14

This is one of those 'works locally, doesn't work on the server' posts.

I have a simple contact form that sends an email. On the server, I get the following exception:

 Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy.  To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the
permission of type 'System.Net.Mail.SmtpPermission, System, Version=4.0.0.0, 
Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:
[No relevant source lines]

The host was unable to give me code or an SMTP client that will work for sending SMTP messages from the web server. So I need to find an alternate way to send them that will make my web server happy with a constrictive security policy.

Here's the source code:

private void SendMessage (string returnAddress, string textSubject, string messageText)
    {
        config config = new config();

        System.Net.Mail.MailMessage message = new System.Net.Mail.MailMessage();

        message.To.Add(config.toEmailAddress);
        message.Subject = "Website Contact Form Message: " + textSubject;
        message.From = new System.Net.Mail.MailAddress(returnAddress);
        message.Body = messageText;

        message.IsBodyHtml = false;

        System.Net.Mail.SmtpClient smtp = new System.Net.Mail.SmtpClient("smtp.naturalcarpetcompany.com");
        smtp.Credentials = new System.Net.NetworkCredential(config.fromEmailAddress, config.fromEmailPassword);
        smtp.Port = 587;

        try
        {
            smtp.Send(message);
        }
        catch (Exception ex)
        {
            Exception ex2 = ex;
            string errorMessage = string.Empty;
            while (ex2 != null)
            {
                errorMessage += ex2.ToString();
                ex2 = ex2.InnerException;
            }
            HttpContext.Current.Response.Write(errorMessage);
        }
    }
RyanJMcGowan
  • 1,485
  • 1
  • 15
  • 33
  • 1
    This is a code access problem. It looks like your host has specifically taken away the permissions you need to access SMTP. – vcsjones Aug 16 '12 at 18:05
  • @vcsjones yeah, so is there a way to send smtp that doesn't require a high permission level? – RyanJMcGowan Aug 16 '12 at 18:07
  • Hard to say without knowing what else that host has limited you from doing. That removed that access intentionally, so any work arounds they probably removed permission to do so, too. This is something you will probably need to work with your hosting provide with. – vcsjones Aug 16 '12 at 18:08
  • They have the trust level set to Low or Medium. Not sure which. They can't give me a higher level because it's a shared server. – RyanJMcGowan Aug 16 '12 at 18:09

2 Answers2

21

A low security level doesn't allow you to specify the smtp port. Default is port 25. Although my ISP specifies port 587, I can use port 25 and it works fine.

RyanJMcGowan
  • 1,485
  • 1
  • 15
  • 33
10

I had a similar problem I simply added the following code in the Web.config file and it worked for me

<configuration>
  <system.web>
    .....
    <trust level="Full" originUrl=""/>
  </system.web>
</configuration>

I was facing this issue on my Shared Hosting Server. The error was coming up while trying to create an object of SMTP client and then assigning it a port number. Increasing trust level worked pretty well for me. I just elaborated details to make sure it helps some one else too. really appreciate the solution ! As I was unable to comment hence just thanked here the original author.

The Dark Knight
  • 5,455
  • 11
  • 54
  • 95
Aditya
  • 395
  • 6
  • 18
  • This wasn't an option for me as the site I was working on was a shared server and had medium trust level. – RyanJMcGowan Sep 14 '13 at 07:42
  • I also added port and enablessl before it worked. – yogihosting Jan 12 '16 at 14:57
  • I had the exact same issue as the OP, but I added this line in the web.config but then I got a new exception. Something about sockets which I think is related to SQL. My website doesnt use sql so Im not sure where to go from here. If I remove that line of trust level, then I get the original error mesage the OP posted. Any advice? – user2903379 Jan 20 '18 at 12:53