Solved

How do i set my web.config so that one of my assemblies will allow partially trusted callers?

Posted on 2011-09-12
8
828 Views
Last Modified: 2012-05-12
I've uploaded my (VS 2010 ASP .NET 3.5 [C#]) web application / site to goDaddy. I'm exeriencing a System.Security.SecurityException, and I need to set my web.config so that an assembly will allow partially trusted callers. How / where do I set / configure this in my web.config. All of the examples I've seen only show snippets of the web.config and I'm still getting errors etc. So If someone can point me to an example of a complete web config so I can see exactly what section this <trustlevel> needs to go in, it would be appreciated. I'm including my current web.config file so please feel free to drop it right in there if you'd like.

<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\vx.x\Config 
-->
<configuration>
  <!--<system.web>
    <customErrors mode="Off"/>
    <compilation debug="true"/>
  </system.web>-->

  <configSections>
    <section name="exceptionHandling"
     type="Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Configuration.ExceptionHandlingSettings,
     Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=5.0.414.0, Culture=neutral,
     PublicKeyToken=31bf3856ad364e35" />

    <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup,
      System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

      <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions,
      Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

        <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
        requirePermission="false" allowDefinition="MachineToApplication"/>

          <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

          <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="Everywhere"/>

          <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="MachineToApplication"/>

          <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="MachineToApplication"/>

          <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection,
          System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
          requirePermission="false" allowDefinition="MachineToApplication"/>

        </sectionGroup>

      </sectionGroup>

    </sectionGroup>

  </configSections>

  <appSettings>
    <add key="SuperManRoleName" value="QUSuperMan"/>
  </appSettings>

  <exceptionHandling>
    <exceptionPolicies>
      <add name="GeneralException">
        <exceptionTypes>
          <add type="System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
          postHandlingAction="NotifyRethrow" name="Exception">
            <exceptionHandlers>
              <add type="StudyTimeTracker.Enterprise.ExceptionHandling.SqlCustomExceptionHandler,
              StudyTimeTracker.Enterprise,
              Version=1.0.0.0, Culture=neutral, PublicKeyToken=08a7298f29b59f5a" name="Custom Handler" /> 
            </exceptionHandlers>
          </add>
        </exceptionTypes>
      </add>
      <add name="CriticalException">
        <exceptionTypes>
          <add type="System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
          postHandlingAction="NotifyRethrow" name="Exception">
            <exceptionHandlers>
              <add type="StudyTimeTracker.Enterprise.ExceptionHandling.SqlCustomExceptionHandler, 
              StudyTimeTracker.Enterprise,
              Version=1.0.0.0, Culture=neutral, PublicKeyToken=08a7298f29b59f5a" name="Custom Handler" />
            </exceptionHandlers>
          </add>
        </exceptionTypes>
      </add>
    </exceptionPolicies>
  </exceptionHandling>

  <connectionStrings>
    <add name="SQLExpress" connectionString="Data Source=.\sqlexpress;Initial Catalog=myCatalog;
    User=myUserID;Password=mypassword" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->

    <customErrors mode="Off"/>
    <compilation debug="true">
      <assemblies>
        <!--<add assembly="Microsoft.Office.Interop.Excel, Version=12.0.0.0, Culture=neutral,
          PublicKeyToken=71E9BCE111E9429C"/>-->
        <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral,
          PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
    </compilation>
    <authentication mode="Forms">
      <!--<forms loginUrl="~/Admin/Login.aspx" defaultUrl="~/Default.aspx"/>-->
      <!--<forms loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx"/>-->
    </authentication>
    <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <pages>
      <controls>
        <add tagPrefix="ajaxToolkit" namespace="AjaxControlToolkit" assembly="AjaxControlToolkit"/>
        <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0,
          Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0,
          Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </controls>
    </pages>

    <roleManager enabled="true" defaultProvider="DefaultRoleProvider" cacheRolesInCookie="true"
      cookieName=".ASPROLES">
      <providers>
        <add name="DefaultRoleProvider" type="System.Web.Security.SqlRoleProvider"
          applicationName="studytimetrackerprime" connectionStringName="SQLExpress"/>
        <!--<add name="XmlProvider" dataStorePath="App_Data" type="XmlProviders.XmlRoleProvider"
              applicationName="magnumproducts.com"/>-->
      </providers>
    </roleManager>

