I am having an issue where when I run my asp.net website, I get a security exception to do with the trust level in the config file. I have tried adding the following code into the config file in the solution, but no luck;
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
Description of the 'Security Exception' -
The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details
System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I am only trying to run this locally from Visual Studio, and it has been working before.
We have recently moved our environments from working in a TS session (where vs2010 is), to having our own virtual machines (where vs2012 is). To get to the VS2010, we have to remote in from our virtual machine, and each time we log in it brings over our documents folder and everything. Could it be to do with this, logging in from somewhere else causes permission issues?
Many thanks.
Related
Hi I have a question regarding Azure keyvault and IIS. So our server provider did an windows patch:
2021-04 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5001347)
2021-04 Servicing Stack Update for Windows Server 2016 for x64-based Systems (KB5001402)
After this windows patch and restart of server our fetch from web.config to keyvault in Azure stopped to work.
When IIS is starting our app it can not find Microsoft.Configuration.ConfigurationBuilders.Azure
Even if the DLL is located in the bin folder.
One other important thing to mention is that our connectionStrings to the database that are located in their own file connectionstrings.config are working great with Azure Keyvault.
Our windows services on the same machine are also working great with Azure Keyvault.
So the issue is only affecting our appsettings section in our web.config.
We have tried to add the bin folder to privatePath in the web.config, that didnt help
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<probing privatePath="bin;modulesbin"/>
This works great on our STAGING machine which has the same windows updates and uses the same configs.
Does anyone have a clue what we can do next?
What we are using:
System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
<configBuilders>
<builders>
<add name="AzureKeyVault" vaultName=somevaultname"
type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral"
vaultUri="somevaulturi"/>
</builders>
</configBuilders>
Thanks for any help
Edit:
We have now installed newer Azure dlls.
Installed Azure CLI on server.
We hare now using AZURE_TENANT_ID, AZURE_CLIENT_SECRET, AZURE_CLIENT_ID instead of AzureServicesAuthConnectionString in the environment variables.
After reboot, the webapp, services, connectionstring stopped working.
Error message in Event viewer:
Exception message: An error occurred loading a configuration file: The specified user does not have a valid profile. Unable to load 'Microsoft.Configuration.ConfigurationBuilders.Azure
Everything still work as expected on our stage server.
AZURE_TENANT_ID was added correctly under Administrator environment variables
but under system environment variables it was added with AZURE_TENTANT_ID (one t too much)
Such a typo. All good now.
I have scoured the internet for this particular error and I've found similar ones but nothing that matched my problem. I have a WebForms application that continues to give me the error below.
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'The trust relationship between this workstation and the primary domain failed.
It highlights the line: (I've replaced the username and password with generic text for this post.)
<system.web>
<identity impersonate="true" userName="(Domain\(Username)" password="(Password)"/>
Whenever I change impersonate="false" it just says that LocalHost cannot be found. I'm not sure what the issue is here and I can't seem to get the application to run locally.
I am newbie to ASP.NET MVC, I developed a new web application using ASP.NET MVC, Entity Framework on .NET 4.5 and it is working just fine.
When trying to deploy onto a shared hosting server, I got an error as the Trust is set to Medium and there is noway to change it to Full.
Even on my local machine if I set Trust to Medium I got same exception:
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: Request for the
permission of type 'System.Security.Permissions.SecurityPermission,
mscorlib, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' failed.
How could I fix my configuration to allow my application to work on Medium Trust environment. Noticing that my application is not using anything from outside.
Thanks
ASP.Net MVC 5 no longer support partial trust for you need to develop this application in MVC 3 or MVC 4. For more information please read this this answer
You can change configuration of application in web.config file
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
</system.web>
Also refer to this if need more details
https://our.umbraco.org/forum/getting-started/installing-umbraco/62071-SystemSecurityPermissionsSecurityPermission-at-Godaddy-hosting
How do I resolve a System.Security.SecurityException with custom code in SSRS?
https://msdn.microsoft.com/en-us/library/wyts434y.aspx
https://support.microsoft.com/en-us/kb/555466
I am having a problem with IIS permissions and Microsoft's Outlook 2010 interop assembly using a web forms project.
I created a proof of concept project to make sure I could use Microsoft's Outlook interop assembly in a particular the situation I am tasked with. The demo project worked great and I had no problems. Now I am trying to integrate it into our main project and I am running into an IIS permission issue. I have my web site running in IIS 7 locally. In IIS Manager, I click on Application Pools -> My Web Site -> Advanced Settings. In this window, I have a custom Identity called "fileshare" with a password ("fileshare" was create to secure access to the web site's images, pdf files, etc. on a development network server). I copied the outlook interop assembly into our common shared assemblies folder instead of referencing it from the GAC. I gave the assembly all permissions for IUSER, NETWORK SERVICE, IIS_WPG, ASP.NET and fileshare. I get the following run- time error:
Retrieving the COM class factory for component with CLSID {0006F03A-0000-0000-
C000-000000000046} failed due to the following error: 80070005 Access is denied.
(Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)). Description: An unhandled
exception occurred during the execution of the current web request. Please
review the stack trace for more information about the error and where it
originated in the code.
Exception Details: System.UnauthorizedAccessException: Retrieving the COM class
factory for component with CLSID {0006F03A-0000-0000- C000-000000000046} failed
due to the following error: 80070005 Access is denied. (Exception from HRESULT:
0x80070005 (E_ACCESSDENIED)).
ASP.NET is not authorized to access the requested resource. Consider granting
access rights to the resource to the ASP.NET request identity. ASP.NET has a
base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on
IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that
is used if the application is not impersonating. If the application is
impersonating via <identity impersonate="true"/>, the identity will be the
anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose
"Properties" and select the Security tab. Click "Add" to add the appropriate
user or group. Highlight the ASP.NET account, and check the boxes for the
desired access.
I checked the windows event logs and under Windows Logs -> System and I have this error:
The machine-default permission settings do not grant Local Activation permission
for the COM Server application with CLSID {0006F03A-0000-0000-
C000-000000000046} and APPID Unavailable to the user BSoup\fileshare SID
(S-1-5-21-2999627215-1482540357-33300828-1019) from address LocalHost (Using
LRPC). This security permission can be modified using the Component Services
administrative tool.
After doing a bit more research, I've decided that using the interop assembly is a bad choice. As Alexi stated, it's not for use over the network.
Start Internet Information Services (IIS).
Right-click your application's virtual directory, and then click Properties.
Click the Directory Security tab. Under Anonymous access and authentication control, click Edit.
Make sure the Anonymous access check box is not selected and that Integrated Windows authentication is the only selected check box.
Configure ASP.NET to use Windows authentication with impersonation, use the following configuration in WebConfig.
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
</system.web>
I have some code that wraps the PayflowPro .NET API. It essentially posts to a HTTPS address (a payment gateway) from C#. I can run this code locally and it works nicely. I can run it in my MSUnit tests and it works, and I can run it from a console application on my test environment and it also works.
I have a workflow hosted in IIS 6.1, which instantiates a class which in turn calls this code. When this workflow is started the code fails everytime; I get an error like System.Exception: Failed to connect to host Input Server Uri = https://pilot-payflowpro.paypal.com/ from the API object.
This exception is coming from the API, but I am completely lost as to how I can succesfully post from a console application but not from an IIS process.
The class is exactly the same, word for word.
I log in as administrator, so the console app is running as administrator. Therefore I have tried using the administrator account for the application pool for the website (for this testing only, obviously)
The console app can post so therefore the firewall / proxy aren't interfering... right?
Is there anything I need to adjust in IIS to allow an application to communicate outside? Are there any obvious security settings that I'm overlooking? Any suggestions for test cases to run to find out what might be going on?
edit: Turns out that this problem is somehow related to the VM environment in which the server is running. This problem doesn't occur on my development box, the test server or the production server - it's only occurring on the integration server. The cause is still unknown but I am no longer working on it.
This might be caused by an ASP.NET trust configuration issue. To check the trust level open the following file in an editor:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config (if ASP.NET 2.0)
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CONFIG\web.config (if ASP.NET 4.0)
You may also need to edit the C:\WINDOWS\Microsoft.NET\Framework64 versions of these if you're running on 64 bit Windows.
Scroll down to the <securityPolicy> configuration section which looks like:
<location allowOverride="false">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
<trustLevel name="High" policyFile="web_hightrust.config"/>
<trustLevel name="Medium" policyFile="web_mediumtrust.config"/>
<trustLevel name="Low" policyFile="web_lowtrust.config"/>
<trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
</securityPolicy>
<trust level="Medium" originUrl=""/>
</system.web>
</location>
If you see anything other than <trust level="Full" originUrl=""/> it means the server is running under Partial Trust.
Open the .config file specified by the relevant policyFile attribute, for example web_mediumtrust.config if level="Medium".
It's highly unlikely that the server will be running under anything less than Low Trust.
Locate the <NamedPermissionSets> section, under this there is a <PermissionSet> that looks like:
<PermissionSet
class="NamedPermissionSet"
version="1"
Name="ASP.Net">
This contains a number of <IPermission> nodes. Look for one that called WebPermission, it looks like this:
<IPermission
class="WebPermission"
version="1">
If it's missing or looks like:
<IPermission
class="WebPermission"
version="1">
<ConnectAccess>
<URI uri="$OriginHost$"/>
</ConnectAccess>
</IPermission>
You need to add or modify so it looks like:
<IPermission
class="WebPermission"
version="1"
Unrestricted="true"/>
This setting controls outbound and inbound access from your application to or from a URI.
It may also be necessary to ensure that the SocketPermission configuration is similarly configured:
<IPermission
class="SocketPermission"
version="1"
Unrestricted="true"/>
Turns out that this problem is somehow related to the VM environment in which the server is running. This problem doesn't occur on my development box, the test server or the production server - it's only occurring on the integration server. The cause is still unknown but I am no longer working on it.