Security Exception - Accessing remote folders & files

Discussion in 'ASP .Net Security' started by addey, Sep 10, 2008.

  1. addey

    addey Guest


    I've been struggling with this issue for a couple of days, tried all sorts
    of things I read but do not seem to get rid of the issue.

    I have been assigned the task of developing a web-application that will
    capture user input and export that as a XML document to a shared folder from
    where other applications will process the XML. The users providing the input
    will have access to the shared folder.

    The web-application will be published to a SharePoint site as well.

    I am trying to access an XML document from a SharePoint document library.
    My web-app and the SharePoint site will be the same site. I'm trying to
    access the
    XML file as follow:
    WebClient wc = new WebClient();
    WindowsImpersonationContext wic =
    wc.Credentials = CredentialCache.DefaultNetworkCredentials;
    Stream s =

    The CredentialCache.DefaulNetworkCredentials method causes the following
    SecurityException: Request for the permission of type
    'System.Security.Permissions.EnvironmentPermission, mscorlib,
    Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
    System.Security.CodeAccessSecurityEngine.Check(Object demand,
    StackCrawlMark& stackMark, Boolean isPermSet) +0
    System.Security.CodeAccessPermission.Demand() +59
    System.Net.CredentialCache.get_DefaultNetworkCredentials() +59

    I then attempted to leave out the credential logic since the user capturing
    the input will have access to the SharePoint document library.

    With the following code I get another exception.
    WebClient wc = new WebClient();
    Stream s =

    SecurityException: Request for the permission of type
    'System.Net.WebPermission, System, Version=, Culture=neutral,
    PublicKeyToken=b77a5c561934e089' failed.]
    System.Net.WebClient.OpenRead(Uri address) +486
    System.Net.WebClient.OpenRead(String address) +26

    I have given all code full access using the .NET Configuration utility on
    machine level.

    I have never had to play around with these security policies. Any advice
    will be appreciated. Are there specific attributes I need to declare on an
    assembly, class or method level? Do I have to define a custom security
    policy for my web-application's DLL? Must the DLL be strong named?

    Thank you!
    addey, Sep 10, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.