Solved

How do i set my web.config so that one of my assemblies will allow partially trusted callers?

Posted on 2011-09-12
8
788 Views
Last Modified: 2012-05-12
I've uploaded my (VS 2010 ASP .NET 3.5 [C#]) web application / site to goDaddy. I'm exeriencing a System.Security.SecurityException, and I need to set my web.config so that an assembly will allow partially trusted callers. How / where do I set / configure this in my web.config. All of the examples I've seen only show snippets of the web.config and I'm still getting errors etc. So If someone can point me to an example of a complete web config so I can see exactly what section this <trustlevel> needs to go in, it would be appreciated. I'm including my current web.config file so please feel free to drop it right in there if you'd like.

<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\vx.x\Config 
-->
<configuration>
  <!--<system.web>
    <customErrors mode="Off"/>
    <compilation debug="true"/>
  </system.web>-->

  <configSections>
    <section name="exceptionHandling"
     type="Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Configuration.ExceptionHandlingSettings,
     Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=5.0.414.0, Culture=neutral,
     PublicKeyToken=31bf3856ad364e35" />

    <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup,
      System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

      <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions,
      Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

        <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
        requirePermission="false" allowDefinition="MachineToApplication"/>

          <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

          <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="Everywhere"/>

          <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="MachineToApplication"/>

          <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="MachineToApplication"/>

          <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="MachineToApplication"/>

        </sectionGroup>

      </sectionGroup>

    </sectionGroup>

  </configSections>

  <appSettings>
    <add key="SuperManRoleName" value="QUSuperMan"/>
  </appSettings>

  <exceptionHandling>
    <exceptionPolicies>
      <add name="GeneralException">
        <exceptionTypes>
          <add type="System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
          postHandlingAction="NotifyRethrow" name="Exception">
            <exceptionHandlers>
              <add type="StudyTimeTracker.Enterprise.ExceptionHandling.SqlCustomExceptionHandler,
              StudyTimeTracker.Enterprise,
              Version=1.0.0.0, Culture=neutral, PublicKeyToken=08a7298f29b59f5a" name="Custom Handler" /> 
            </exceptionHandlers>
          </add>
        </exceptionTypes>
      </add>
      <add name="CriticalException">
        <exceptionTypes>
          <add type="System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
          postHandlingAction="NotifyRethrow" name="Exception">
            <exceptionHandlers>
              <add type="StudyTimeTracker.Enterprise.ExceptionHandling.SqlCustomExceptionHandler, 
              StudyTimeTracker.Enterprise,
              Version=1.0.0.0, Culture=neutral, PublicKeyToken=08a7298f29b59f5a" name="Custom Handler" />
            </exceptionHandlers>
          </add>
        </exceptionTypes>
      </add>
    </exceptionPolicies>
  </exceptionHandling>

  <connectionStrings>
    <add name="SQLExpress" connectionString="Data Source=.\sqlexpress;Initial Catalog=myCatalog;
    User=myUserID;Password=mypassword" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->

    <customErrors mode="Off"/>
    <compilation debug="true">
      <assemblies>
        <!--<add assembly="Microsoft.Office.Interop.Excel, Version=12.0.0.0, Culture=neutral,
          PublicKeyToken=71E9BCE111E9429C"/>-->
        <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral,
          PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
    </compilation>
    <authentication mode="Forms">
      <!--<forms loginUrl="~/Admin/Login.aspx" defaultUrl="~/Default.aspx"/>-->
      <!--<forms loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx"/>-->
    </authentication>
    <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <pages>
      <controls>
        <add tagPrefix="ajaxToolkit" namespace="AjaxControlToolkit" assembly="AjaxControlToolkit"/>
        <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0,
          Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0,
          Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </controls>
    </pages>

    <roleManager enabled="true" defaultProvider="DefaultRoleProvider" cacheRolesInCookie="true"
      cookieName=".ASPROLES">
      <providers>
        <add name="DefaultRoleProvider" type="System.Web.Security.SqlRoleProvider"
          applicationName="studytimetrackerprime" connectionStringName="SQLExpress"/>
        <!--<add name="XmlProvider" dataStorePath="App_Data" type="XmlProviders.XmlRoleProvider"
              applicationName="magnumproducts.com"/>-->
      </providers>
    </roleManager>

