Re: System.Security.SecurityException: Request

This is definitely a web application and this is what I am getting on their
server.

In my test evironment I am getting an SmtpException at the point of sending
the message, but this may be because my local server does not have
appropriate access to the remote mail forwarder. I know that the user ID
and password I am using in my web.config are valid. My ISP told me to use
the server specified in code. The one I use for my normal mail client is
"smtp.1and1.com".

What is a CAS policy? Can I set this up in code or do I have to get my ISP
involved?

"Alvin Bruney [ASP.NET MVP]" <vapor dan using hot male spam filter> wrote in
message news:B4E4D98C-8357-4225-BCCF-7C44560D22A3@xxxxxxxxxxxxxxxx
The worker process running your application does not have permission to
read the environment variable. I think you know this part. What I don't
understand is what it is happening A couple of questions. Is this a web
app or windows app? You can fix this easy with an appropriate CAS policy
but I'd recommend you figure out what is going wrong first.

--

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
Download OWC Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $15.00
Need a free copy of VSTS 2008 w/ MSDN Premium?
http://msmvps.com/blogs/alvin/Default.aspx
-------------------------------------------------------


"Henry Stock" <henry@xxxxxxxxxxxxxxx> wrote in message
news:#lbUZI#$IHA.4064@xxxxxxxxxxxxxxxxxxxxxxx

I am trying to understand the following error:
Any thing you can tell me about this is appreciated.

Security Exception
Description: The application attempted to perform an operation not
allowed by the security policy. To grant this application the required
permission please contact your system administrator or change the
application's trust level in the configuration file.

Exception Details: for the permission of type
'System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.

Source Error:


Line 45:
Line 46: //create the smtp client
Line 47: SmtpClient _smtp = new SmtpClient("mrelay.perfora.net");
Line 48: _smtp.DeliveryMethod = SmtpDeliveryMethod.Network;
Line 49: try



Source File: e:\kunden\homepages\34\d252335749\comments.aspx.cs Line:
47

Stack Trace:


[SecurityException: Request for the permission of type
'System.Security.Permissions.EnvironmentPermission, mscorlib,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand,
StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Net.CredentialCache.get_DefaultCredentials() +59

System.Net.Configuration.SmtpNetworkElementInternal..ctor(SmtpNetworkElement
element) +55
System.Net.Configuration.SmtpSectionInternal..ctor(SmtpSection section)
+65
System.Net.Configuration.SmtpSectionInternal.GetSection() +173
System.Net.Mail.SmtpClient.get_MailConfiguration() +45
System.Net.Mail.SmtpClient.Initialize() +223
System.Net.Mail.SmtpClient..ctor(String host) +162
comments.contactUS_Click(Object sender, EventArgs e) in
e:\kunden\homepages\34\d252335749\comments.aspx.cs:47
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
System.Web.UI.WebControls.Button.RaisePostBackEvent(String
eventArgument) +107

System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String
eventArgument) +7
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) +11
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
+7350
System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +213
System.Web.UI.Page.ProcessRequest() +86
System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) +18
System.Web.UI.Page.ProcessRequest(HttpContext context) +49
ASP.comments_aspx.ProcessRequest(HttpContext context) in
App_Web_xytww0yg.0.cs:0

System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+358
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +64


When I did a Google search I came up with the following url and
explanation:

http://support.microsoft.com/kb/814741

CAUSE
The System.Security.Permissions.EnvironmentPermission class in
Mscorlib.dll controls the access to the user environment variables.
SystemInformation.UserName in the application requests the permission
from the EnvironmentPermission class to access the UserName environment
variable. However, in the Local Intranet zone, System.Windows.Forms does
not have permissions to access the Windows user name, and the request is
not served by Mscorlib.dll. Therefore, a security exception is raised
when you run the application.

The problem with this is that the code they give you to test with is
linked to Windows Forms;

//display the UserName currently logged
Console.WriteLine(System.Environment.UserName);
Console.ReadLine();

Even if I set this to Response.Write( ... ); System.Environment.UserName
is not available in a remote web environment.