    <membership defaultProvider="DefaultMembershipProvider">
      <providers>
        <add name="DefaultMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
          requiresQuestionAndAnswer="false" minRequiredNonalphanumericCharacters="0"
          applicationName="studytimetrackerprime" connectionStringName="SQLExpress"/>
        <!--<add name="XmlProvider" type="XmlProviders.XmlMembershipProvider" dataStorePath="App_Data"
              applicationName="magnumproducts.com" enablePasswordRetrieval="false" enablePasswordReset="true"
              requiresQuestionAndAnswer="true" requiresUniqueEmail="true" passwordFormat="Hashed"
              maxInvalidPasswordAttempts="3" passwordAttemptWindow="5"/> -->
      </providers>
    </membership>

    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false"
        type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
        PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>

    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0,
        Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>

  </system.web>
  <!--<location path="UsersAndRoles.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="AddStudent.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>-->
  <location path="RoleBasedAuthorization.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="ChangePassword.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <!--<location path="Default.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>-->
  <location path="Admin/EditAccount.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Users.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Admin/Login.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <allow users="?"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Admin/PasswordRecovery.aspx" allowOverride="true">
    <system.web>
      <authorization>
        <allow users="?"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
  <!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
  <system.webServer>
    <httpErrors errorMode="Detailed"/>
    <asp scriptErrorSentToBrowser="true"/>
    <validation validateIntegratedModeConfiguration="false"/>

    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule,
        System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>

    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode"
        type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0,
        Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode"
        type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0,
        Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode"
        type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
        PublicKeyToken=31BF3856AD364E35"/>
    </handlers>

  </system.webServer>

  <system.codedom>
      <compilers>
        <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider, System,
          Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
          <providerOption name="CompilerVersion" value="v3.5"/>
          <providerOption name="WarnAsError" value="false"/>
      </compiler>

        <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider,
          System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
          <providerOption name="CompilerVersion" value="v3.5"/>
          <providerOption name="OptionInfer" value="true"/>
          <providerOption name="WarnAsError" value="false"/>
      </compiler>

    </compilers>
  </system.codedom>

  <runtime>
    <assemblyBinding appliesTo="v2.0.50727" xmlns="urn:schemas-microsoft-com:asm.v1">

      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>

      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>

    </assemblyBinding>
  </runtime>

</configuration>

Open in new window

0
Comment
Question by:mikesExpertExchange
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 75

Accepted Solution

by:
käµfm³d   👽 earned 500 total points
ID: 36524539
Does it need to be in web.config? I'm looking at my copy of .NET Framework 2.0 Application Development Foundation and it shows adding an assembly attribute to permit such behavior:

[assembly:AllowPartiallyTrustedCallers]

Open in new window

0
 
LVL 1

Author Comment

by:mikesExpertExchange
ID: 36524570
maybe that's where i need to put it. where would it go in my class?
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 36524601
I haven't played around with assembly attributes much, but I believe they go outside of any namespace declarations. The only place I've ever really seen them is in the AssemblyInfo class. For example, here is what a default AssemblyInfo might look like:

using System.Reflection;
using System.Runtime.InteropServices;

// General Information about an assembly is controlled through the following 
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("27303809")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("Company")]
[assembly: AssemblyProduct("27303809")]
[assembly: AssemblyCopyright("Copyright © Company")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]

// Setting ComVisible to false makes the types in this assembly not visible 
// to COM components.  If you need to access a type in this assembly from 
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]

// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("9d77b858-886f-4cba-8ac4-df2d1870203e")]

// Version information for an assembly consists of the following four values:
//
//      Major Version
//      Minor Version 
//      Build Number
//      Revision
//
// You can specify all the values or you can default the Build and Revision Numbers 
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

Open in new window


Perhaps tacking it on within that file will suffice.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 36524628
If you're not familiar, the AssemblyInfo.cs file can be found under the Properties folder in the Solution Explorer.
untitled.PNG
0
 
LVL 1

Author Comment

by:mikesExpertExchange
ID: 36524898
yes, i did find it there. thanks. so if i've added the directive at the top of that assembly and i'm still receiving the error, would would / should i try next? the web.config?
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 36525489
I'm afraid I am at a loss as I have not had much call for monkeying with this stuff. Please hold out for someone more versed in this subject.

Sorry I couldn't help  : \
0
 
LVL 1

Author Comment

by:mikesExpertExchange
ID: 36525753
no problem thanks for your help it did get me farther along and i actually got the problem solved...:-)
0
 
LVL 1

Author Closing Comment

by:mikesExpertExchange
ID: 36525757
this was the root of my solution
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question