    <membership defaultProvider="DefaultMembershipProvider">
      <providers>
        <add name="DefaultMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
          requiresQuestionAndAnswer="false" minRequiredNonalphanumericCharacters="0"
          applicationName="studytimetrackerprime" connectionStringName="SQLExpress"/>
        <!--<add name="XmlProvider" type="XmlProviders.XmlMembershipProvider" dataStorePath="App_Data"
              applicationName="magnumproducts.com" enablePasswordRetrieval="false" enablePasswordReset="true"
              requiresQuestionAndAnswer="true" requiresUniqueEmail="true" passwordFormat="Hashed"
              maxInvalidPasswordAttempts="3" passwordAttemptWindow="5"/> -->
      </providers>
    </membership>

    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false"
        type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
        PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>

    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0,
        Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>

  </system.web>
  <!--<location path="UsersAndRoles.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="AddStudent.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>-->
  <location path="RoleBasedAuthorization.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="ChangePassword.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <!--<location path="Default.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>-->
  <location path="Admin/EditAccount.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Users.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Admin/Login.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <allow users="?"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Admin/PasswordRecovery.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <allow users="?"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  <!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
  <system.webServer>
    <httpErrors errorMode="Detailed"/>
    <asp scriptErrorSentToBrowser="true"/>
    <validation validateIntegratedModeConfiguration="false"/>

    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>

    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode"
        type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0,
        Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode"
        type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0,
        Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode"
        type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
        PublicKeyToken=31BF3856AD364E35"/>
    </handlers>

  </system.webServer>

  <system.codedom>
      <compilers>
        <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider, System,
          Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
          <providerOption name="CompilerVersion" value="v3.5"/>
          <providerOption name="WarnAsError" value="false"/>
      </compiler>

        <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider,
          System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
          <providerOption name="CompilerVersion" value="v3.5"/>
          <providerOption name="OptionInfer" value="true"/>
          <providerOption name="WarnAsError" value="false"/>
      </compiler>

    </compilers>
  </system.codedom>

  <runtime>
    <assemblyBinding appliesTo="v2.0.50727" xmlns="urn:schemas-microsoft-com:asm.v1">

      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>

      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>

    </assemblyBinding>
  </runtime>

</configuration>

Open in new window

0
Comment
Question by:mikesExpertExchange
  • 4
  • 4
8 Comments
 
LVL 74

Accepted Solution

by:
käµfm³d   👽 earned 500 total points
ID: 36524539
Does it need to be in web.config? I'm looking at my copy of .NET Framework 2.0 Application Development Foundation and it shows adding an assembly attribute to permit such behavior:

[assembly:AllowPartiallyTrustedCallers]

Open in new window

0
 
LVL 1

Author Comment

by:mikesExpertExchange
ID: 36524570
maybe that's where i need to put it. where would it go in my class?
0
 
LVL 74

Expert Comment

by:käµfm³d 👽
ID: 36524601
I haven't played around with assembly attributes much, but I believe they go outside of any namespace declarations. The only place I've ever really seen them is in the AssemblyInfo class. For example, here is what a default AssemblyInfo might look like:

using System.Reflection;
using System.Runtime.InteropServices;

// General Information about an assembly is controlled through the following 
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("27303809")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("Company")]
[assembly: AssemblyProduct("27303809")]
[assembly: AssemblyCopyright("Copyright © Company")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]

// Setting ComVisible to false makes the types in this assembly not visible 
// to COM components.  If you need to access a type in this assembly from 
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]

// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("9d77b858-886f-4cba-8ac4-df2d1870203e")]

// Version information for an assembly consists of the following four values:
//
//      Major Version
//      Minor Version 
//      Build Number
//      Revision
//
// You can specify all the values or you can default the Build and Revision Numbers 
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

Open in new window


Perhaps tacking it on within that file will suffice.
0
 
LVL 74

Expert Comment

by:käµfm³d 👽
ID: 36524628
If you're not familiar, the AssemblyInfo.cs file can be found under the Properties folder in the Solution Explorer.
untitled.PNG
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:mikesExpertExchange
ID: 36524898
yes, i did find it there. thanks. so if i've added the directive at the top of that assembly and i'm still receiving the error, would would / should i try next? the web.config?
0
 
LVL 74

Expert Comment

by:käµfm³d 👽
ID: 36525489
I'm afraid I am at a loss as I have not had much call for monkeying with this stuff. Please hold out for someone more versed in this subject.

Sorry I couldn't help  : \
0
 
LVL 1

Author Comment

by:mikesExpertExchange
ID: 36525753
no problem thanks for your help it did get me farther along and i actually got the problem solved...:-)
0
 
LVL 1

Author Closing Comment

by:mikesExpertExchange
ID: 36525757
this was the root of my solution
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now