Security Exception deployment error

[John Stemper]

I've recently moved an ASP.Net app to our deployment server after it was
verified on our integration test server.

On the deployment server I am now getting the following error:
/*********************************************/
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.

Source Error:


Line 30: private static bool __intialized = false;
Line 31:
Line 32: public Global_asax() {
Line 33: if ((ASP.Global_asax.__intialized == false)) {
Line 34: ASP.Global_asax.__intialized = true;


Source File: C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET
Files\locator\5058f3de\5dc8deb2\bl3wphvz.0.cs Line: 32

Stack Trace:


[SecurityException: Security error.]
Antioch.CreativeMemories.Web.Global..ctor() +0
ASP.Global_asax..ctor() in
C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET
Files\locator\5058f3de\5dc8deb2\bl3wphvz.0.cs:32



/**********************************************/

The web.config file is the same as the one I'm using on the working servers.
There are other working .Net apps on the non-working server.
The app is pretty simple. I'm just receiving an XML stream from another web
site and running that into a datagrid.

I've seen lots of others with similar problems but none of the suggestions
from those threads seemed to work.

Any ideas or suggestions?

TIA

John S

 

[Steven Cheng[MSFT]]

Hi John,


Thank you for using Microsoft Newsgroup Service. Based on your description,
one of your ASP.NET web application runs well in working server. However,
when you moved it to a deploy server, you encountered the following
exception:
---------------------------------------------------------
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Security error.
---------------------------------------------------------

Please feel free to post here if my understanding is not quite correct.

As for the problem, it is most likely due the some security facts with the
web application. Would you have a try on the following steps:

1.Try creating a new very simple web application , just have a single page
and move it to the deploy server to see whether it can run well.

2.Since you said that your web application has some operations which access
another web application on a remove server(receiving an XML stream from
another web site ). Maybe you can try removing that operation and then run
the application again to see whether the problem remain.

3.If the problem goes away after step2. We can confirm that the problem is
due to the remote access operation. Would you provide some more information
on the operation you access the remote site and receiving XML stream? Since
there is a known issue on access remote share in ASP.NET, you may have a
look at the Knowlege base below to see whether it 'll help you:

http://support.microsoft.com/?id=320268

Please try the above suggestions. If you have any questions on them or if
you have any new findings, please also let me know.



Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[John Stemper]

Steven,
Thanks for your help. Here's what happened since the last email.

1. Simple app. Worked fine.

2. Removed all code from main page in question on the non-working app. Same
error.
Also rem'd out just the line that made the call to get the XML data on
the remote server. Still got the error.

Any ideas???
Thanks

John

 

[John Stemper]

FYI

I also removed all references to Resource files and th Resource manager.
Still got the error.


J

 

[John Stemper]

Here is a copy of my web.config file

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="KnowWhereURL" value="http://CM.know-where.com/CM/cgi/selection" />
<add key="CareerQuestion_en" value="1,2,3,4" />
<add key="CareerQuestion_sp" value="" />
<add key="ReturnQuantity" value="5" />
<add key="Subject" value="text goes here." />
<add key="DefaultAddress" value="(e-mail address removed)" />
<add key="SMTPServer" value="127.0.0.1" />
<add key="EnableMail" value="false" />
</appSettings>
<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>


John

 

[Steven Cheng[MSFT]]

Hi John ,


Thank you for using Microsoft Newsgroup Service. Based on your tested
result, the problem is mainly focus on the certain web application. Also
the web.config file you provided doesn't have anything particular which
seems to cause the problem. I still think that the problem is concerned
with something on the code access security. So would you have a further
check to see whether there is any other particular code access , such as
access to a remote resource. Also, have you referenced some certain
assemblies which has some certain operations that will cause the access
permission problem? If you're not quite sure on this, you may still try my
former suggestion, check all the references step by step,just to minimize
the web application so as to repro the problem with the smaller scope.

Please check out the preceding suggestions. In the meantime, if you have
any new findings, please also let me know.


Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Steven Cheng[MSFT]]

Hi John,


Have you had a chance to try my suggestion or have you got any progress on
our issue? Please feel free to post here
if you need any help.

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[John Stemper]

Steven,

I've started stepping through some of the suggestions you have given. I do
not have any references out of the ordinary (ie. System.xxx). I have rem'd
out the code that deals with accessing the remote http stream. That did not
seem to make a difference.

Anyway I'm continuing to go through the code step by step to see if I can
narrow the problem down to a specific function/method.

Thanks

John

 

[Steven Cheng[MSFT]]

Hi John,


Thanks for your response. I'll keep on waiting for your latest progress. If
you need any assistance, please feel free to let me know.


Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[John Stemper]

Rebuilt from scratch, works fine. Go figure.