Security Exception in BE 1.4.5 (fresh deployment)

Topics: ASP.NET 2.0
Aug 3, 2008 at 6:34 PM
I was waiting for 1.4.5 coz of a security exception I was getting in 1.4 when I tried hosting at my webhost.
Finally when 1.4.5 came in...I notice some weird behaviour. Occassionally I get this error :

Server Error in '/' Application.

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

[No relevant source lines]

Source File: App_Web_r60rydsd.0.cs    Line: 0

Stack Trace:

[SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint) +147
System.Net.HttpRequestCreator.Create(Uri Uri) +26
System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase) +298
System.Net.WebRequest.Create(String requestUriString) +81
Controls.Blogroll.AddBlog(String name, String description, String feedUrl, String website, String xfn) +146
Controls.Blogroll.CreateList() +447
Controls.Blogroll.DisplayBlogroll() +257
Controls.Blogroll.Render(HtmlTextWriter writer) +59
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
ASP.widgets_blogroll_widget_ascx.__Render__control1(HtmlTextWriter __w, Control parameterContainer) in App_Web_r60rydsd.0.cs:0
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
WidgetBase.Render(HtmlTextWriter writer) +808
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
Controls.WidgetZone.Render(HtmlTextWriter writer) +44
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
ASP.themes_standard_site_master.__Render__control5(HtmlTextWriter __w, Control parameterContainer) in c:\domains\blog.sashidharkokku.com\wwwroot\themes\Standard\site.master:35
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer) +59
System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output) +68
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.HtmlControls.HtmlForm.RenderControl(HtmlTextWriter writer) +37
ASP.themes_standard_site_master.__Render__control1(HtmlTextWriter __w, Control parameterContainer) in c:\domains\blog.sashidharkokku.com\wwwroot\themes\Standard\site.master:23
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +98
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Control.Render(HtmlTextWriter writer) +7
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) +199
System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +20
System.Web.UI.Page.Render(HtmlTextWriter writer) +26
BlogEngine.Core.Web.Controls.BlogBasePage.Render(HtmlTextWriter writer) in BlogBasePage.cs:329
System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) +25
System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) +121
System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +22
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +7350
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.default_aspx.ProcessRequest(HttpContext context) in App_Web_babbqta8.4.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +358
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64


Version Information: Microsoft .NET Framework Version:2.0.50727.1434; ASP.NET Version:2.0.50727.1434
<!-- [SecurityException]: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) at System.Security.CodeAccessPermission.Demand() at System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint) at System.Net.HttpRequestCreator.Create(Uri Uri) at System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase) at System.Net.WebRequest.Create(String requestUriString) at Controls.Blogroll.AddBlog(String name, String description, String feedUrl, String website, String xfn) at Controls.Blogroll.CreateList() at Controls.Blogroll.DisplayBlogroll() at Controls.Blogroll.Render(HtmlTextWriter writer) at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer) at ASP.widgets_blogroll_widget_ascx.__Render__control1(HtmlTextWriter __w, Control parameterContainer) in c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\15bc1c47\ad654845\App_Web_r60rydsd.0.cs:line 0 at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) at System.Web.UI.Control.Render(HtmlTextWriter writer) at WidgetBase.Render(HtmlTextWriter writer) at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer) at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) at System.Web.UI.Control.Render(HtmlTextWriter writer) at Controls.WidgetZone.Render(HtmlTextWriter writer) at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer) at ASP.themes_standard_site_master.__Render__control5(HtmlTextWriter __w, Control parameterContainer) in c:\domains\blog.sashidharkokku.com\wwwroot\themes\Standard\site.master:line 35 at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) at System.Web.UI.HtmlControls.HtmlForm.RenderChildren(HtmlTextWriter writer) at System.Web.UI.HtmlControls.HtmlForm.Render(HtmlTextWriter output) at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.HtmlControls.HtmlForm.RenderControl(HtmlTextWriter writer) at ASP.themes_standard_site_master.__Render__control1(HtmlTextWriter __w, Control parameterContainer) in c:\domains\blog.sashidharkokku.com\wwwroot\themes\Standard\site.master:line 23 at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) at System.Web.UI.Control.Render(HtmlTextWriter writer) at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer) at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children) at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) at System.Web.UI.Page.Render(HtmlTextWriter writer) at BlogEngine.Core.Web.Controls.BlogBasePage.Render(HtmlTextWriter writer) in D:\Workspace\Code\BlogEngine.NET\BlogEngine.NET_1.4.5_(source)\BlogEngine.Core\Web\Controls\BlogBasePage.cs:line 329 at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter) at System.Web.UI.Control.RenderControl(HtmlTextWriter writer) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.default_aspx.ProcessRequest(HttpContext context) in c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\15bc1c47\ad654845\App_Web_babbqta8.4.cs:line 0 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) --><!-- This error page might contain sensitive information because ASP.NET is configured to show verbose error messages using <customErrors mode="Off"/>. Consider using <customErrors mode="On"/> or <customErrors mode="RemoteOnly"/> in production environments.-->



