Solved

How do i set my web.config so that one of my assemblies will allow partially trusted callers?

Posted on 2011-09-12
8
810 Views
Last Modified: 2012-05-12
I've uploaded my (VS 2010 ASP .NET 3.5 [C#]) web application / site to goDaddy. I'm exeriencing a System.Security.SecurityException, and I need to set my web.config so that an assembly will allow partially trusted callers. How / where do I set / configure this in my web.config. All of the examples I've seen only show snippets of the web.config and I'm still getting errors etc. So If someone can point me to an example of a complete web config so I can see exactly what section this <trustlevel> needs to go in, it would be appreciated. I'm including my current web.config file so please feel free to drop it right in there if you'd like.

<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\vx.x\Config 
-->
<configuration>
  <!--<system.web>
    <customErrors mode="Off"/>
    <compilation debug="true"/>
  </system.web>-->

  <configSections>
    <section name="exceptionHandling"
     type="Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Configuration.ExceptionHandlingSettings,
     Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=5.0.414.0, Culture=neutral,
     PublicKeyToken=31bf3856ad364e35" />

    <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup,
      System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

      <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions,
      Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

        <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
        requirePermission="false" allowDefinition="MachineToApplication"/>

          <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

          <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="Everywhere"/>

          <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="MachineToApplication"/>

          <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="MachineToApplication"/>

          <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="MachineToApplication"/>

        </sectionGroup>

      </sectionGroup>

    </sectionGroup>

  </configSections>

  <appSettings>
    <add key="SuperManRoleName" value="QUSuperMan"/>
  </appSettings>

  <exceptionHandling>
    <exceptionPolicies>
      <add name="GeneralException">
        <exceptionTypes>
          <add type="System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
          postHandlingAction="NotifyRethrow" name="Exception">
            <exceptionHandlers>
              <add type="StudyTimeTracker.Enterprise.ExceptionHandling.SqlCustomExceptionHandler,
              StudyTimeTracker.Enterprise,
              Version=1.0.0.0, Culture=neutral, PublicKeyToken=08a7298f29b59f5a" name="Custom Handler" /> 
            </exceptionHandlers>
          </add>
        </exceptionTypes>
      </add>
      <add name="CriticalException">
        <exceptionTypes>
          <add type="System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
          postHandlingAction="NotifyRethrow" name="Exception">
            <exceptionHandlers>
              <add type="StudyTimeTracker.Enterprise.ExceptionHandling.SqlCustomExceptionHandler, 
              StudyTimeTracker.Enterprise,
              Version=1.0.0.0, Culture=neutral, PublicKeyToken=08a7298f29b59f5a" name="Custom Handler" />
            </exceptionHandlers>
          </add>
        </exceptionTypes>
      </add>
    </exceptionPolicies>
  </exceptionHandling>

  <connectionStrings>
    <add name="SQLExpress" connectionString="Data Source=.\sqlexpress;Initial Catalog=myCatalog;
    User=myUserID;Password=mypassword" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->

    <customErrors mode="Off"/>
    <compilation debug="true">
      <assemblies>
        <!--<add assembly="Microsoft.Office.Interop.Excel, Version=12.0.0.0, Culture=neutral,
          PublicKeyToken=71E9BCE111E9429C"/>-->
        <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral,
          PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
    </compilation>
    <authentication mode="Forms">
      <!--<forms loginUrl="~/Admin/Login.aspx" defaultUrl="~/Default.aspx"/>-->
      <!--<forms loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx"/>-->
    </authentication>
    <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <pages>
      <controls>
        <add tagPrefix="ajaxToolkit" namespace="AjaxControlToolkit" assembly="AjaxControlToolkit"/>
        <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0,
          Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0,
          Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </controls>
    </pages>

    <roleManager enabled="true" defaultProvider="DefaultRoleProvider" cacheRolesInCookie="true"
      cookieName=".ASPROLES">
      <providers>
        <add name="DefaultRoleProvider" type="System.Web.Security.SqlRoleProvider"
          applicationName="studytimetrackerprime" connectionStringName="SQLExpress"/>
        <!--<add name="XmlProvider" dataStorePath="App_Data" type="XmlProviders.XmlRoleProvider"
              applicationName="magnumproducts.com"/>-->
      </providers>
    </roleManager>

