Permissions Error - FileIOPermission (aspx) and ImageFetch (ashx)

[Carl Gilbert]

Hi

I have recently got the ASP.NET 2.0 Clubsite Starter Kit up and running on
my 1&1 web space. Recently I have started getting lots of exceptions and
white pages.

I have put some code in global.asax to email me when an error occurs. The
site doesn't get that much traffic, perhaps a couple of hundred hits a day.
I've made some charts from the logs I get from 1&1 and the emails I received
reporting bugs and there doesn't seem to be much correlation between bugs
and traffic/visitors.

I have uploaded the charts here: http://bwbfc.co.uk/bug/badgerbug.html and I
have included some sample errors at the bottom of this post. About 80% are
the same as sample 1 and the rest are the same as sample 2. Most of error 1
are for the default page but these spring up all over the place (gallery,
forum, etc) and nearly all of error 2 are for imageFetch.ashx.

I have also included the code in my global.asax file in this post.

The database holds the images. Here's some figures about my database:
Size : 35.19MB
*** DATA ***
Size : 19456 KB
Max size : 204800 KB
Growth : 10%
Usage : data only
*** LOG ***
Size : 16576 KB
Max size : Unlimited
Growth : 10%
Usage : log only

Would it help if I kept the images in a folder rather than in the database?
At the moment I only about 200 images in the database.

I'm completely at a loss of what to do next. I can't re-produce the error
locally.
I have shared MS hosting with 1&1 and as such have virtually no access to
the server and things like IIS.
I tried putting more debug output in my global.asax (trying to get the inner
exception, base exception, source, stack trace, etc) but it all comes back
with the same stuff.

If it helps I can post more info from my log files. You can visit the site
here www.bwbfc.co.uk. Who knows, perhaps you'll get lucky and get a blank
page and I'll get an email.

What can I try next?

Regards, Carl Gilbert


******************* SAMPLE ERROR 1 **************************
Error Caught in Application_Error event\n
Error in: http://bwbfc.co.uk/bb/default.aspx\n
Error Message:Request for the permission of type
'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.\n\n

REMOTE_ADDR: 192.18.1.4\n
HTTP_ACCEPT_LANGUAGE: en-gb,en;q=0.5\n
HTTP_REFERER: \n
HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.7)
Gecko/20060909 Firefox/1.5.0.7\n
HTTP_COOKIE: s_vi=[CS]v1|446D9B3200005BE2-A290AA30000071B[CE];
s_nr=1157461660941;
s_pers=%20s_vsn_paypalglobal%3D5432741905408%7C1471514326747%3B;
..ASPXAUTH=2639693E36792FFC896623FCA1D37378B82CF02C321308B53BE72F2D9D8C3F01C223FAE69C4DA41EC98BE78316E1AC7621A7C7E3A988F21D44EF32D9B934B6E0F09C51ED7CC035E23FA04ABB8E2BC4F6;
ASPSESSIONIDCAQBQQBS=DIGJPCEAKPLFHOFEFNDMJJBH\n\n\n

Stack Trace: at System.Security.CodeAccessSecurityEngine.Check(Object
demand, StackCrawlMark& stackMark, Boolean isPermSet) at
System.Security.CodeAccessPermission.Demand() at
System.IO.Path.GetFullPath(String path) at
System.Web.Util.FileUtil.IsSuspiciousPhysicalPath(String physicalPath,
Boolean& pathTooLong) at
System.Web.Util.FileUtil.IsSuspiciousPhysicalPath(String physicalPath) at
System.Web.CachedPathData.GetConfigPathData(String configPath) at
System.Web.CachedPathData.GetConfigPathData(String configPath) at
System.Web.CachedPathData.GetConfigPathData(String configPath) at
System.Web.CachedPathData.GetVirtualPathData(VirtualPath virtualPath,
Boolean permitPathsOutsideApp) at
System.Web.HttpContext.GetPathData(VirtualPath path) at
System.Web.Security.UrlAuthorizationModule.IsUserAllowedToPath(HttpContext
context, VirtualPath virtualPath) at
System.Web.UI.Util.IsUserAllowedToPath(HttpContext context, VirtualPath
virtualPath) at System.Web.SiteMapProvider.IsAccessibleToUser(HttpContext
context, SiteMapNode node) at
System.Web.SiteMapNode.IsAccessibleToUser(HttpContext context) at
System.Web.StaticSiteMapProvider.GetChildNodes(SiteMapNode node) at
System.Web.SiteMapNode.get_ChildNodes() at
System.Web.UI.WebControls.SiteMapDataSource.GetNodes() at
System.Web.UI.WebControls.SiteMapDataSource.GetPathNodeCollection(String
viewPath) at System.Web.UI.WebControls.SiteMapDataSource.GetView(String
viewName) at
System.Web.UI.WebControls.SiteMapDataSource.System.Web.UI.IDataSource.GetView(String
viewName) at System.Web.UI.WebControls.Repeater.ConnectToDataSourceView() at
System.Web.UI.WebControls.Repeater.OnLoad(EventArgs e) at
System.Web.UI.Control.LoadRecursive() at
System.Web.UI.Control.LoadRecursive() at
System.Web.UI.Control.LoadRecursive() at
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint) at
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at
System.Web.UI.Page.ProcessRequest(HttpContext context) at
ASP.default_aspx.ProcessRequest(HttpContext context) at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)
**************************************************************


******************* SAMPLE ERROR 2 **************************
Error Caught in Application_Error event\n
Error in: http://bwbfc.co.uk/bb/imagefetch.ashx?size=1&imageid=126\n
Error Message:Object reference not set to an instance of an object.\n\n

REMOTE_ADDR: 198.36.87.81\n
HTTP_ACCEPT_LANGUAGE: en-gb\n
HTTP_REFERER: http://bwbfc.co.uk/bb/Photoalbum_contents.aspx?Albumid=10\n
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.1.4322)\n
HTTP_COOKIE: \n\n\n

Stack Trace: at ImageFetch.writeSingleImage(Int32 ImageID, Int32 size,
Stream output) at ImageFetch.ProcessRequest(HttpContext context) at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)
**************************************************************

************ GLOBAL.ASAX EVENT HANDLER *******************
Protected Sub Application_Error(ByVal sender As Object, ByVal e As
System.EventArgs)
Dim objErr As Exception = Server.GetLastError.GetBaseException
Dim strMsg As String = "Error Caught in Application_Error event\n" +
_
"<br>Error in: <a href='" + Request.Url.ToString() + "'>" +
Request.Url.ToString() + "</a>" + _
"\n<br>Error Message:" + objErr.Message.ToString() + _
"\n\n<br><br>REMOTE_ADDR: " +
Request.ServerVariables("REMOTE_ADDR") + "</a>" + _
"\n<br>HTTP_ACCEPT_LANGUAGE: " +
Request.ServerVariables("HTTP_ACCEPT_LANGUAGE") + _
"\n<br>HTTP_REFERER: " + Request.ServerVariables("HTTP_REFERER")
+ _
"\n<br>HTTP_USER_AGENT: " +
Request.ServerVariables("HTTP_USER_AGENT") + _
"\n<br>HTTP_COOKIE: " + Request.ServerVariables("HTTP_COOKIE") +
"\n\n\n<br><br>Stack Trace:" + objErr.StackTrace.ToString

'EventLog.WriteEntry("Sample_WebApp",err,EventLogEntryType.Error);
Server.ClearError()
Dim strSbj As String = "edream.org Application Error"
'Mailer.send(strMsg, strSbj);


'additional actions...
HttpContext.Current.Response.Redirect("~/ErrorPage.htm")
End Sub
**************************************************************