If i refresh the page , everything comes back fine....no errors anymore. This behavior is not consistent. Any help would be appreciated.

To see it in action , check out http://blog.sashidharkokku.com


Thanks,
Sashidhar Kokku
Aug 5, 2008 at 2:40 AM
Try adding this work around in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG (assuming default .net installation)

<ipermission>
class=”WebPermission”
version=”1″
Unrestricted=”true”>
</ipermission>

Aug 5, 2008 at 3:36 PM
to which file in the config folder should i add this?

Thanks,
Sashidhar Kokku
Aug 5, 2008 at 7:14 PM
Sorry, the C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web_minimaltrust.config
Aug 5, 2008 at 9:53 PM
@alex: Changes are he is publishing to his hosting provider so he cannot change web_minimaltrust.config

@sashid...: Who is your hosting provider? Is it GoDaddy.com? I've heard that they block WebRequests from their web servers. If that is the case, then you may be in trouble.

[See: This thread (@ DNN forums)]
Aug 6, 2008 at 3:02 AM
I doubt he's hosting ... D:\Workspace\Code\BlogEngine.NET\BlogEngine.NET_1.4.5_(source)\BlogEngine.Core\Web\Controls\BlogBasePage.cs

He might be though... In that case he needs to find a different host, modern blogging applications need to be network enabled.
Aug 6, 2008 at 3:34 AM
Weird...I was looking at: c:\domains\blog.sashidharkokku.com\wwwroot\themes\Standard\site.master

I did a whois on his domain, it is registered through godaddy, don't know if it is hosted there or not...
...ok i did a little more poking around and it looks like it is hosted by aspnix.com...
Aug 6, 2008 at 12:55 PM
Joe : Yeah.....hosted on aspnix.com
I really doubt if they will agree to change the trust level (via web_minimaltrust.config) on their systems.
Is there anything else I can do?


Thanks,
Sashidhar Kokku
Aug 6, 2008 at 4:26 PM
Well, if you can live without a blogroll get rid of that widget, thats a start. I don't remember off-hand what else uses WebRequest.

You can also beg ASPnix to change your account to Medium trust. I'm not sure really what else you can do, there is no way they are going to modify web_minimaltrust.config.
Aug 7, 2008 at 10:20 PM
Edited Aug 7, 2008 at 10:21 PM
Like I said, I might be wrong....

In any case there is more than on way to skin a cat.  Do they allow you to call XmlDocument.Load()? How about opening a socket or tcpclient?  can you use createobject for winhttp or an xml web request?...
Sep 1, 2008 at 9:23 PM
I have installed the latest version as well. (1.4.5)
I will try and see if I can ask the hosting providers to elevate my app to medium trust. Is there any other way I can work around the security exception?

Thanks in advance,


Sk