    <membership defaultProvider="DefaultMembershipProvider">
      <providers>
        <add name="DefaultMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
          requiresQuestionAndAnswer="false" minRequiredNonalphanumericCharacters="0"
          applicationName="studytimetrackerprime" connectionStringName="SQLExpress"/>
        <!--<add name="XmlProvider" type="XmlProviders.XmlMembershipProvider" dataStorePath="App_Data"
              applicationName="magnumproducts.com" enablePasswordRetrieval="false" enablePasswordReset="true"
              requiresQuestionAndAnswer="true" requiresUniqueEmail="true" passwordFormat="Hashed"
              maxInvalidPasswordAttempts="3" passwordAttemptWindow="5"/> -->
      </providers>
    </membership>

    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false"
        type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
        PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>

    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0,
        Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>

  </system.web>
  <!--<location path="UsersAndRoles.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="AddStudent.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>-->
  <location path="RoleBasedAuthorization.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="ChangePassword.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <!--<location path="Default.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>-->
  <location path="Admin/EditAccount.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Users.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Admin/Login.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <allow users="?"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Admin/PasswordRecovery.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <allow users="?"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  <!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
  <system.webServer>
    <httpErrors errorMode="Detailed"/>
    <asp scriptErrorSentToBrowser="true"/>
    <validation validateIntegratedModeConfiguration="false"/>

    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>

    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode"
        type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0,
        Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode"
        type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0,
        Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode"
        type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
        PublicKeyToken=31BF3856AD364E35"/>
    </handlers>

  </system.webServer>

  <system.codedom>
      <compilers>
        <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider, System,
          Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
          <providerOption name="CompilerVersion" value="v3.5"/>
          <providerOption name="WarnAsError" value="false"/>
      </compiler>

        <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider,
          System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
          <providerOption name="CompilerVersion" value="v3.5"/>
          <providerOption name="OptionInfer" value="true"/>
          <providerOption name="WarnAsError" value="false"/>
      </compiler>

    </compilers>
  </system.codedom>

  <runtime>
    <assemblyBinding appliesTo="v2.0.50727" xmlns="urn:schemas-microsoft-com:asm.v1">

      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>

      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>

    </assemblyBinding>
  </runtime>

</configuration>

Open in new window

0
Comment
Question by:mikesExpertExchange
  • 4
  • 4
8 Comments
 
LVL 75

Accepted Solution

by:
käµfm³d   👽 earned 500 total points
ID: 36524539
Does it need to be in web.config? I'm looking at my copy of .NET Framework 2.0 Application Development Foundation and it shows adding an assembly attribute to permit such behavior:

[assembly:AllowPartiallyTrustedCallers]

Open in new window

0
 
LVL 1

Author Comment

by:mikesExpertExchange
ID: 36524570
maybe that's where i need to put it. where would it go in my class?
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 36524601
I haven't played around with assembly attributes much, but I believe they go outside of any namespace declarations. The only place I've ever really seen them is in the AssemblyInfo class. For example, here is what a default AssemblyInfo might look like:

using System.Reflection;
using System.Runtime.InteropServices;

// General Information about an assembly is controlled through the following 
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("27303809")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("Company")]
[assembly: AssemblyProduct("27303809")]
[assembly: AssemblyCopyright("Copyright © Company")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]

// Setting ComVisible to false makes the types in this assembly not visible 
// to COM components.  If you need to access a type in this assembly from 
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]

// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("9d77b858-886f-4cba-8ac4-df2d1870203e")]

// Version information for an assembly consists of the following four values:
//
//      Major Version
//      Minor Version 
//      Build Number
//      Revision
//
// You can specify all the values or you can default the Build and Revision Numbers 
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

Open in new window


Perhaps tacking it on within that file will suffice.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 36524628
If you're not familiar, the AssemblyInfo.cs file can be found under the Properties folder in the Solution Explorer.
untitled.PNG
0
 
LVL 1

Author Comment

by:mikesExpertExchange
ID: 36524898
yes, i did find it there. thanks. so if i've added the directive at the top of that assembly and i'm still receiving the error, would would / should i try next? the web.config?
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 36525489
I'm afraid I am at a loss as I have not had much call for monkeying with this stuff. Please hold out for someone more versed in this subject.

Sorry I couldn't help  : \
0
 
LVL 1

Author Comment

by:mikesExpertExchange
ID: 36525753
no problem thanks for your help it did get me farther along and i actually got the problem solved...:-)
0
 
LVL 1

Author Closing Comment

by:mikesExpertExchange
ID: 36525757
this was the root of my solution
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VS2010 Build fails to install 14 75
Problem to Office 1 39
MS SQL + date 6 41
JS to redirect to prev page 8 16
Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question