Application Security Change for Medium Trust

Asked

Viewed 7,643 times

1

I recently uploaded a system I created in Asp.Net using MVC and Entity to the Kinghost web server. On localhost and on my own server it works normally. When trying to access the application on the Kinghost server, it gives the following error:

[Securityexception: Failure to request type permission 'System.Web.Aspnethostingpermission, System, Version=4.0.0.0, Culture=neutral, Publickeytoken=b77a5c561934e089'.]
System.Security.Codeaccesssecurityengine.Check(Object demand, Stackcrawlmark & stackMark, Boolean isPermSet) +0
System.Security.Codeaccesssecurityengine.Check(Codeaccesspermission cap, Stackcrawlmark & stackMark) +31
System.Security.Codeaccesspermission.Demand() +46
System.Web.Hosting.HostingEnvironment.get_ApplicationID() +62
Microsoft.Owin.Host.SystemWeb.Owinappcontext.. ctor() +63
Microsoft.Owin.Host.SystemWeb.Owinbuilder.Build(Action1 startup) +30 Microsoft.Owin.Host.SystemWeb.OwinHttpModule.InitializeBlueprint() +70 System.Threading.LazyInitializer.EnsureInitializedCore(T& target, Boolean& initialized, Object& syncLock, Func1 valueFactory) +115
Microsoft.Owin.Host.SystemWeb.Owinhttpmodule.Init(Httpapplication context) +106
System.Web.Httpapplication.Registereventsubscriptionswithiis(Intptr appContext, Httpcontext context, Methodinfo[] handlers) +418
System.Web.Httpapplication.Initspecial(Httpapplicationstate state, Methodinfo[] handlers, Intptr appContext, Httpcontext) +172
System.Web.Httpapplicationfactory.Getspecialapplicationinstance(Intptr appContext, Httpcontext context) +336
System.Web.Hosting.PipelineRuntime.Initializeapplication(Intptr appContext) +296

Searching I could notice the following: On the server you can configure the security policies in Web.config which is in the directory %windir% Microsoft.NET Framework{version} CONFIG of the server (even in localhost you can define this). Usually it’s like this:

<location allowOverride="true">
  <system.web>
    <securityPolicy>
      <trustLevel name="Full" policyFile="internal" />
      <trustLevel name="High" policyFile="web_hightrust.config" />
      <trustLevel name="Medium" policyFile="web_mediumtrust.config" />
      <trustLevel name="Low" policyFile="web_lowtrust.config" />
      <trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
      <trustLevel name="Custom" policyFile="web_CustomTrust.config" />
    </securityPolicy>
    <trust level="Full" originUrl="" /> <--aqui eu digo o nível que as app vão usar-->>
  </system.web>
</location>

My default application was created as Full Trust. As the Kinghost server is set to Medium Trust, on the web.config of my application I would only need to set the security level of my application to Medium, placing this block:

<system.web>    
    <trust level="Full"/> 
</system.web>

However, on the Kinghost server they set the "allowOverride=false", not allowing the application to choose which level of security it wants to use via Web.config. You can see this because after I put this code appears this other error message:

This configuration section cannot be used in this path. This occurs when the site administrator blocks access to this section using <location allowOverride="false"> of a configuration file inherited.

Does anyone know how I can change my application to Medium Trust?

  • I don’t know the Kinghost dashboard. You would have access to IIS settings for something like a Remote Desktop, for example?

  • What specifically do you want to know? Can I open a call by asking @Ciganomorrisonmendez

  • Are you using any DLL downloaded from the internet? Usually they come with a kind of lock by file system. You need to unlock the Dlls by entering their properties.

  • The DLL’s that use are from Entityframework, Identity, Owin, Json, Mvc, and Razor basically. I haven’t downloaded any different dll. And all these were added in the creation of my project @Ciganomorrisonmendez

  • @Ciganomorrisonmendez takes a look at the bug (I’ve added the whole bug now). I think it has something to do with Owin permissions. I use Entity Framework 6

  • I get it. I don’t have good news for you: http://stackoverflow.com/a/18154797/1314276

  • Could Alessandro Barros describe these two steps better? 1.download the sources for Itextsharp and Xmlworkerhelper 2.I added the following line [Assembly: Allowpartiallytrustedcallers()] in the file Assemblyinfo.Cs.

  • @Sydinhofranco in the end as it turned out? I’m having the same problem. If I can help you thank

  • 1

    @Lucasventurella had no way, I had to change server. I went to Godaddy and there worked well.

  • @Sydinhofranco was worth it, man. I ended up opening a call, they tried to solve and failed and ended up releasing the full trust for me (na kinghost tbm)

  • 1

    Ahhh are already releasing the Full Trust is? Good to know @Lucasventurella Valeuu!

Show 6 more comments

2 answers

2

For newer Frameworks, Microsoft is discouraging Medium Trust in favour of isolation by operating system level, as described in this supporting item for newer Frameworks like Owin, in your case. There are several responses from the OS talking about it, but I quote from my research sources.

Or it is necessary to negotiate with the provider a permission to Full Trust, or change provider.

  • Searching found this also =/ I will try to negotiate with the server to see if put in a Full Trust, otherwise I will change hosting.

  • The question is: change to which hosting ? Locaweb and UOL Host do not allow Full Trust. I am looking for other hosting providers. Does anyone know of any?

  • @Jonepolvora See the ASP.NET MVC tag Wiki. There are some suggestions from hosting providers.

2

I also had the same problem, I discovered that it was Itextsharp that caused this error, my solution was the following:

  • download the Itextsharp and Xmlworkerhelper fonts
  • I added the following line [assembly: AllowPartiallyTrustedCallers()] in the archive Assemblyinfo.Cs.

These are Microsoft’s own guidelines

Browser other questions tagged

You are not signed in. Login or sign up in order to post.