0

I deleted and recreated the subdomain for an ASP.Net site. I then uploaded the files, but when I go and open a browser, I get a security exception that states that I have to modify the application's configuration file to grant trust. Sadly, the error message does not say the file that caused the issue, the trust that is a problem, or anything that I can see.

Here is what I see:

Server Error in '/' Application.

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. 

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error: 


[No relevant source lines]

Source File: App_Web_iqeawexe.0.cs    Line: 0 

Stack Trace: 


[SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap, StackCrawlMark& stackMark) +31
   System.Security.CodeAccessPermission.Demand() +46
   System.Reflection.RuntimeAssembly.VerifyCodeBaseDiscovery(String codeBase) +118
   System.Reflection.RuntimeAssembly.GetName(Boolean copiedName) +69
   System.Reflection.Assembly.GetName() +12
   DevExpress.Web.ASPxClasses.Internal.HttpUtils.<get_DXValidatorType>b__0(Assembly i) +9
   System.Linq.WhereArrayIterator`1.MoveNext() +55
   System.Linq.Enumerable.FirstOrDefault(IEnumerable`1 source) +4216052
   DevExpress.Web.ASPxClasses.Internal.HttpUtils.get_DXValidatorType() +120
   DevExpress.Web.ASPxClasses.Internal.HttpUtils.GetValueFromRequest(HttpRequest request, String key, Boolean skipValidation) +25
   DevExpress.Web.ASPxClasses.Internal.HttpUtils.GetValueFromRequest(String key, Boolean skipValidation) +60
   DevExpress.Web.ASPxClasses.Internal.MvcUtils.get_CallbackName() +79
   DevExpress.Web.ASPxClasses.Internal.RenderUtils.IsAnyCallback(Page page) +51
   DevExpress.Web.ASPxClasses.Internal.ResourceRegistrator.EnsureResourcesSynchronized(Page page) +55
   DevExpress.Web.ASPxClasses.Internal.ResourceRegistrator.RegisterResource(Page page, ResourceData resource, Boolean useStandardRegistration) +19
   DevExpress.Web.ASPxClasses.ASPxWebControl.RegisterHoverIncludeScripts() +84
   DevExpress.Web.ASPxClasses.ASPxWebControl.RegisterClientIncludeScripts() +72
   DevExpress.Web.ASPxClasses.ASPxWebControl.OnPreRender(EventArgs e) +96
   DevExpress.Web.ASPxClasses.ASPxDataWebControlBase.OnPreRender(EventArgs e) +32
   System.Web.UI.Control.PreRenderRecursiveInternal() +103
   System.Web.UI.Control.PreRenderRecursiveInternal() +175
   System.Web.UI.Control.PreRenderRecursiveInternal() +175
   System.Web.UI.Control.PreRenderRecursiveInternal() +175
   System.Web.UI.Control.PreRenderRecursiveInternal() +175
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +8431
   System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +253
   System.Web.UI.Page.ProcessRequest() +78
   System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +21
   System.Web.UI.Page.ProcessRequest(HttpContext context) +49
   ASP.default_aspx.ProcessRequest(HttpContext context) in App_Web_iqeawexe.0.cs:0
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +100
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

Thoughts?

JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
Sarah Weinberger
  • 15,041
  • 25
  • 83
  • 130
  • Are you running on medium trust? – SLaks Jul 14 '13 at 18:53
  • I think so that I am in medium trust. I am in a shared hosting environment, so it is whatever that yields. I think that I remember from previous correspondence with the web host provider that that is true. Interestingly enough, the site used to work nicely. The computer crashed last week that they hosted my account on. They rebuilt things, but used an old version of a backup, whatever. I decided the easiest way was to delete the subdomain, recreate the subdomain, and upload the files again. That action, however, still yielded the same error message. – Sarah Weinberger Jul 14 '13 at 19:08
  • I do know that I am not allowed "full trust" in a shared hosting environment and that the site was working fine. It is possible that when the web host provider rebuilt the machine that they changed the trust level and made it more restrictive than what ASP.Net / DevExpress likes. I do not know which component actually causes the failure. The stack trace was not clear to me. – Sarah Weinberger Jul 14 '13 at 19:09
  • I will contact the web hosting company and get their input. – Sarah Weinberger Jul 14 '13 at 19:46
  • Note that Medium Trust is not very secure and has been deprecated by Microsoft. Send them a link to http://stackoverflow.com/a/17218344/34397 (by one of the devs on the ASP.Net security team) and http://support.microsoft.com/kb/2698981, and ask them to switch to more secure isolation. – SLaks Jul 14 '13 at 20:03
  • No solution yet, but I heard back from the web hosting company. They said, ".NET 4 runs under a customized Medium Trust security level. This domain is returning the following error: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. I would expect to see an error like this if your app is trying to access a file in a location outside of the app's document root.". – Sarah Weinberger Jul 15 '13 at 16:18
  • I tracked the issue down now to the use of a user control in a /Controls folder that I created. – Sarah Weinberger Jul 15 '13 at 18:17

1 Answers1

0

The problem turned out to be an defect in DevExpress release. The release posted on July 8th broke websites using Medium Trust model. They posted a hotfix.

Here is what DevExpress wrote me: "We have already fixed this issue in the context of the System.Security.Permissions.FileIOPermission exception after updating to DevExpress 2013.1.5 in Medium Trust environment ticket. I suggest that you download a fix and check whether or not the problem persists."

I was not expecting a big company to not do thorough testing, which is what made this bug hard to track down.

Sarah Weinberger
  • 15,041
  • 25
  • 83
  • 130