Request for the permission of type 'System.Security.Permissions.FileIOPermission' failed.

Feb 2, 2008 at 1:06 PM
I've been updating my blog and all was working fine until this morning when I went to my site I got (and still get) the following.

http://www.farseergames.com/blog/

Thing is, I haven't touched my site since the time it was last working till now. I don't know why it all of a sudden started throwing this error.

Can someone point me in the right direction to correct this?

-Jeff Weber

Feb 2, 2008 at 1:13 PM
Edited Feb 2, 2008 at 1:24 PM
Well, I just went and tried again and the error is gone.

Looking at other posts, it seems this error can be intermittent. If continue to hit refresh on my blog site I will quite frequently get this error.

I'm also occasionally losing all my formatting. The site comes up as though no css has been applied.

Here is what the error was:

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:


Line 17: private void BindMenu()
Line 18: {
Line 19: foreach (SiteMapNode adminNode in SiteMap.Providers"SecuritySiteMap".RootNode.ChildNodes)
Line 20: {
Line 21: if (adminNode.IsAccessibleToUser(HttpContext.Current))


Source File: d:\Inetpub\farseergames\blog\admin\menu.ascx.cs Line: 19

Stack Trace:


SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.IO.Path.GetFullPath(String path) +98
System.Web.Util.FileUtil.IsSuspiciousPhysicalPath(String physicalPath, Boolean& pathTooLong) +50
System.Web.Util.FileUtil.IsSuspiciousPhysicalPath(String physicalPath) +23
System.Web.CachedPathData.GetConfigPathData(String configPath) +465
System.Web.CachedPathData.GetConfigPathData(String configPath) +243
System.Web.CachedPathData.GetConfigPathData(String configPath) +243
System.Web.CachedPathData.GetConfigPathData(String configPath) +243
System.Web.CachedPathData.GetConfigPathData(String configPath) +243
System.Web.CachedPathData.GetVirtualPathData(VirtualPath virtualPath, Boolean permitPathsOutsideApp) +132
System.Web.HttpContext.GetPathData(VirtualPath path) +3486150
System.Web.Security.UrlAuthorizationModule.IsUserAllowedToPath(HttpContext context, VirtualPath virtualPath) +132
System.Web.UI.Util.IsUserAllowedToPath(HttpContext context, VirtualPath virtualPath) +101
System.Web.SiteMapProvider.IsAccessibleToUser(HttpContext context, SiteMapNode node) +367
System.Web.SiteMapNode.IsAccessibleToUser(HttpContext context) +14
System.Web.StaticSiteMapProvider.GetChildNodes(SiteMapNode node) +348
System.Web.SiteMapNode.get_ChildNodes() +23
admin_menu.BindMenu() in d:\Inetpub\farseergames\blog\admin\menu.ascx.cs:19
adminmenu.PageLoad(Object sender, EventArgs e) in d:\Inetpub\farseergames\blog\admin\menu.ascx.cs:14
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +15
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +34
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +47
System.Web.UI.Control.LoadRecursive() +131
System.Web.UI.Control.LoadRecursive() +131
System.Web.UI.Control.LoadRecursive() +131
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +6978
System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.defaultaspx.ProcessRequest(HttpContext context) in AppWeb_-1wgkg0o.4.cs:0
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +303
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64


Feb 2, 2008 at 1:35 PM
More follow up.

I used the Try-Catch fix mentioned here:

http://www.codeplex.com/blogengine/Thread/View.aspx?ThreadId=19881

However, this seems like a bad hack to get around the underlying issue. I'd still like to fix/understand the root cause.
Feb 2, 2008 at 3:12 PM
Checked right now, no error but also no CSS theme at all. Just unformatted text.
However, if I click on an actual post - it throws the error indeed.

The error looks identical to the one posted by 1&1 and Hosting Department customers.
Feb 2, 2008 at 3:31 PM
Edited Feb 2, 2008 at 3:39 PM
Well then it looks like my try-catch "fix" didn't work after all.

I'm currently hosted by http://www.crystaltech.com

It is very crucial that I get this fixed any other ideas are very welcome.

<edit>

Looks like the intermittent error you get when clicking into the actual post is similar but different which means the try-catch may still be working. Here is the error message that occurs off an on when going to a specific post:

Server Error in '/blog' Application.
--------------------------------------------------------------------------------

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.IO.Path.GetFullPath(String path) +98
System.Web.Util.FileUtil.IsSuspiciousPhysicalPath(String physicalPath, Boolean& pathTooLong) +50
System.Web.Util.FileUtil.IsSuspiciousPhysicalPath(String physicalPath) +23
System.Web.CachedPathData.GetConfigPathData(String configPath) +465
System.Web.CachedPathData.GetConfigPathData(String configPath) +243
System.Web.CachedPathData.GetConfigPathData(String configPath) +243
System.Web.CachedPathData.GetVirtualPathData(VirtualPath virtualPath, Boolean permitPathsOutsideApp) +132
System.Web.HttpContext.GetFilePathData() +27
System.Web.HttpContext.GetConfigurationPathData() +26
System.Web.HttpRequest.get_ContentEncoding() +198
System.Web.HttpRequest.FillInQueryStringCollection() +287
System.Web.HttpRequest.set_QueryStringText(String value) +58
System.Web.HttpRequest.InternalRewritePath(VirtualPath newPath, String newQueryString, Boolean rebaseClientPath) +79
System.Web.HttpContext.RewritePath(String path, Boolean rebaseClientPath) +173
BlogEngine.Core.Web.HttpModules.UrlRewrite.RewritePost(HttpContext context) in UrlRewrite.cs:93
BlogEngine.Core.Web.HttpModules.UrlRewrite.context_BeginRequest(Object sender, EventArgs e) in UrlRewrite.cs:59
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64




Jeff
Feb 16, 2008 at 8:32 AM
Hi Jeff,

What's the latest development about the security errors on your blog?

If you're still experiencing these issues and interested to try a workaround,
you could try my slightly modified .DLL which resolved 1&1 issues.

Maybe it works for CrystalTech as well?

Best regards,
Mike