SQL data connection through Web Service

[Benjamin Bloom]

Hi,

I'm pretty new to .NET, and even more new to Web Services. I've written
a few stand-alone apps that successfully interact with a database,
though, and I'm now puzzled.

I have a web service running on my machine (for now) and a Windows app
that calls a WebMethod from that service. Whenever I call a method that
interacts with a database, I get the following error:

An unhandled exception of type
'System.Web.Services.Protocols.SoapException' occurred in
system.web.services.dll

Additional information: System.Web.Services.Protocols.SoapException:
Server was unable to process request. --->
System.Security.SecurityException: Request for the permission of type
System.Data.SqlClient.SqlClientPermission, System.Data,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
at
System.Security.CodeAccessSecurityEngine.CheckHelper(PermissionSet
grantedSet, PermissionSet deniedSet, CodeAccessPermission demand,
PermissionToken permToken)
at System.Security.CodeAccessSecurityEngine.Check(PermissionToken
permToken, CodeAccessPermission demand, StackCrawlMark& stackMark, Int32
checkFrames, Int32 unrestrictedOverride)
at
System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap,
StackCrawlMark& stackMark)
at System.Security.CodeAccessPermission.Demand()
at
System.Data.SqlClient.SqlConnectionString.Demand(SqlConnectionString constr)
at System.Data.SqlClient.SqlConnection.Open()
at Macgregor.DataExtractService.DataExtractor.testDB()

The state of the failed permission was:
<IPermission class="System.Data.SqlClient.SqlClientPermission,
System.Data, Version=1.0.5000.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
AllowBlankPassword="False">
<add ConnectionString="user id=sa;initial catalog=northwind;data
source=Central;Connect Timeout=30;Trusted_Connection=Yes"
KeyRestrictions=""
KeyRestrictionBehavior="AllowOnly"/>
</IPermission>

--- End of inner exception stack trace ---


Yet if I copy the method to the stand alone Windows app, I can execute
it just fine. I assume this is a configuration error, and not a code
error. What am I missing?

Thanks.
-Ben

 

[Angel Saenz-Badillos[MS]]

What you seem to be missing is Code Access Security, CAS is somewhat hard to
explain in a couple of lines so I encourage you to look at the documentation
online for this.

Bottom line is that ADO.NET assemblies require Full Trust, when you execute
the application locally you are running under your account that has full
trust permissions and the application runs fine. When you try execute
through the webservice you don't have full trust permissions and we will
throw a CAS exception.

You can repro with your standalone app as follows:
In a separate machine make a share
copy your application to this share.
From your main machine try to run your standalone app from the other
computer's share.
You will get a CAS exception since another computer's share does not have
full trust.

Hope this helps,

 

[Benjamin Bloom]

Thanks, I did eventually figure out my problem, but the answer was a
total surprise.

I experienced some other CAS problems with another app and subsequently
found an article on strong names and trust. It solved that problem, but
would no solve my web service problem.

As it turns out, I was running the web service on a web server that
looked to a ClearCase share as its root directory. For this reason, IIS
didn't give the application Full Trust, but a lower level (Intranet?)
What I find curious is that I attempted to bump all zones up to full
trust - wouldn't that have enabled the code to run no matter what?

When I redirected the share to a local drive, the service ran without
error and I was able to complete my project.

I should probably spend some time looking at .NET security. Anyone have
any good resources; books, sites, tutorials, etc?

Thanks.