.ResolvePolicy(Evidence evidence) +133
    > System.Xml.Xsl.Compiler.Compile(NavigatorInput input, XmlResolver
    > xmlResolver, Evidence evidence) +372
    > System.Xml.Xsl.XslTransform.Compile(XPathNavigator stylesheet,
    > XmlResolver resolver, Evidence evidence) +215
    > System.Xml.Xsl.XslTransform.Load(XPathNavigator stylesheet, XmlResolver
    > resolver, Evidence evidence) +124
    > System.Xml.Xsl.XslTransform.Load(XmlReader stylesheet, XmlResolver
    > resolver, Evidence evidence) +74
    >
    > Does someone have had this problem and solved it?
    >
    > Thanx for any assistence.
    > Matt
    >
    >
     
    Joseph Bittman MCAD, Jul 13, 2005
    #2
    1. Advertising

  3. Sorry for my late answer, I didn't expect one to my question either *]. So
    thanx for yours.

    You may be right. I've got another assembly doing nearly the same without
    problems.
    I could not figure out the differences between the two. But I disassembled
    the routine where the error occurs
    (System.Security.Policy.PolicyLevel.CheckCache(int count, char[]
    serializedEvidence, out bool xmlError)).
    There should be such any Security Exception instead of an Argument
    Exception, so I thought of kind of a bug.
    Btw, how do I check whether my assembly/web application has the "Allow
    Evidence Control" permission?

    Here's the code (see "<<<" for error position):

    private PolicyStatement CheckCache(int count, char[] serializedEvidence, out
    bool xmlError)
    {
    char[] chArray1;
    PolicyStatement statement2;
    PolicyStatement statement1 = null;
    xmlError = false;
    if (!Config.GetCacheEntry(this.m_configId, count, serializedEvidence,
    out chArray1))
    {
    return null;
    }
    statement1 = new PolicyStatement();
    Parser parser1 = null;
    try
    {
    parser1 = new Parser(chArray1);
    statement1.FromXml(parser1.GetTopElement()); // <<<
    ArgumentException "Invalid Xml"
    statement2 = statement1;
    }
    catch (XmlSyntaxException)
    {
    xmlError = true;
    statement2 = null;
    }
    return statement2;
    }

    Thanx for your advice,
    Matt


    "Joseph Bittman MCAD" <> schrieb im Newsbeitrag
    news:%...
    > July 13, 2005
    >
    > I'm not quite sure, but which line is causing the crash? I have a feeling
    > it is the htmlTransformator.load method. You might check and make sure
    > that your assembly/web application has the "Allow Evidence Control" under
    > the SecurityPermission. I do believe it is caused by this because of the
    > stack walk. Please check this out and let me know..... Thanks and have a
    > great day! :)
    >
    > --
    > Joseph Bittman
    > Microsoft Certified Application Developer
    >
    > Web Site: http://71.39.42.23
    > Static IP
    >
    >
    >
    >
    > "Matthias Truxa" <> wrote in message
    > news:...
    >> Hello,
    >>
    >> I've got a serious Problem from out of nowhere that I'm not able to
    >> solve. Can someone please help me here?
    >>
    >> I'm trying to instantiate a Xslt document build in as a resource using:
    >>
    >> htmlTransformator = new XslTransform();
    >> using (Stream mrs =
    >> typeof(MyType).Assembly.GetManifestResourceStream("MyNSp.my.xslt"))
    >> {
    >> XmlTextReader r = new XmlTextReader(mrs);
    >> htmlTransformator.Load (r, null, typeof(MyType).Assembly.Evidence); //
    >> <<< "Invalid Xml"
    >> r.Close();
    >> }
    >>
    >> The document is valid, well-formatted and is not the source of error
    >> since I tried to pass a nearly empty one and it didn't work out neither.
    >> All the procedure has run for a long time. The error occurred as I wanted
    >> to change the Xsl (I already undid this for test).
    >> You may not reproduce this error since it seems to be only not working on
    >> my local machine.
    >> I've found a similar thing at
    >> http://www.dotnet247.com/247reference/msgs/48/241599.aspx.
    >> All things as restarting computer and webserver, clearing the caches,
    >> resetting security policies didn't solve the prob.
    >>
    >> So I think its a local security problem, based on the stack trace I get:
    >> [ArgumentException: Ungültiger Xml.]
    >> System.Security.Policy.PolicyStatement.FromXml(SecurityElement et,
    >> PolicyLevel level) +570
    >> System.Security.Policy.PolicyLevel.CheckCache(Int32 count, Char[]
    >> serializedEvidence, Boolean& xmlError) +164
    >> System.Security.Policy.PolicyLevel.Resolve(Evidence evidence, Int32
    >> count, Char[] serializedEvidence) +54
    >> System.Security.PolicyManager.Resolve(Evidence evidence, PermissionSet
    >> request) +147
    >> System.Security.SecurityManager.ResolvePolicy(Evidence evidence) +133
    >> System.Xml.Xsl.Compiler.Compile(NavigatorInput input, XmlResolver
    >> xmlResolver, Evidence evidence) +372
    >> System.Xml.Xsl.XslTransform.Compile(XPathNavigator stylesheet,
    >> XmlResolver resolver, Evidence evidence) +215
    >> System.Xml.Xsl.XslTransform.Load(XPathNavigator stylesheet, XmlResolver
    >> resolver, Evidence evidence) +124
    >> System.Xml.Xsl.XslTransform.Load(XmlReader stylesheet, XmlResolver
    >> resolver, Evidence evidence) +74
    >>
    >> Does someone have had this problem and solved it?
    >>
    >> Thanx for any assistence.
    >> Matt
    >>
    >>

    >
    >
     
    Matthias Truxa, Jul 18, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bob Yuan
    Replies:
    1
    Views:
    333
    Michal A. Valasek
    Jul 31, 2003
  2. Natty Gur
    Replies:
    8
    Views:
    305
    Natty Gur
    Nov 5, 2003
  3. Kathy Burke
    Replies:
    10
    Views:
    542
    Kathy Burke
    Nov 4, 2003
  4. George Durzi

    XslTransform in .NET v1.1

    George Durzi, Nov 13, 2003, in forum: ASP .Net
    Replies:
    11
    Views:
    1,655
    Gerald
    Dec 3, 2005
  5. Ruprict

    XslTransform problem

    Ruprict, Apr 1, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    380
    Ruprict
    Apr 2, 2004
Loading...

Share This Page