Re: ASP.NET Security Exception Error

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Setting the AppDomain principal policy requires
SecurityPermissions\ControlPrincipal, which your application would appear to
lack. This limitation may be the result of either the CAS (code access
security) policy on the machine or the ASP.NET trust level at which your
application is running. Before you start modifying either policy, might you
be able to answer the following questions:

1. Is this happening on your development machine or a server? If the
latter, is the problem server configuration expected to mirror the
production server?

2. Would you be permitted to dictate that your application run with
elevated CAS privileges in its production environment?

3. Do you have any idea why the relevant CAS policy or ASP.NET trust levels
might have been altered from their defaults in the first place?


"Edwin Alexander" <edwin@xxxxxxxxxx> wrote in message
news:1119545836.957175.253390@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> I'm new tothe ASP.NET framework and my first task is to create a web
> interface for an n-tier application. I'm getting the following error
> when trying to authenticate a forms-based login:
>
> "The application attempted to perform an operation not allowed by the
> security policy. To grant this application the required permission
> please contact your system administrator or change the application's
> trust level in the configuration file."
>
> I've seen a number of people posting this error in the newsgroup and
> have examined the solutions. Some are assuming a technical prowess
> with .NET that I just don't have yet while others are akin to reading
> Swahili.
>
> Tracing through the program I've found that the error occurs on the
> line of code
>
> currentDomain.SetPrincipalPolicy(PrincipalPolicy.UnauthenticatedPrincipal);
>
> and yields the following stack trace:
>
> [SecurityException: Request for the permission of type
> System.Security.Permissions.SecurityPermission, mscorlib,
> Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
> failed.]
>
> System.Security.CodeAccessSecurityEngine.CheckTokenBasedSetHelper(Boolean
> ignoreGrants, TokenBasedSet grants, TokenBasedSet denied, TokenBasedSet
> demands) +503
>
> System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet
> grants, PermissionSet denied, PermissionSet demands) +144
> System.AppDomain.SetPrincipalPolicy(PrincipalPolicy policy) +0
> [...]..ctor(String userID, String password, Boolean usePassword) in
> [...]principal.cs:51
> [...]Principal.Login(String userName, String password) in
> [...]principal.cs:45
> [...]tryLogin(String userName, String userPassword) in
> [...]login.aspx.cs:53
> ASP.Login_aspx.btnLogin_Click(Object sender, EventArgs E) in
> [...]Login.aspx:7
> System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108
>
> System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String
> eventArgument) +57
> System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
> sourceControl, String eventArgument) +18
> System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
> +33
> System.Web.UI.Page.ProcessRequestMain() +2112
> System.Web.UI.Page.ProcessRequest() +218
> System.Web.UI.Page.ProcessRequest(HttpContext context) +18
>
> System.Web.CallHandlerExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
> +179
> System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
> completedSynchronously) +87
>
> If ignorance is bliss then I'm ecstatic right now. Can anyone help
> make sense out of this? I got the hint that it's a trust problem and
> that the Web.config file might be involved, but I don't want to be a
> Mad Bomber and create more problems than I solve.
>
> Thanks,
> Edwin
>


.

Relevant Pages

  • Fwd: Oh Dear, Where to start?!
    ... It seems to me you need two things: an organizational policy, ... finish college and break into the real world of computer security. ... experience in the field of network security and policy ... updates, driver updates, and recommended updates. ...
    (Security-Basics)
  • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
    ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ... supports a finite number of "rules" or "policies". ...
    (Firewall-Wizards)
  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)
  • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
    ... The report you cite is CheckPoint originated and deals with older NetScreen ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ...
    (Firewall-Wizards)
  • Re: No Shut Down or Restart for Domain Admins
    ... run rsop.msc from your DC and check which policy is responsible to this. ... I have created a group policy in a development network and imported it ... NT AUTHORITY\Authenticated Users Read (from Security Filtering) No ... Enforce user logon restrictions Enabled ...
    (microsoft.public.windows.server.active_directory)