IIS security issue

WJunior

Member
Joined
Mar 27, 2006
Messages
6
Programming Experience
3-5
Same situation

I have a similar situation,

I'm running my application through IIS.

this is my code:

<Assembly: AssemblyKeyFileAttribute("C:\Documents and Settings\Marc-An\My Documents\Projet\Training Program\Web\AccentWeb\sgKey.snk")>
PublicClass frmAccentAccess
Inherits System.Windows.Forms.Form



PrivateSub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdCancel.Click
Me.Close()
EndSub

PrivateSub cmdOk_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdOk.Click
Dim appDir AsString = Directory.GetCurrentDirectory()
Me.Text = appDir
EndSub

End
Class

It give the following error:
Request for the permission of type
Syste.Security.Permission.FileIOPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.

any clear and explicit help would be very appreciated.

thank you.
 
Hi

It looks like the trust level for your web app is not allowing you to access the directory you've specified.

To check this, change trust element in web.config to <trust level = "Full" />

Now run the app. If there are no errors, then we know that the trust level is stopping you from accessing the directory.

Before changing the trust level back, use a response.write statement to output the name of the current directory to the screen. This will tell us which directory we are accessing.

You now have two options for making this work:
create a new, customised security configuration file that allows the application to access the directory specified;
place the code that accesses the file into the GAC and make an assert statement.

I'd recommend the first option, as the second option has security risks and many other complications.

Here are a couple of links with recommendations for both options:

http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnnetsec/html/THCMCh09.asp#c09618429_006

http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnnetsec/html/HTCustEncr.asp

There's plenty of information here for modifying the security configuration files.

Hope this helps

Chris Seary

http://blog.searyblog.com/
 
Thanks for the reply but,

as it is mention above, it is a windows application running through IIS. i dont have any web.config file. If i need one I'm gonna have to create it.

The dirrectory it tries to access is c:\Inetpub\wwwroot, which is the home of my IIS.

the application is written in vb.net.

thank you
 
Hi WJunior

Go to the Start/Programs/Administrative Tools/Microsoft .Net Framework Configuration.

Go to the Runtime Security Policy

Open the Machine node

Open the All_Code code group.

Change the permission set to Full Trust.

What's happening is that the CLR is seeing your app as coming from one of the zones other than MyComputer (local intranet, internet, restricted, trusted).

I suggest you check which of these zones your app is seen by the runtime as coming from (look at the security page in IE). Then create a new code group to give your app the necessary permissions based on a strong name key - this is better than giving all code full trust.

Hope this helps
 
Hi,

I try the solutin above, but i still have the same error.

I don't know what to do.

I just want my application to be run on the net from a IIS.

I made a test with this little app. It seem there is a point I'm missing.

thank you for you time.
 
I forgot to mention.

The computer trying to execute the application is the same computer running IIS.

maybe it makes a difference.
 
more info

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text **************
System.Security.SecurityException: Request for the permission of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
at AccentWeb.frmAccentAccess.cmdOk_Click(Object sender, EventArgs e)
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

************** Loaded Assemblies **************
mscorlib
Assembly Version: 1.0.3300.0
Win32 Version: 1.0.3705.0
CodeBase: file:///c:/windows/microsoft.net/framework/v1.0.3705/mscorlib.dll
----------------------------------------
System.Drawing
Assembly Version: 1.0.3300.0
Win32 Version: 1.0.3705.0
CodeBase: file:///c:/windows/assembly/gac/system.drawing/1.0.3300.0__b03f5f7f11d50a3a/system.drawing.dll
----------------------------------------
System
Assembly Version: 1.0.3300.0
Win32 Version: 1.0.3705.0
CodeBase: file:///c:/windows/assembly/gac/system/1.0.3300.0__b77a5c561934e089/system.dll
----------------------------------------
RegexAssembly80_0
Assembly Version: 0.0.0.0
Win32 Version: n/a
CodeBase:
----------------------------------------
IEExecRemote
Assembly Version: 1.0.3300.0
Win32 Version: 1.0.3705.0
CodeBase: file:///c:/windows/assembly/gac/ieexecremote/1.0.3300.0__b03f5f7f11d50a3a/ieexecremote.dll
----------------------------------------
AccentWeb
Assembly Version: 1.0.2279.38216
Win32 Version: n/a
CodeBase: http://localhost/AccentWeb.exe
----------------------------------------
System.Windows.Forms
Assembly Version: 1.0.3300.0
Win32 Version: 1.0.3705.0
CodeBase: file:///c:/windows/assembly/gac/system.windows.forms/1.0.3300.0__b77a5c561934e089/system.windows.forms.dll
----------------------------------------
System.Xml
Assembly Version: 1.0.3300.0
Win32 Version: 1.0.3705.0
CodeBase: file:///c:/windows/assembly/gac/system.xml/1.0.3300.0__b77a5c561934e089/system.xml.dll
----------------------------------------
Microsoft.VisualBasic
Assembly Version: 7.0.3300.0
Win32 Version: 7.00.9466
CodeBase: file:///c:/windows/assembly/gac/microsoft.visualbasic/7.0.3300.0__b03f5f7f11d50a3a/microsoft.visualbasic.dll
----------------------------------------
************** JIT Debugging **************
To enable just in time (JIT) debugging, the config file for this
application or machine (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.
For example:
<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>
When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the machine
rather than being handled by this dialog.
 
Hi WJunior

This is a different error - a securitypermission instead of a fileiopermission.

Could you give a more full description of the application? How is it launched from IIS, where are the files are located etc.

Cheers
 
application description

The application is very basic.

I create it to familiarize myself with security permission for another project.

The application is suppose to retrieve the path from where it is executed and display it in the form title.

It do nothing more than that.

this is the line of code causing the error:
Dim appDir AsString = Directory.GetCurrentDirectory()

For testint purposes I run the app from IIS in the browse page of my server.

thank you
 
Forced thread split to new thread in ASP.Net Security forum. (was hijacked VB.Net Security thread)
 
Back
Top