Re: security exception for aspx page

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 11/17/04

• Next message: Leonardo D'Ippolito: "Strong names ...."
• Previous message: Scott: "Re: CryptographicException: Unknown failure in Win98 only"
• In reply to: GoCMS: "Re: security exception for aspx page"
• Next in thread: GoCMS: "Re: security exception for aspx page"
• Reply: GoCMS: "Re: security exception for aspx page"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 16 Nov 2004 17:53:44 -0600

Well, the first thing to do is to try to figure out what the actual
permission that is being demanded is. Then, you have a few options:

 - Modify policy to allow that permission to be granted
 - Modify the assembly in the GAC to Assert that permission before the
demand is called so that the stack walk is stopped (note, potential security
risk here)
 - Create your own assembly that goes in the GAC that wraps their assembly
and does the above mentioned Assert. Note the same security risk

You might want to find some articles on CAS so that you get a better feel
for what I'm talking about here as it can be somewhat confusing until you
get the hang of it.

If you can find out what the actual permission that was demanded was and
what the stack trace for the exception was, that would be very helpful for
us to know.

Joe K.

"GoCMS" <GoCMS@discussions.microsoft.com> wrote in message
news:6B2A6B2B-4507-455D-BCE8-9C11897357BF@microsoft.com...
> Since I'm rather new on ASP.net or share point web part security, I wonder
> what will be the standard steps( & configuration entries) to make third
> party
> DLL accessible. The articles I'm reading on internet only addresses cases
> when user put their own developed ASP.NET assemblies into GAC.
> Thanks a lot.
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> Are you sure the third party DLL isn't allowing a full demand for a
>> permission to go up the stack? Just because it is in the GAC and it has
>> Full Trust doesn't mean that some code it is using won't trigger a Demand
>> that results in a full stack walk which would then fail in your code
>> which
>> is partially trusted.
>>
>> Without knowing more details on the exception, it would be hard to know
>> exactly what the problem is, but I suspect it is something along those
>> lines.
>>
>> Joe K.
>>
>> "GoCMS" <GoCMS@discussions.microsoft.com> wrote in message
>> news:095F0E58-0588-4CF3-A520-BF9FB72A6F08@microsoft.com...
>> > The message is not detailed enough though, as follows:
>> >
>> > Security Exception Description: The application attempted to perform an
>> > operation not allowed by the security policy. To grant
>> > this application the required permission please contact
>> > your system administrator or change the application's
>> > trust level in the configuration file.
>> >
>> > Exception Details: System.Security.SecurityException:Security Error
>> >
>> >
>> > "Nicole Calinoiu" wrote:
>> >
>> >> What is the exception message or, even better, its full details (as
>> >> returned
>> >> by its ToString method)?
>> >>
>> >>
>> >> "GoCMS" <GoCMS@discussions.microsoft.com> wrote in message
>> >> news:3DBB444B-3A4A-419D-A61A-8E281CBE1CA3@microsoft.com...
>> >> > hi, there:
>> >> > I was developing a new page for a web part project. My page keeps
>> >> > on
>> >> > getting security exception whereas other pages in the same project
>> >> > don't.
>> >> > I
>> >> > set the security level to be WSS_MediumTrust level. I wasn't using
>> >> > any
>> >> > database connection, but I was using a third party DLL( which is
>> >> > already
>> >> > signed and put into GAC).
>> >> >
>> >> > I add the third party assembly into the project web.config.
>> >> > I also add the following section into WSS_MediumTrust.config file.
>> >> > <CodeGroup class="UnionCodeGroup" version="1"
>> >> > PermissionSetName="FullTrust">
>> >> > <IMembershipCondition class="StrongNameMembershipCondition"
>> >> > version="1" PublicKeyBlob="public key for 3rd party assembly"/>
>> >> > </CodeGroup>
>> >> >
>> >> > Any other ideas? Thanks a LOT!
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>

---

• Next message: Leonardo D'Ippolito: "Strong names ...."
• Previous message: Scott: "Re: CryptographicException: Unknown failure in Win98 only"
• In reply to: GoCMS: "Re: security exception for aspx page"
• Next in thread: GoCMS: "Re: security exception for aspx page"
• Reply: GoCMS: "Re: security exception for aspx page"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages about permissions ... Assert vs Demand ... With assert, the immediate caller must have permission to ... (microsoft.public.cert.exam.mcad) Re: Security Exception ... > the connecting users according to the Local Users and Groups on ... > permission = permission.Union(new PrincipalPermission(null, ... Demand() method does. ... or not the role and ID of the PrincipalPermission match ... (microsoft.public.dotnet.framework.aspnet) Re: When to explicitly check permission ... > SecurityException instead would there? ... Directory.GetCurrentDirectory method will implement a demand for ... > should I do an explicit check my self before I call the method? ... performing a preliminary demand for the same permission. ... (microsoft.public.dotnet.security) RE: Strong names between exe and dll ... The second option in that paragraph is that C does a full demand on the identity permission, which will ensure that everyone on your call stack is ... >If I have an exe that is mine and a dll that is mine, both strongname signed ... (microsoft.public.dotnet.security) Re: Medium Level Trust and Reflection ... Depends on whether the code that's being called makes a link demand or full ... assertion permission can be acquired by the same means as reflection ... >> Have you tried adding it to the GAC? ... (microsoft.public.dotnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)