Security Exception on ASP.Net app

[John Stemper]

I've recently moved an ASP.Net app to our deployment server after it was
verified on our integration test server.

On the deployment server I am now getting the following error:
/*********************************************/
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.

Source Error:


Line 30: private static bool __intialized = false;
Line 31:
Line 32: public Global_asax() {
Line 33: if ((ASP.Global_asax.__intialized == false)) {
Line 34: ASP.Global_asax.__intialized = true;


Source File: C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET
Files\locator\5058f3de\5dc8deb2\bl3wphvz.0.cs Line: 32

Stack Trace:


[SecurityException: Security error.]
Antioch.CreativeMemories.Web.Global..ctor() +0
ASP.Global_asax..ctor() in
C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET
Files\locator\5058f3de\5dc8deb2\bl3wphvz.0.cs:32



/**********************************************/

The web.config file is the same as the one I'm using on the working servers.
There are other working .Net apps on the non-working server.
The app is pretty simple. I'm just receiving an XML stream from another web
site and running that into a datagrid.

I've seen lots of others with similar problems but none of the suggestions
from those threads seemed to work.

Any ideas or suggestions?

TIA

John S

 

[MSFT]

Hi John,

As I understand, the problem only occur on the deployment server, and only
this web app generate the error. regarding the error message, there is a
very similar known issue. You may first take a look to see if it is the
problem:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q320268
PRB: "System.Security.SecurityException: Security error" Error Message when
the Virtual Directory Points to a Remote Share in ASP.NET

If above article didn't address the problem, you may check if there any
outer resource used in the ASP.NET app and if it has enough permission. I
think you may search in event log to see if any permission denied message
logged.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[John Stemper]

Thanks for the response.

I have reviewed the referred to document. The remote XML stream that I am
accessing is on a third party's web server and is simply returning an XML
stream. (using the same stream from my test server with success) There
should not be any shares or remote shares involved.

The XML stream is a "sort-of-a" web service. We've been asking them to put
together a real web service but it seems to be beyond their technical grasp.

Anyway.. I went through the document (Q320268) and unfortunately it didn't
correct the error.


Thanks again.

John

 

[John Stemper]

Some additional info:

I've basically removed all code from the main page of the app, recompiled
and redeployed and I still get the security error.


John

 

[MSFT]

Hi John,

In the project/reference, did you have any sepecial references like third
party components or library created by your self? How about the security
settings for the web folder in IIS, windows integrated or anonymous? and
did you use Windows authentication in the ASP.NET app?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[John Stemper]

Luke,

There are no references to third party components or libraries. I am
accessing an external URL that returns an XML stream. The code that does
this is:

HttpWebRequest oRequest =
(HttpWebRequest)WebRequest.Create(sbAddress.ToString());
oRequest.KeepAlive=true;
HttpWebResponse oResponse = (HttpWebResponse)oRequest.GetResponse();
Stream stResponse = oResponse.GetResponseStream();
XmlTextReader xReader = new XmlTextReader(sbAddress.ToString(),stResponse);
dsAddresses.ReadXml(xReader);

This code works on my Dev environment and my local machine. It does not work
on my Test and production machine.
I get the following error: The application attempted to perform an operation
not allowed by the security policy. To grant this application the required
permission please contact your system administrator or change the
application's trust level in the configuration file.

I'm pretty sure it has something to do with accessing the internet from a
web app but I'm not sure where to go from there.

Thanks

John

 

[Steven Cheng[MSFT]]

Hi John,

Thanks for your followup. Since the KB article doesn't quite suite your
situation, we need to do some further troubeshoot in it. Would you please
try the follow tests:
1. Create a simple web project and just contain on page and put the
requesting remote xml stream operation in the page and to see whether the
project will also suffer the problem.

2. Try create a simple local(intranet) web app on another server which can
return a xml stream. And query the xml stream from the intranet server to
see whether this will also cause the problem.

As for setting the internet accessing security, I still think you may have
a further check the configuration mentioned in the
kb(using the .net configuration tool).

Please check out the above items. If you got any updates or new findings,
please feel free to post here.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

 

[John Stemper]

1. Same problem occurred
2. Works fine.

Thanks
John

 

[John Stemper]

I was in error on the last posting.

1. I've stripped down the app to nothing, just the page load event. I still
get the error.

John

 

[Steven Cheng[MSFT]]

Hi John,

You mean you made the certain page( in the original web app) 's Page_Load
empty and still occurs the error? Or have you tried comparing the .net
security setting on the error server with the develop machine which dosn't
suffer the problem?
Or have you tried adding the certain remote site (genrate the xml stream )
into trusted site? Still think the issue due to security setting.


Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

 

[Steven Cheng[MSFT]]

Hi John,

Have you had a chance to try out the suggestoins in my last reply? Just try
adding the certain remote url(return xml stream) into the trusted site or a
certain code group which be granted unrestricted permissions via the .net
configuration tool? If you have any questoins on it, please feel free to
let me know.




Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx