4

I built a really simple asp.net mvc web site (it doesn't use asp.net identity, entity framework and also it doesn't use any database). These are the references:

enter image description here

and the web.config

  <configuration>
  <appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5.2" />
    <httpRuntime targetFramework="4.5.2" />
  </system.web>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
    </compilers>
  </system.codedom>
<system.net>
    <mailSettings>
      <smtp deliveryMethod="Network" from="info@domain.com">
        <network host="smtp.domain.com" userName="info@domain.com" password="password" port="25" />
      </smtp>
    </mailSettings>
  </system.net>
</configuration>

I published it on a shared hosting server (with IIS 8.5), and got a Security Exception:

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

The question is why this simple website requires full trust ? I don't understand, if it requires full trust than whatever asp.net mvc website should require full trust.

UPDATE: the full trust is required with the new .net framework features. I uninstalled the packages Microsoft.CodeDom.Providers.DotNetCompilerPlatform and Microsoft.Net.Compilers and now it works.

DevT
  • 1,411
  • 3
  • 16
  • 32
  • it has been published on a shared hosting server, the version of iis should be 8.5 – DevT Jun 27 '16 at 17:04
  • This [post](http://stackoverflow.com/questions/557713/why-does-my-net-application-require-full-trust) might be helpful – Tasos K. Jun 27 '16 at 17:05
  • @TasosK. I have read about it, but my web.config doesn't contain a configsections as you can see in the main post (I posted the web.config). – DevT Jun 27 '16 at 17:20
  • Impossible to say without knowing what the operation was that was not allowed, and what security policy was applied. You have SMTP settings defined. Are you sure your shared hosting provider allows websites that send email? – Heretic Monkey Jun 27 '16 at 17:23
  • @MikeMcCaughan yes I know I haven't more details. I can confirm the hosting provider allows the website to send email – DevT Jun 27 '16 at 17:29
  • @DevT You require full trust permission. From the error message, it is clearly show that you require full trust. Ask your hosting provider to give full permisision for you. –  Jun 30 '16 at 05:39

2 Answers2

2

As per this post from a Microsoft employee (answered Jun 20 '13):

We are removing Medium Trust support from the frameworks we develop (MVC, WebAPI, SignalR, and so on). Going forward, applications built on these frameworks will require Full Trust.

Edit 26 May 2015: The .NET Framework as a whole has deprecated partial trust, and customers are advised not to rely on it as a security boundary.

So, it shouldn't come as a surprise that full trust is required, as partial trust is now completely obsolete.

Community
  • 1
  • 1
NightOwl888
  • 55,572
  • 24
  • 139
  • 212
  • Yes that's right. On my website the full trust is required because the new .net framework features, in fact, I uninstalled the packages Microsoft.CodeDom.Providers.DotNetCompilerPlatform and Microsoft.Net.Compilers, now the site doesn't require full trust anymore. – DevT Jun 28 '16 at 08:50
0

This might help.

https://support.microsoft.com/en-us/kb/555466

You will possibly need to create an application pool with the security levels set appropriately for your application. The section suggested to change is in the machine.config

JDavila
  • 409
  • 1
  • 7
  • 22
  • I know about this, but the question is why a really simple asp.net mvc application requires full trust – DevT Jun 27 '16 at 17:56