Blog works but getting lots of security exceptions

Nov 21, 2007 at 8:44 PM
OK, I have my blog set up on 1and1's shared server. http://effortchurch.org/Blogengine.Net Nothing of consequence there yet. I'm still trying to figure out how this works.

I find that when I maneuver thru the blog, I often (1/4) get Security Exceptions of the form:
------
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

Line 200:
Line 201: item.Request = (HttpWebRequest)WebRequest.Create(feedUrl);
Line 202: item.Request.Credentials = CredentialCache.DefaultNetworkCredentials;
Line 203:
Line 204: _Items.Add(item);


Source File: e:\kunden\homepages\28\d211799512\BlogEngine.NET\App_Code\Controls\Blogroll.cs Line: 202
------

Generally, all of the information down to Source Error: is the same. Below that things change depending (apparently) on which is the source file causing the problem. So far I have Blogroll.cs and menu.ascx.cs as culprits.

Most of the time, when I refresh I get whatever page I was expecting and whatever I executed prior to the exception has been registered. Sometimes I have to refresh several times and occasionally it is as if the page gets stuck and never completes loading. (The exceptions come up very quickly, so if it is taking time, it is trying to pass.

Any idea whether this issue is caused by Blogengine or by 1and1?

-----Paul-----
Nov 26, 2007 at 8:27 PM
Well, I had a fairly lengthy discussion with 1and1 tech support. Apparently the error screens come from 1and1 ... but they say it is because BE is doing something to TRUST and, since that is not allowed on a shared server, there is nothing they can do. No response to question as to why it only happens sometimes and why a refresh is allowed to go thru.

Does this happen on any other service? CAn anyone suggest a workaround?

-----Paul-----
Coordinator
Nov 26, 2007 at 8:56 PM
Did you remove "trust level="High"" from web.config? This often set in machine.config to "medium" in hosting environments and can mess things up, you need to get rid of this line.
Nov 27, 2007 at 12:57 AM
Ah, yes. It wouldn't run at all with the trust level line in it. I read some of the GoDaddy writeups and deleted the line. So now it works > 50 percent of the time. But the error messages really foul up the usability. The blog is at http://effortchurch.org/BlogEngine.net if you would like to experience it for yourself.

-----Paul-----
Jan 3, 2008 at 12:21 PM
Did you fix this issue? Your site seems to work ok. I am having the same issue :( Any help would be appreciated.

Cheers,
Jan 3, 2008 at 4:07 PM
No, I still get the same errors about 1/4 accesses. A rep from the ISP sent me a note saying it was working fine but it doesn't work for me. I finally gave up and used a wordpress.com blog. I'll probably switch from MS hosting to linux when I get the chance.

-----Paul-----
Jan 8, 2008 at 10:15 AM
I have come across the same issue.

The code itself does not seem that critical, it adds something to an RSS feed.

Anyway my temp solution is putting a try catch around this section in \app_code\controls\blogroll.cs

try
{
item.Request = (HttpWebRequest)WebRequest.Create(feedUrl);
item.Request.Credentials = CredentialCache.DefaultNetworkCredentials;


_Items.Add(item);

item.Request.BeginGetResponse(ProcessRespose, item);

}
catch {}

At least they can then see the site and I can't actually notice what disappears.
Jan 30, 2008 at 7:43 PM
Edited Jan 30, 2008 at 7:44 PM


Adam wrote:
I have come across the same issue.

The code itself does not seem that critical, it adds something to an RSS feed.

Anyway my temp solution is putting a try catch around this section in \app_code\controls\blogroll.cs

try
{
item.Request = (HttpWebRequest)WebRequest.Create(feedUrl);
item.Request.Credentials = CredentialCache.DefaultNetworkCredentials;


_Items.Add(item);

item.Request.BeginGetResponse(ProcessRespose, item);

}
catch {}

At least they can then see the site and I can't actually notice what disappears.


this worked for me, however, to keep from dropping the blog role call i try...catch{} on the request credentials part:


item.Request = (HttpWebRequest)WebRequest.Create(feedUrl);
try
{
item.Request.Credentials = CredentialCache.DefaultNetworkCredentials;
}
catch{}

_Items.Add(item);


item.Request.BeginGetResponse(ProcessRespose, item);

}

Jan 13, 2009 at 12:15 AM
Edited Jan 13, 2009 at 12:30 AM
i wrote a solution but i take it back, the problem was not fitting to yours...

By the way FU.K ISREAL...!