2

I've created an asp.net Web Forms site with Visual Studio 2013. Scripts and pages are generated automatically by VS 2013. The problem is that the website doesn't work with the .Net trust level "Medium". It reqires "Full" level.

With the "Medium" Level it throws an error:

The application attempted to perform an operation not allowed by the security policy.  To grantthis application the required permission please contact your system administrator or change the application's trust level in the configuration file. 

 [SecurityException: Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Delegate.DelegateConstruct(Object target, IntPtr slot) +0
Owin.Loader.DefaultLoader..ctor(Func`3 next, Func`2 activator, IEnumerable`1 referencedAssemblies) +69
Microsoft.Owin.Host.SystemWeb.OwinBuilder.GetAppStartup() +65
Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint() +28
System.Threading.LazyInitializer.EnsureInitializedCore(T& target, Boolean& initialized, Object& syncLock, Func`1 valueFactory) +115 

Microsoft.Owin.Host.SystemWeb.OwinHttpModule.Init(HttpApplication context) +106
System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +418
System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +172
System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +336
System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +296

I understand that the issue is related to the IIS trust level.

My questions are

  1. Is there a way around to make the website work with trust level "Medium". The reason is that my host sharing server doesn't allow Full trust.

  2. How to trace the script that is causing this error behavior.

Thank you in advance....

Gloria
  • 1,305
  • 5
  • 22
  • 57

1 Answers1

4

Medium Trust is dead. We (the ASP.NET team) no longer support it going forward: our recent frameworks like SignalR, MVC 5, Web API 2, Friendly URLs, and the Katana stack all mandate the use of Full Trust. See https://stackoverflow.com/a/17218344/59641 for more information.

You have a few options at your disposal:

  • Contact your host and ask them to move your site to Full Trust. KB2698981 gives guidance to hosters telling them that they should move off of ASP.NET's partial trust modes and run everything in Full Trust with the proper OS-provided isolation levels.

  • Move to a different hoster that doesn't limit you to Medium Trust.

  • If you must use your existing hoster and they will not move you to Full Trust, use the older versions of the ASP.NET project templates (File -> New -> Project -> Visual C# -> Web -> Visual Studio 2012 -> { select app type }). Alternatively, you can start with the empty ASP.NET project template. These templates do not require Full Trust. However, take note that you'll be limiting the functionality available to your site, and you won't be able to install the latest NuGet packages provided by the ASP.NET team.

Community
  • 1
  • 1
Levi
  • 32,628
  • 3
  • 87
  • 88