The following is code from my web.config file. I have disguised my
userID and Password.

<system.net>
<mailSettings>
<smtp deliveryMethod="Network">
<!-- The <network> node supports the following properties, but we won't
use all of them
<network host="127.0.0.1" port="25" userName="myUserName"
password="OpenSesame" defaultCredentials="true" />
-->

<network host="mrelay.perfora.net" userName="info@xxxxxxxxxxxx"
password="mypwd" defaultCredentials="true"/>
</smtp>
</mailSettings>
</system.net>

The following is the click event function that triggers the error code;
it is linked to a submit button on the form:

protected void contactUS_Click(object sender, EventArgs e)
{
//Things to Do:
// Validate form fields:
// Name field should be letters and spaces only. Can't be blank or
only spaces.
// Phone field may have () - spaces and digits
// email address must be properly formatted.
// Eventually I would like to add a check for domain validity
// After edits I need to create the message
//String from_addr = new String(FindControl("email").ToString());
MailAddress _from = new MailAddress("info@xxxxxxxxxxxx");
MailAddress _sender = new MailAddress("info@xxxxxxxxxxxx");
MailAddress _to = new MailAddress("webmaster@xxxxxxxxxxxx");
MailMessage msg = new MailMessage(_from,_to);
msg.Sender = _sender;
msg.Subject = "Feedback from Comments Form";
StringBuilder sbuilder = new StringBuilder();
//Build string for message body
sbuilder.AppendLine("Senders IP Address: " +
Request.ServerVariables["remote_addr"].ToString());
sbuilder.AppendLine("Name: " +
comments_form.Controls[0].ToString());
sbuilder.AppendLine("Email: " +
comments_form.Controls[1].ToString());
sbuilder.AppendLine("Phone: " +
comments_form.Controls[2].ToString());
sbuilder.AppendLine("Message: " +
comments_form.Controls[3].ToString());
//assign string value to message body
msg.Body = sbuilder.ToString();

//create the smtp client

SmtpClient _smtp = new SmtpClient("mrelay.perfora.net");
_smtp.DeliveryMethod = SmtpDeliveryMethod.Network;

try
{
_smtp.Send(msg);

}
catch (ArgumentNullException )
{
Response.Write("Argument Null Exception");
}
catch (ArgumentOutOfRangeException )
{
Response.Write("Argument out of Range Exception");
}
catch (SmtpException )
{
Response.Write("SMTP Exception");
}
catch
{
Response.Write("Something else happened");
}

}

The following is the web page form that I am dealing with:

<asp:panel id="panelSendEmail" runat="server">
<form id="comments_form" action="comments.aspx" runat="server"
onsubmit="return jcap();" >

<p>If you would like to make a comment about the anything
that you see on our web site
or ask a question, then please feel free to use this
comments form.</p>

<b>Your Name :</b><br/>
<input id="name" type="text" size="30" maxlength="256"
name="Senders_Name"/>
<p></p>

<b>Your E-Mail Address :</b><br/>
<input id="email" type="text" size="30" maxlength="80"
name="_reply"
onblur="return isValidEmail(email, true)"/>

<p></p>
<b>Your Phone Number:</b><br/>
<input id="phone"type="text" size="15" maxlength="15"
name="Phone"/>
<p></p>

<b>Your Comments :</b><br/>
<textarea id="message" name="Senders_Comments" rows="6"
cols="60"></textarea>
<p></p>
<p>Please enter the word that you see in the image </p>
<p><script type="text/javascript">sjcap();</script></p>
<noscript><p>[This resource requires a Javascript enabled
browser.]</p></noscript>


<asp:button runat="server" id="contact_us" Text="Submit"
OnClick="contactUS_Click" />
<input type="reset" value="Reset"/>
</form>
</asp:panel>

<asp:panel id="panelMailSent" runat="server" Visible="False">
Thank you for your comments.
</asp:panel>





.