Tutorial :How to trace a ASP.NET Security Exception



Question:

How can I figure out what is actually causing the following error? The page is the same as other pages but for some reason only this page is having this error. It also only happens on the ISP (GoDaddy) who has a trust level of Medium and I can't set a breakpoint and try to catch it.

Server Error in '/' Application. Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

  Stack Trace:    [SecurityException: Request for the permission of type 'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]     System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0     System.Security.CodeAccessPermission.Demand() +59     System.IO.Path.GetTempPath() +54     hh.a(Int32 A_0, Boolean A_1, Boolean A_2) +20     jg.b(c A_0, UInt64 A_1) +234     ei.b(c A_0, UInt64 A_1) +18     jg.a(c A_0, UInt64 A_1, Boolean A_2) +61  

Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

If you have had this issue or just know how I can fix or trace it please add your answer. Trust level of Medium is required by the ISP.


Solution:1

Have you tried using a local instance of IIS and setting the trust level to medium? That would help you debug and try stuff a little quicker.

(And is a good habit to get into anyway. You want to test in an environment as close to production as possible. And the VS web server definitely has a few important differences that can get you if you don't test in IIS too.)


Solution:2

I don't believe GoDaddy supports Full trust - though that may have changed recently. The error is caused by the System.IO.Path.GetTempPath call, which requires EnvironmentPermission.

The call stack prior to that is obfuscated, so my guess is it's from a component vendor. Check for an update or fix for partial trust from them, or replace it.


Solution:3

Setting breakpoints in obfuscated, non-debug assemblies are hard. It will likely lead you nowhere.

Find out why the obfuscated component is trying to access the temp path.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »