Security Critical Method constructor error with MVC 5

Question

I've been trying to get an MVC 5 web application running on a server. It has not been a good day :-(

The server is Windows Server 2008. I have installed NET Framework 4 and NET Framework 4.5. I spent ages trying to get past a really weird 403 Access Forbidden error before discovering that adding this attribute gets the site loading.

<modules runAllManagedModulesForAllRequests="true">

I am now getting an error within an internal constructor that seems to be called before my Application_Start method. I am using the Membership Database, since I've upgraded an MVC 3 project to MVC 5. I mention this since I've seen a few questions on SO where people have encountered this problem using OpenAuth.

From what I've read the problem is connected to the security model changing. This question is one such example.. However, the AllowPartiallyTrustedCallersAttribute is not available in MVC 5.

I've ran the project successfully on my local machine but pushing it to a server is looking a touch tricky. I suspect there is something not quite right with the set up on the server but I'm at a bit of a loss now to guess what.

EDIT

The problem is with the recommended version of System.Web.WebPages. If I comment that out in my web.config then the project runs. It doesn't look as nice as it should be it definitely runs! I've going to try and install this web app on a server running Windows 2008 R2 Datacentre. I'll post my results.

  <dependentAssembly>
    <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
    <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
  </dependentAssembly>

Answer 1

Make sure you follow, completely, the instructions for upgrading you site to MVC5. I had this same issue until I followed these instructions: http://www.asp.net/mvc/tutorials/mvc-5/how-to-upgrade-an-aspnet-mvc-4-and-web-api-project-to-aspnet-mvc-5-and-web-api-2.

Answer 2

The fix that worked for me was to remove System.Web.WebPages. I was only using in my application because I was using TagBuilder in one class. I can use strings and string.Format instead and now I have an application that works.

I installed my app on a Windows 2008 R2 DataCentre server and encountered the same problem. The fix was the same remove System.Web.WebPages.

Seems bizarre that a DLL with a name that sounds so fundamental doesn't work and can be discarded.

EDIT

My NUnit tests on my build server didn't like the missing DLL, although running them locally on my machine showed no problems at all. The solution was to add the DLL to my test project. I suspect some of my problems are to do with TeamCity not being quite up to date with Visual Studio 2013.

EDIT I have found a better fix to this solution which does not involve removing the System.Web.WebPages DLL. I'll post the answer soon.

Answer 3

To fix this problem there were two steps: first remove Nuget packages that came with the default set up but which I was not using. These included Owin, Microsoft.Owin and various others connected with Identity. The only package I needed was Microsoft.AspNet.Identity.Core because I am using User.Identity.Name.

The second step was to exclude those files that used the packages: these were the AccountController, Startup.cs and Startup.Auth.cs in the App_Start folder. I think these files are necessary if using the newer versions of Authenticaion but as I am using the old MembershipProvider they are not necessary for me.