Security Exception after saving settings

Topics: ASP.NET 2.0
Oct 19, 2007 at 12:22 PM
Edited Oct 19, 2007 at 4:14 PM
Hello

Only recently discovered BlogEngine but loving it!

I installed BlogEngine into my shared hosing account (with 1and1)
I removed the "trust" line from web.config and got my blog up and running

only weird thing is when i make a change to the settings, click save and then click the "go to front page" link i get an error (below) . However, if i refresh the page everything works fine until i change the settings again

Also i get the same thing when i click the "permalink" or comments link for a post though this doesn't happen everytime! how weird....

As i said i'm still pretty new and may be doing something stupid but would be interested to hear any thoughts?

Thanks
Andy


Server Error in '/andyparkes' Application.
--------------------------------------------------------------------------------

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:


Line 200:
Line 201: item.Request = (HttpWebRequest)WebRequest.Create(feedUrl);
Line 202: item.Request.Credentials = CredentialCache.DefaultNetworkCredentials;
Line 203:
Line 204: _Items.Add(item);


Source File: e:\kunden\homepages\46\d170964050\andyparkes\App_Code\Controls\Blogroll.cs Line: 202

Stack Trace:


SecurityException: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Net.CredentialCache.get_DefaultNetworkCredentials() +59
Controls.Blogroll.AddBlog(String name, String description, String feedUrl, String website, String xfn) in e:\kunden\homepages\46\d170964050\andyparkes\App_Code\Controls\Blogroll.cs:202
Controls.Blogroll.CreateList() in e:\kunden\homepages\46\d170964050\andyparkes\App_Code\Controls\Blogroll.cs:112
Controls.Blogroll.DisplayBlogroll() in e:\kunden\homepages\46\d170964050\andyparkes\App_Code\Controls\Blogroll.cs:83
Controls.Blogroll.Render(HtmlTextWriter writer) in e:\kunden\homepages\46\d170964050\andyparkes\App_Code\Controls\Blogroll.cs:33
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
ASP.themesdirtylicioussitemaster._RenderForm1(HtmlTextWriter __w, Control parameterContainer) in e:\kunden\homepages\46\d170964050\andyparkes\themes\Dirtylicious\site.master:49
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +2068235
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +24
System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer) +59
System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output) +68
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.HtmlControls.HtmlForm.RenderControl(HtmlTextWriter writer) +37
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +130
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +24
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +130
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +24
System.Web.UI.Page.Render(HtmlTextWriter writer) +26
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6953
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +154
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.defaultaspx.ProcessRequest(HttpContext context) in AppWeb_jgv0fzka.12.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +154
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64




--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.210
Coordinator
Oct 20, 2007 at 1:01 PM
that is the blogroll that throws causes that error in a medium trust environment that doesn't allow http requests. Most shared hosters run in medium trust but allows for http request. If you go in to the blogroll admin page and set the number of items to zero, then it will not perform http requests.
Oct 20, 2007 at 2:43 PM
Thanks for that...

I changed, the number of displayed items to 0, clicked save and the same thing happened when i clicked the "go to front page link"

Any other suggestions? Is there something i can ask my host (1and1) to do?
Oct 21, 2007 at 7:13 PM
After your suggestion i went back and had another look around...

I spotted that there are a default set of websites in the blogroll settings

Figured that even though i'd set it to "display 0" it possibly was still going ahead and doing the http request

Removed the default sites from the blogroll and haven't had a security exception since (though i thought i'd solved it before!)

Will give it a hammering and keep my fingers crossed

thanks for your help