How to resolve the medium trust issue in Asp.net

Asked

Viewed 7,747 times

6

I’m developing a website on Asp.Net MVC5. When posting the site on Locaweb and trying to log in with my user I received the message:

Attempt by security transparent method 'Microsoft.AspNet.Identity.ClaimsIdentityFactory`2+<CreateAsync>d__0<TUser,TKey>.MoveNext()' to access security critical method 'System.Security.Claims.ClaimsIdentity.AddClaim(System.Security.Claims.Claim)' failed.

Assembly 'Microsoft.AspNet.Identity.Core, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' is partially trusted, which causes the CLR to make it entirely security transparent regardless of any transparency annotations in the assembly itself.  In order to access security critical code, this assembly must be fully trusted.

I use Identity and also some components of Devexpress.

It was only then that I contacted the support that told me that the problem occurs because their server only runs on medium trust: http://wiki.locaweb.com.br/pt-br/Security_Level_de_servidores_Windows_em_ambiente_compartilhado

On the microsoft website says that the solution is to put inside the tag <System.web> of my web.config the tag <trust level="medium" originUrl="" />.

While doing this I get the following error from the server: This configuration section cannot be used at this path. This happens when the site administrator has locked access to this section using <location allowOverride="false"> from an inherited configuration file.

That is, Ocaweb blocked this change through a global configuration file (at least that’s what I understood from the error). I tried to tag <location allowOverride="false"> but it also didn’t solve.

The support of Ocaweb can only say that the error is programming, but I do not know how to solve. Somebody out there knows how to fix this?

  • Good advice! But I need to solve.

  • Our dear, how can you? I saw that they have a server win server 2003 that accepts full trust, can I change the server? What do you think?

  • Okay. I will analyze the possibility. Ai, already gives the tip to where was your lodging.

  • Kinghost runs ASP.Net in full trust #ficaadica mode

  • Kinghost runs Asp.Net in full trust, but only in . Net 4.0. Speaking with the support assured me that it would work, when I hired that I went to publish the error arises. I asked them to migrate to a server that supports . net 4.5 and full trust and they told me that they do not offer this.

  • Too bad, the applications I ran there were Asp.net 4.0 even (instances of CMS Composite C1). Try commenting on the tags referring to impersonate settings and the full trust itself on your web.config, solve some errors there by doing this

  • I have the same problem. I stayed at Kinghost and they said that the Full Trust environment runs on ASP.NET 4.0 and I need the environment to be 4.5 ?

  • Try to change if web.config for <?xml version="1.0"?>&#xA;<configuration>&#xA; <system.web>&#xA; <customErrors mode="Off"/>&#xA; </system.web>&#xA; <system.web>&#xA; <compilation debug="true"/>&#xA;</system.web>&#xA;</configuration>

  • Some solution?

  • 1

    @Danilooliveira The solution was to go up to Azure. Providers like #Locaweb have implemented a medium-trust security level for Asp.net 4.0 and 4.5. And for nothing in the world are willing to change. The best solution is to go up to Azure. You can even host a basic website with a bank of up to 20Mb for free. If you use the same settings as a Locaweb of life the price is very close. So, it pays off.

Show 5 more comments

1 answer

1


I’ve had a similar problem. Some Hosts don’t even allow it. Try a test in Windows Azure: http://azure.microsoft.com/pt-br/

My last projects have used Azure as host, now they have servers in Brazil too.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.