Security Exception in Medium Trust on Blogroll.cs (1.4.5)

Topics: ASP.NET 2.0
Feb 1, 2009 at 1:03 AM

Hello!

 

I have tried to self-resolve by searching existing posts, but none are an exact match, so now I’m posting here as a new issue.  I have a new install of BE 1.4.5 using SQL, running in IIS7 on Windows Server 2008 Ent x86 with Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053.

 

My issue is very similar to Issue Tracker Work Item # 6704 which is listed as fixed.  However, my issue is specific to the blogroll.cs file and the Try/Catch configuration recommended on this posting does not resolve.  You can see an image of my exact error from the 6704 Comment I made last week here:  My Security Exception Error Screenshot.
 

I continued my research and found a Discussion Post from 2 weeks ago that is also very similar but not an exact match.  Post Thread ID 44104 has the exact same source file and line error Blogroll.cs Line 199 “item.Request = (HttpWebRequest)WebRequest.Create(feedUrl);” but his error is Invalid URI, while mine is still Security Exception.  However, I did BenAmada’s suggestion of removing all the RSS feeds in my Blogroll and this does stop the error.  That’s a bust on functionality, but now we’re tracking a cause/effect.  Keep in mind this is even the case with the pre-loaded blogroll entries that come with the 1.4.5 install.

 

So continuing to investigate/search, I found another Issue Tracker Work Item #6622 which has the same kind of error, but the source is related to Profiles, and has suggestions to modifying the Trust settings.  Since my profiles are working (set to SQL thanks to Al Nyveldt) so it makes me question whether these settings will resolve either.  My server is internal Development box (not 3<sup>rd</sup> party host like GoDaddy or 1and1), but I would still question the requirement to set the entire IIS to Medium Trust just like those 3<sup>rd</sup> Party hosting providers if I plan to move the BE site to a production box with other apps L.  I did change the .NET Trust level for the server to Medium according to this TechNet article, but I did not make the modifications to the BE web.config described in Work Item #6622… because I’m unsure they are relevant, and so even at Server Medium Trust the error is still present whenever a Blogroll entry exists, first page load coming in from an outside link or after making any posting to the site (admin change, comment, anything).

 

To be clear, removing all Blogroll entries makes the problem stop, so that makes me think the issue is there in the blogroll.cs file, and not the Security Exception?  If anyone has some insight, it is greatly appreciated.  Again, here’s a screenshot image of my error (Link: http://www.codeplex.com/Project/Download/AttachmentDownload.ashx?ProjectName=blogengine&WorkItemId=6704&FileAttachmentId=2674).


All assistance is appreciated! 

 

Coordinator
Feb 1, 2009 at 1:21 AM
This definitely does look like a medium trust issue ... which I don't know much about myself.  But, I'd definitely try modifying your web.config file.  Some of the changes mvervoort suggests in issue 6622 look pretty good.  In particular, this line:

<trust level="Medium" originUrl=".*"/>

is also suggested on this messageboard and it seemed to solve the person's problem.  That looks like it still allows your web application to conform to medium trust security, but would hopefully allow the WebRequest.Create() function to work.
Feb 21, 2009 at 4:57 AM
FYI, I have resolved the Security Exception issue with blogroll.cs as posted here.  It was the settings listed in Work Item #6622 that resolved with the <trust level="Medium" originUrl=".*"/> setting.

I do have a remaining (possibly unrelated) issue with posting comments.  I have started a new thread on this - Thread ID 48068 - to try to get that working... hopefully it is something different and not still security related?

Thanks again!